Microsoft's papers on NT C2 thang
Rich Graves
llurch at networking.stanford.edu
Fri Jan 12 18:13:40 PST 1996
[Oops, signature is only valid if the > 80 column line is preserved]
-----BEGIN PGP SIGNED MESSAGE-----
I'd appreciate it if someone could critique these papers for me, probably
off the list.
[Note that 198.105.232.5 is just one of the IP addresses being
load-balanced by www.microsoft.com. The servers seem to crash a lot with
the current Gibraltar beta, so if one IP address doesn't work (like .5
isn't responding to pings right now), try another and it will work.]
- -rich
- ---------- Forwarded message ----------
Date: 12 Jan 1996 11:22:38 -0600
From: Richard P. Bainter <pug at arlut.utexas.edu>
Newgroups: comp.security.misc, alt.security,
comp.os.ms-windows.networking.misc,
comp.os.ms-windows.networking.windows,
comp.os.ms-windows.nt.admin.networking
Subject: Re: Microsoft continues to mislead public about Windows security bugs (a bit long, with references)
In article <t6d9w0JfFigb089yn at oslonett.no>,
Rune Moberg <mobergru at oslonett.no> wrote:
>>This is true. In fact NT was never C2-certified as any kind of network
>>server at all, but only as a standalone workstation.
>I read a statement made by MS, that it doesn't matter, because if NT is
>proved to be C2 secure in a standalone configuration, then it's secure
>on the network as well.
You believe everything MS tells you?! How naive.
>C2 security, AFAIK, also requires that the server is protected (controlled
>access). Once you have physical access to a machine, you could open it,
>put in a floppy or hard drive, and access anything you'd like to on the
>machine in question (with a disk editor, or with a fresh installation of
>the OS in question). Atleast that's the only way I can think of to break in
>on a NT Server.
Otay, let me see. The server is protected if you aren't hooked up to a
network. That implies *nothing* about the fact when a network is plugged
into it. If I'm sitting at the console and have to enter a password to
do things, doesn't mean I have to enter one from the network when I
mount the entire disk. (Even if that is not the true case.)
There are orange, red and blue books. This is all well pointed out on:
http://www.windows.microsoft.com/TechNet/boes/bo/winntas/technote/security.htm
What has Microsoft actually passed? I had heard it was only Orange book
C2 and not Red book C2.
Micrsoft also points it out on:
http://198.105.232.5/NTServer/c2bltn.htm
Ciao,
- --
Richard Bainter Mundanely | OS Specialist - OMG/CSD
Pug Generally | Applied Research Labs - U.Texas
pug at arlut.utexas.edu | pug at eden.com | {any user}@pug.net
Note: The views may not reflect my employers, or even my own for that matter.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMPcRpI3DXUbM57SdAQFbWgP9HrpdsuC/p3iURubYobgXRXlvlmrRgJot
5kDBCOrDHRtyjXQj7n0CLU6TsEpTLR2ZfTGNUrKoc2lE1q0+PSzF4WpOyywNKULw
StB8d+0n0NPuN2Bcbb7mO0M0VbE9khL5CYrcfWB5FR6JPfXU18cfSTXCROgGu4U9
ASvbxOkVLeM=
=L7so
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list