[Linux] Linux Security Question...US Government - C2 level
security
Carl C.
carlc@iname.com
Wed, 05 Jul 2000 20:41:23 -0400
At 08:26 PM 7/5/00 -0400, you wrote:
>
>Linux is not C2. You can no have a C2 os as the color book certs apply
>only to whole SYSTEMS. I'm not sure if a Linux system has ever been C2
>certed (they don't perform the testing anymore), but it does have
>(most?) the required features (SAK, etc)..
>
>Does your org use NT? If it's >3.51, has a floppy disk drive, or a network
>card then it's not C2 either. :)
Let me ask this, and Bill Mooney if your out there, help me out. I KNOW
OpenVMS is C2 compliant but a network card would stop that? How?
The government has been and still does run OpenVMS for C2 and higher
(with the added security modules, I think it goes into the B class).
I seem to remember (and I know someone will tell me how I'm wrong ;) )
that C2 was a set of rules for data movement and checking. For instance,
ACLs are required. Group/World accesses, things like that. So wouldn't
Linux still have a chance at this?
Or can someone direct all of us to a good URL, even if it ends in
.gov? (Sort of like "Hi, I'm from the Government and I'm here to help).
Many thanks,
Carl (Possibly the only C2 security webhost ISP in town?).
=====================
http://www.carlc.com/
"Price, Performance, Quality. Choose any two you like."