security levels, V.4
Brian Beattie
beattie at visenix.UUCP
Mon Dec 3 18:17:58 AEST 1990
In article <1990Nov30.145545.29792 at murdoch.acc.Virginia.EDU> Ran Atkinson <randall at Virginia.EDU> writes:
>
>If folks dislike C2, they will be much more unhappy with B2. I on the other
>hand prefer at least a B1 system because it is much safer from breakins
B1 is no more resitant to breakins than C2.
in fact the C2 requirements for I&A (login and password)
are the same as for B2.
A properly administered C1 system is
as safe from _breakin_ as a B2 system.
The extra requirements for B1 and B2 are for
labeling of data and are required to prevent
users with accounts from accessing data improperly
not for preventing unauthorized access to the machine.
It is a common misconception that the higher the rating
the more secure the system is from breakin, this is
generally not the case.
>and such. I'll not bore folks with the differences between C2 and B1 or B2;
>if you want to know more, go read the Orange Book.
>
> Ran
> randall at Virginia.EDU
--
It is easier to build a | Brian Beattie (703)471-7552
secure system than it is | 11525 Hickory Cluster, Reston, VA. 22090
to build a correct system.|
M. Gasser | ...uunet!visenix!beattie
More information about the Comp.unix.sysv386
mailing list