SCO doesn't sell UNIX
John F Haugh II
jfh at rpp386.cactus.org
Thu Dec 13 13:20:30 AEST 1990
In article <876 at visenix.UUCP> beattie at visenix.UUCP (Brian Beattie) writes:
>In article <18804 at rpp386.cactus.org> jfh at rpp386.cactus.org (John F Haugh II) writes:
>-Technically speaking, there is no such thing as a secure distributed
>
>Bzzzzzzzt I'm sorry but that is not correct. :-)
>
>-system. The Orange Book does not address network O/S's and once you
>-connect your machine to another, all bets were off.
>
>It is The Red Book disscusses this issue.
>
>Although John is correct with respect to the Orange Book, in that if
>you have an ethernet or a modem or a pad or the like your system is
>outside the scope of the Orange Book. That is not to say that it is
>insecure, just that it does not meet the requirements of a TCB (Trusted
>Computing Base) as described in the Orange Book.
As far as I know, the NCSC has =never= formally evaluated a system
using the Red Book. For network stuff I use the Red Book as I guide,
but I don't believe that it is the authoritative answer on network
security. At least, not until someone has a system rated using the
criteria in there. I don't even know that anyone has ever submitted
a configuration for evaluation according to the Red Book.
I am sure someone will correct me if I am wrong, but none of the
final evaluation reports I've read or seen listed refer to network
systems or the Red Book. I am not convinced that there will ever
be a heterogenous secure distributed system and I'm not so sure
homogenous is going to happen any time soon.
--
John F. Haugh II UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832 Domain: jfh at rpp386.cactus.org
More information about the Comp.unix.sysv386
mailing list