Microsoft recently got C2-security status approved for Windows NT by the National Computer Security Center, a division of the NSA. They are supposed to put systems through "laborious testing and review" before they approve C2. So, if one can find bugs in NT's security, one can toss a little more egg on the NSA's face and the sham that part of their activies to *help* to secure american computers. A simple violation of NT's C2 status would be to demostrate a flaw in it's memory protection implementation. Personally, I think NT is *riddled* with bugs waiting to be discovered. Hell, even the NT "service pack" is included in the C2 status, which I bet has plenty of holes. If Cypherpunks can find flaws that the NSA can't, or won't divulge, what does that say about their so-called COMSEC ability. -Ray
It should be possible to FOIA the evaluation that led to the C2 status on this. That would be one good avenue to start looking at it. At the end of the process there should be a document that shows how the OS meets each of the C2 requirments and what aspects of the software were considered as well. Things like the state the OS was running under at the time, (network vs. non-network etc.) are important considerations in evaluations. And I would not be too surprised at all if the "C2" designation was relativly bogus. This sort of thing can get much like the anti-crypto crowds arguments. Highly political with little basis in rationality. Since I've seen stuff like a ported version of Unix's "ps" utility, and know NT runs a microkernel, I can think of a hell of allot of ways it'd be possible to fail it right out of the box... Considering that it has the cpacity to do all sorts of network stuff, including FTP & the like, I wonder how the hell they passed any audit requirements. Probably a "Well it runs in a single user model, we don't need to have strong audit requirments". My point basicly being that I would consider the C2 designation for this to be broken coming out of the box unless I saw proof that it was otherwise. To operate it in a C2 required environment without consideration of how & under what conditions the rating was achived would be criminaly irresponsible. Tim Scanlon ________________________________________________________________ tfs@vampire.science.gmu.edu (NeXTmail, MIME) Tim Scanlon George Mason University (PGP key avail.) Public Affairs I speak for myself, but often claim demonic possession
Ray writes:
Microsoft recently got C2-security status approved for Windows NT by the National Computer Security Center, a division of the NSA.
Do you have a pointer to a source for this information ? I've been searching through NCSC Orange Book stuff and M$'s web server, to no avail. http://www.microsoft.com/BackOffice/techbriefs/tech4000.htm, the Win NT Server 3.5 Technology Brief, only says that NT was in the final evaluation phase as of June 1995. I haven't been able to find on-line copies of any NCSC Product Evaluation Bulletins, or a current Evaluated Products List. The closest I've seen is http://www.itd.nrl.navy.mil:80/ITD/5540/xtp1/epl.html, which lists items evaluated or under evaluation, at the A and B levels. The status of NT's evaluation for C2 is a recurrent topic on the firewalls list, so I'm surprised I haven't seen the final approval mentioned there. -Futplex <futplex@pseudonym.com>
Microsoft recently got C2-security status approved for Windows NT by the National Computer Security Center, a division of the NSA. They are supposed to put systems through "laborious testing and review" before they approve C2.
Well yes and no, C2 is not a particularly high security rating. It is also a fairly obsolete set of requirements. So if anyone is to claim a breach of a C2 system it had better be one within the C2 assurances, not something that is only covered in the B series criteria. What really matters is the combined criteria which should have/would have emerged from NIST had the issue of harmonising the US/Canadian criteria with the European ones turned up. As a cypherpunks aside we reviewed the orange book criteria in a reading group here at MIT a few months back. One point that was made was that Orange Book does not consider cryptographic security systems which was generally considered a disappointment. Obviously Windows NT is "fair game" for analysis. Remember however that it is an established operating system and that there are many people who rely on it. I think that if people want to go down that route they should start by establishing a contacts with CERT and Microsoft in order to make sure that people whose businesses depend on the security of their O/S are not compromised. You may well find that Microsoft is willing to give you free copies of WNT to do this type of work on. I think that this would be a really good project. The more independent analysis of an operating system that takes place the more confidence people can place in it. Windows NT is in many ways a descendent of VMS which has a very good security record. There is no reason why Windows NT should not mature to that level of security. It was built with security in mind after all, unlike UNIX sitation security was never more than an afterthought and often merely wishfull thinking. There are an awful lot of WNT seats out there already. I expect them to outnumber UNIX very soon. The only thing that is holding it back is the relatively small size of the userbase compared to windows and the resources required to run it. WNT requires similar CPU and memory to UNIX which is hardly suprising since it is doing very much the same thing. I would suggest however that the project is structured and coordinated in some fashion. Someone should keep a list of security concerns that have been addressed and checked. That list should have some structure such as a division into the main risk categories (Authenticity, confidentiality, Service) so that people can get a feel for how thoroughly the space is being searched. Later on that list is likely to be one of the most valuable end results of such a project. Phill
participants (4)
-
futplex@pseudonym.com -
hallam@w3.org -
Ray Cromwell -
Tim Scanlon