Re: [SLE] Linux and the C2 security rating
I thought this was old news? I believe that NT 4.0 is rated C2 secure, but only in a specific configuration. The catch about those security ratings and linux is that I believe someone has to pay to get the OS evaluated. (Actually the whole configuration, not just the OS but the hardware also) From: Paul Greene <tiempos@cwp.net.pa> on 01/14/2000 01:58 PM To: suse-linux-e@suse.com cc: Client: Subject: [SLE] Linux and the C2 security rating Hello to all; I was just reading that Windows NT 4.0 has received a "C2" security rating from the NSA. Has any computer loaded with Linux ever received such a rating? It would seem that this would be a great credential to have when comparing NT and Linux to a big potential corporate buyer. Has any Linux vendor ever applied for such a thing? (I realize it's a long and lengthy process to go through, but it would seem to be a great selling point on the Linux resume.) Regards, Paul Greene -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
At 02:08 p.m. 14/01/00 -0600, you wrote:
I thought this was old news? I believe that NT 4.0 is rated C2 secure, but only in a specific configuration. The catch about those security ratings and linux is that I believe someone has to pay to get the OS evaluated. (Actually the whole configuration, not just the OS but the hardware also)
You're thinking of NT 3.51. NT 3.51 got it in '95. NT 4.0 just recently got the C2 rating, like in the last few months. (I was just reading this last night and have been trying to find the reference for it, but can't find it offhand.) You're right, it is an evaluation of not only the OS but the whole package. However, getting back to the original point, it would be nice to have at least one Linux system submitted for testing, just so that the Linux community can say to the NT crowd "whoop dee doo, Linux also has achieved the C2 status; so what if NT has it" Paul Greene
From: Paul Greene <tiempos@cwp.net.pa> on 01/14/2000 01:58 PM
To: suse-linux-e@suse.com cc: Client: Subject: [SLE] Linux and the C2 security rating
Hello to all;
I was just reading that Windows NT 4.0 has received a "C2" security rating from the NSA.
Has any computer loaded with Linux ever received such a rating? It would seem that this would be a great credential to have when comparing NT and Linux to a big potential corporate buyer.
Has any Linux vendor ever applied for such a thing? (I realize it's a long and lengthy process to go through, but it would seem to be a great selling point on the Linux resume.)
Regards,
Paul Greene
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Paul Greene wrote:
At 02:08 p.m. 14/01/00 -0600, you wrote:
I thought this was old news? I believe that NT 4.0 is rated C2 secure, but only in a specific configuration. The catch about those security ratings and linux is that I believe someone has to pay to get the OS evaluated. (Actually the whole configuration, not just the OS but the hardware also)
You're right, it is an evaluation of not only the OS but the whole package.
However, getting back to the original point, it would be nice to have at least one Linux system submitted for testing, just so that the Linux community can say to the NT crowd "whoop dee doo, Linux also has achieved the C2 status; so what if NT has it"
IBM would be an obvious outfit to push for C2 certification for Linux. The cost would be pocket change to them, and they're now starting to push Linux pretty vigorously. Paul -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Paul Greene wrote:
At 02:08 p.m. 14/01/00 -0600, you wrote:
I thought this was old news? I believe that NT 4.0 is rated C2 secure, but only in a specific configuration. The catch about those security ratings and linux is that I believe someone has to pay to get the OS evaluated. (Actually the whole configuration, not just the OS but the hardware also)
You're thinking of NT 3.51. NT 3.51 got it in '95.
What is truly amazing is that Microsoft puts the certification on their web site, with references to the actual certification on a gov't web site. If you read the pdf documents, you will see that NT 3.5 is certified C2, but only if the networking interfaces are disabled. This is on the MS site: http://www.microsoft.com/security/issues/c2summary.asp If you look at the NT 4.0 certification URLs, you'll get another laugh: http://www.microsoft.com/security/issues/addcorrectURLhere.asp ^^^^^^^^^^^^^^^^^ (No kidding?) And we are expected to believe this company is credible? Incredible, if you ask me. -- George Toft http://www.georgetoft.com -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (4)
-
abrahams@mbs.valinet.com -
grtoft@yahoo.com -
mmnelson@hewitt.com -
tiempos@cwp.net.pa