Windows NT4.0 has been tested under the red book spec published by the NCSC. That means in effect, NT is C2 compliant in a stand alone environment. Howver, NT does NOT comply with the orange book spec which defines additional requirements when the machine is used in a networked environment. It *IS* possible for an operating system that is on a networked machine to be C2(Orange Book) compliant. Microsoft has never stated that it is C2 compliant on a network, however their page about C2 and NT is poorly worded, and effectively discounts the importance of the Orange Book spec.
Do you know the Redbook specs? From my understanding of the specs to have a C2 rateing you can't have a NIC card or Disk Drive. But I think you can have a NIC card in the machine connected to a network that is enrycpted network. But I could be wrong but I don't forget most of what I read..
It would be fun to get ahold of the specs from the NCSC.
You have this backward,
The "Red Book": NCSC-TG-005 "Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria"
The "Orange Book": DOD 5200.28-STD "DOD Trusted Computer System Evaluation Criteria"
A NT machine to meet DOD 5200.28 C2 rating needs to be seriously crippled when comapired to normal operation. No removable media, No Modem, No Network Connection, hell pluging the dam thing and turning it on probably puts it's C2 rating in jepordy.
The reason M$ downplays their C2 rating is that in average day to day use of this OS it does not meet this rating.
NT has never had any RedBook rating and is not certified for use in a secure network. MS is haveing problems meeting the standards and they have alot of work to do on NT when it comes to Secuirty. Any was see MSN.com today?
|)ark |(night DEFINITION. Windows 95: n. 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor, written by a 2 bit company, that can't stand 1 bit of competition. Http://www.EliteHackers.org/DarkKnight