NSA Rigs Win NT to B

Rich Graves llurch at networking.stanford.edu
Mon Jan 8 18:27:03 PST 1996


On Tue, 9 Jan 1996, Anonymous wrote:

> including Top Secret.  Windows NT was originally designed
> with security in mind.  A NSA evaluation team has
> determined that Windows NT 3.5 with Service Pack 3
> satisfies all class C-2 security requirements.  B-level
> of security strengthens the C2 level security features
> while providing stricter system assurances.

This is misleading at best. Windows NT is certified C2 as a standalone
workstation only. It has not been tested or certified for networked
environments. The fact that NT lets you know when you have attempted a
login as a user does not exist, without asking for a password, would
clearly disqualify NT Server from a C2 rating in a network environment, 
at least when NetWare services are used. 

Real NetWare servers do qualify for a C2 rating. 

-rich
 owner-win95netbugs at lists.stanford.edu
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html






More information about the cypherpunks-legacy mailing list