At 04:53 AM 3/21/96 -0800, you wrote:
Basically, I'm now questioning the C2 rating of Windows NT. The entire security layer is modular to the Kernel. As a modular driver, it can be removed, rewritten, and replaced.
Good questioning.
So, what makes it secure? What gives it the C2 Rating? How would one go about getting a C2 rating?
The fine print says its insecure as soon as its connected to a network.
Ain't nothing fine about that print. An operating system or piece of hardware may be C2 certifiable. But only a complete system in a specific configuration can be certified as C2 compliant. The way I read the orange book, no system with a network connection can ever be C2. For that matter a system can't get C2 unless it is in an area where you can control and monitor physical access to the system. So if you can't hack it over the wire, and you can't remove, rewrite and replace the kernel because you can't get near the keyboard what's the problem? dwl@hnc.com David Loysen 619-546-8877 x245