«

http://www.computerworld.com.au/inde...4194304;fpid;1

Always thought this rating system was over-rated....but anyway one less
piece of FUD.......

regards

Thing

In message <kjgjk4->, thingy wrote:

> http://www.computerworld.com.au/inde...4194304;fpid;1
>
> Always thought this rating system was over-rated....

But this is the successor to DoD Orange Book, isn't it? Which means it's
acceptable for various kinds of government and military purchases. Which is
no small thing.

Lawrence D'Oliveiro wrote:
> In message <kjgjk4->, thingy wrote:
>
>> http://www.computerworld.com.au/inde...4194304;fpid;1
>>
>> Always thought this rating system was over-rated....
>
> But this is the successor to DoD Orange Book, isn't it? Which means it's
> acceptable for various kinds of government and military purchases. Which is
> no small thing.

Hmmm, PHBs would be pleased....in reality just how much difference it
makes.....not so sure....I suspect not a lot.

regards

Thing

In message <khtjk4->, thingy wrote:

> Lawrence D'Oliveiro wrote:
>> In message <kjgjk4->, thingy wrote:
>>
>>> http://www.computerworld.com.au/inde...4194304;fpid;1
>>>
>>> Always thought this rating system was over-rated....
>>
>> But this is the successor to DoD Orange Book, isn't it? Which means it's
>> acceptable for various kinds of government and military purchases. Which
>> is no small thing.
>
> Hmmm, PHBs would be pleased....in reality just how much difference it
> makes.....not so sure....I suspect not a lot.

Nothing PHB about it, this is serious stuff, with the security of important
systems at stake. My copy of Pfleeger & Pfleeger, "Security in Computing"
3rd Ed, has a whole section (5.5) on "Assurance in Trusted Operating
Systems". Talks about the original US Orange Book specs, through European
ITSEC, then the US Combined Federal Criteria, to the Common Criteria which
seem to be used currently. Nothing wishy-washy about this: everything is
rigorously defined, so that the same product won't go through two different
evaluation facilities and come back with two different ratings.

thingy wrote:
> http://www.computerworld.com.au/inde...4194304;fpid;1
>
> Always thought this rating system was over-rated....but anyway one less
> piece of FUD.......
>
Yeah, but only on mainframes, but not Intel architectures....

Cheers,

Cliff

--

Have you ever noticed that if something is advertised as 'amusing' or
'hilarious', it usually isn't?

Lawrence D'Oliveiro wrote:
> In message <khtjk4->, thingy wrote:
>
>> Lawrence D'Oliveiro wrote:
>>> In message <kjgjk4->, thingy wrote:
>>>
>>>> http://www.computerworld.com.au/inde...4194304;fpid;1
>>>>
>>>> Always thought this rating system was over-rated....
>>> But this is the successor to DoD Orange Book, isn't it? Which means it's
>>> acceptable for various kinds of government and military purchases. Which
>>> is no small thing.
>> Hmmm, PHBs would be pleased....in reality just how much difference it
>> makes.....not so sure....I suspect not a lot.
>
> Nothing PHB about it, this is serious stuff, with the security of important
> systems at stake. My copy of Pfleeger & Pfleeger, "Security in Computing"
> 3rd Ed, has a whole section (5.5) on "Assurance in Trusted Operating
> Systems". Talks about the original US Orange Book specs, through European
> ITSEC, then the US Combined Federal Criteria, to the Common Criteria which
> seem to be used currently. Nothing wishy-washy about this: everything is
> rigorously defined, so that the same product won't go through two different
> evaluation facilities and come back with two different ratings.
>
From the article:

"Red Hat Linux has been certified EAL4 Augmented with ALC_FLR.3 on IBM's
mainframe, System x, System p5 and eServer systems."

I don't see Intel architectures in there.

Cheers,

Cliff

--

Have you ever noticed that if something is advertised as 'amusing' or
'hilarious', it usually isn't?

Enkidu wrote:
> Lawrence D'Oliveiro wrote:
>> In message <khtjk4->, thingy wrote:
>>
>>> Lawrence D'Oliveiro wrote:
>>>> In message <kjgjk4->, thingy wrote:
>>>>
>>>>> http://www.computerworld.com.au/inde...4194304;fpid;1
>>>>>
>>>>>
>>>>> Always thought this rating system was over-rated....
>>>> But this is the successor to DoD Orange Book, isn't it? Which means
>>>> it's
>>>> acceptable for various kinds of government and military purchases.
>>>> Which
>>>> is no small thing.
>>> Hmmm, PHBs would be pleased....in reality just how much difference it
>>> makes.....not so sure....I suspect not a lot.
>>
>> Nothing PHB about it, this is serious stuff, with the security of
>> important
>> systems at stake. My copy of Pfleeger & Pfleeger, "Security in Computing"
>> 3rd Ed, has a whole section (5.5) on "Assurance in Trusted Operating
>> Systems". Talks about the original US Orange Book specs, through European
>> ITSEC, then the US Combined Federal Criteria, to the Common Criteria
>> which
>> seem to be used currently. Nothing wishy-washy about this: everything is
>> rigorously defined, so that the same product won't go through two
>> different
>> evaluation facilities and come back with two different ratings.
> >
> From the article:
>
> "Red Hat Linux has been certified EAL4 Augmented with ALC_FLR.3 on IBM's
> mainframe, System x, System p5 and eServer systems."
>
> I don't see Intel architectures in there.
>
Hold on, eServer is Intel.

Cheers,

Cliff

--

Have you ever noticed that if something is advertised as 'amusing' or
'hilarious', it usually isn't?

In article <467782ae$>,
Enkidu <> wrote:
>Enkidu wrote:
>>
>> "Red Hat Linux has been certified EAL4 Augmented with ALC_FLR.3 on IBM's
>> mainframe, System x, System p5 and eServer systems."
>>
>Hold on, eServer is Intel.

zSeries = Mainframe (was S/390)
iSeries = Midrange (was AS/400)
pSeries = Power (was RS/6000)
xSeries = X86 (blade servers etc)
eSeries = X86 (small business servers and desktops)

--
Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
"New interface closely resembles Presentation Manager,
preparing you for the wonders of OS/2!"
-- Advertisement on the box for Microsoft Windows 2.11 for 286

Lawrence D'Oliveiro wrote:
> In message <khtjk4->, thingy wrote:
>
>> Lawrence D'Oliveiro wrote:
>>> In message <kjgjk4->, thingy wrote:
>>>
>>>> http://www.computerworld.com.au/inde...4194304;fpid;1
>>>>
>>>> Always thought this rating system was over-rated....
>>> But this is the successor to DoD Orange Book, isn't it? Which means it's
>>> acceptable for various kinds of government and military purchases. Which
>>> is no small thing.
>> Hmmm, PHBs would be pleased....in reality just how much difference it
>> makes.....not so sure....I suspect not a lot.
>
> Nothing PHB about it, this is serious stuff, with the security of important
> systems at stake. My copy of Pfleeger & Pfleeger, "Security in Computing"
> 3rd Ed, has a whole section (5.5) on "Assurance in Trusted Operating
> Systems". Talks about the original US Orange Book specs, through European
> ITSEC, then the US Combined Federal Criteria, to the Common Criteria which
> seem to be used currently. Nothing wishy-washy about this: everything is
> rigorously defined, so that the same product won't go through two different
> evaluation facilities and come back with two different ratings.

In the real world.....there is a difference between effective and real
security and a document written by
gnomes/accountants/clerks....excessive administrative overhead leads to
entropy....

ie a system is the some of all its parts (a strategic view) and paying
too much attention to one (tactical) can often dis-advantage the
others....or slow it down so much it becomes irrelevant...

regards

Thing

In message <14rlk4->, thingy wrote:

> Lawrence D'Oliveiro wrote:
>> In message <khtjk4->, thingy wrote:
>>
>>> Lawrence D'Oliveiro wrote:
>>>> In message <kjgjk4->, thingy wrote:
>>>>
>>>>>
http://www.computerworld.com.au/inde...4194304;fpid;1
>>>>>
>>>>> Always thought this rating system was over-rated....
>>>> But this is the successor to DoD Orange Book, isn't it? Which means
>>>> it's acceptable for various kinds of government and military purchases.
>>>> Which is no small thing.
>>> Hmmm, PHBs would be pleased....in reality just how much difference it
>>> makes.....not so sure....I suspect not a lot.
>>
>> Nothing PHB about it, this is serious stuff, with the security of
>> important systems at stake. My copy of Pfleeger & Pfleeger, "Security in
>> Computing" 3rd Ed, has a whole section (5.5) on "Assurance in Trusted
>> Operating Systems". Talks about the original US Orange Book specs,
>> through European ITSEC, then the US Combined Federal Criteria, to the
>> Common Criteria which seem to be used currently. Nothing wishy-washy
>> about this: everything is rigorously defined, so that the same product
>> won't go through two different evaluation facilities and come back with
>> two different ratings.
>
> In the real world.....there is a difference between effective and real
> security and a document written by
> gnomes/accountants/clerks....

Those security specs were not written by gnomes/accountants/clerks.