security levels, V.4
Ran Atkinson
randall at Virginia.EDU
Sat Dec 1 01:55:45 AEST 1990
In article <1990Nov29.224243.2934 at ico.isc.com> rcd at ico.isc.com, Dick Dunn writes:
>aris at tabbs.UUCP (Aris Stathakis) writes:
>> Strange. I was under the impression that AT&T wouldn't let you
>> call your product UNIX V.4 unless you had at least B2 security.
>B2 is a higher level of security than C2. I'll leave it to the orange-book
>mavens to explain the differences; suffice it to say that if you think the
>flaming you've seen in this newsgroup about C2 is hot, you ain't seen
>nothin' yet.
>
>And no, B2 is not required for V.4. It's an option--I think MLS will take
>you to the B2 level.
Dick is correct. The MLS (Multi-level Security) option for Unix System V
is needed if you want a B2 system. Note that UNIX System V/MLS is actually
certified by NCSC as being a B2 system. I don't think that SCO ever actually
got their "C2" product certified by NCSC (who are the only folks who can
certify Orange Book conformance).
If folks dislike C2, they will be much more unhappy with B2. I on the other
hand prefer at least a B1 system because it is much safer from breakins
and such. I'll not bore folks with the differences between C2 and B1 or B2;
if you want to know more, go read the Orange Book.
Ran
randall at Virginia.EDU
More information about the Comp.unix.sysv386
mailing list