*BSD News Article 62198


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!olive.mil.adfa.oz.au!navmat.navy.gov.au!posgate.acis.com.au!warrane.connect.com.au!news.syd.connect.com.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!cs.utexas.edu!not-for-mail
From: dhs@cs.utexas.edu (Douglas H. Steves)
Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc
Subject: Re: need secure OS to entrust millions to
Date: 25 Feb 1996 10:26:17 -0600
Organization: CS Dept, University of Texas at Austin
Lines: 24
Message-ID: <4gq2j9$2g48@babyhuey.cs.utexas.edu>
References: <4gi6t6$3h9@lace.colorado.edu> <31304401.3341@pinsight.com>
NNTP-Posting-Host: babyhuey.cs.utexas.edu
Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:18064 comp.os.linux.misc:88628 comp.os.linux.networking:29759 comp.unix.bsd.freebsd.misc:14389 comp.unix.bsd.netbsd.misc:2329 comp.unix.bsd.bsdi.misc:2471

In article <31304401.3341@pinsight.com>,
Roy A. Gilmore <royg@pinsight.com> wrote:
>Banks need B1-B2 level security.  
No. Most of the functional differences at B1+ are related
to mandatory [sic] access controls, which is a DoD-ish
policy/fetish that doesn't apply to commercial environments.
A lot of the remainder are miscontrived and misconstrued 
software engineering fallacies that have nothing to do with
real security.

> Read the DoD's "Rainbow Series".
The pot at the end of the "Rainbow Series" doesn't contain gold.

>Must be "amateur hour" again.  Feel sorry for your customers...
Ditto.
More generally, I feel sorry for people that use systems designed
according to the NSA/NCSC misapprehensions in this area. Their
secure OS policies are almost as ludicrous as their crypto
policies, and just about as damaging.

>// America Online: RAGged Roy  //
Sorry - didn't realize *who* I was talking to.

Doug