RHEL5 achieves EAL4....for a standard OS no less...

Discussion in 'NZ Computing' started by thingy, Jun 19, 2007.

  1. thingy

    thingy Guest

    thingy, Jun 19, 2007
    #1
    1. Advertising

  2. Lawrence D'Oliveiro, Jun 19, 2007
    #2
    1. Advertising

  3. thingy

    thingy Guest

    Lawrence D'Oliveiro wrote:
    > In message <>, thingy wrote:
    >
    >> http://www.computerworld.com.au/index.php/id;306842912;fp;4194304;fpid;1
    >>
    >> Always thought this rating system was over-rated....

    >
    > But this is the successor to DoD Orange Book, isn't it? Which means it's
    > acceptable for various kinds of government and military purchases. Which is
    > no small thing.


    Hmmm, PHBs would be pleased....in reality just how much difference it
    makes.....not so sure....I suspect not a lot.

    regards

    Thing
     
    thingy, Jun 19, 2007
    #3
  4. In message <>, thingy wrote:

    > Lawrence D'Oliveiro wrote:
    >> In message <>, thingy wrote:
    >>
    >>> http://www.computerworld.com.au/index.php/id;306842912;fp;4194304;fpid;1
    >>>
    >>> Always thought this rating system was over-rated....

    >>
    >> But this is the successor to DoD Orange Book, isn't it? Which means it's
    >> acceptable for various kinds of government and military purchases. Which
    >> is no small thing.

    >
    > Hmmm, PHBs would be pleased....in reality just how much difference it
    > makes.....not so sure....I suspect not a lot.


    Nothing PHB about it, this is serious stuff, with the security of important
    systems at stake. My copy of Pfleeger & Pfleeger, "Security in Computing"
    3rd Ed, has a whole section (5.5) on "Assurance in Trusted Operating
    Systems". Talks about the original US Orange Book specs, through European
    ITSEC, then the US Combined Federal Criteria, to the Common Criteria which
    seem to be used currently. Nothing wishy-washy about this: everything is
    rigorously defined, so that the same product won't go through two different
    evaluation facilities and come back with two different ratings.
     
    Lawrence D'Oliveiro, Jun 19, 2007
    #4
  5. thingy

    Enkidu Guest

    thingy wrote:
    > http://www.computerworld.com.au/index.php/id;306842912;fp;4194304;fpid;1
    >
    > Always thought this rating system was over-rated....but anyway one less
    > piece of FUD.......
    >

    Yeah, but only on mainframes, but not Intel architectures....

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
     
    Enkidu, Jun 19, 2007
    #5
  6. thingy

    Enkidu Guest

    Lawrence D'Oliveiro wrote:
    > In message <>, thingy wrote:
    >
    >> Lawrence D'Oliveiro wrote:
    >>> In message <>, thingy wrote:
    >>>
    >>>> http://www.computerworld.com.au/index.php/id;306842912;fp;4194304;fpid;1
    >>>>
    >>>> Always thought this rating system was over-rated....
    >>> But this is the successor to DoD Orange Book, isn't it? Which means it's
    >>> acceptable for various kinds of government and military purchases. Which
    >>> is no small thing.

    >> Hmmm, PHBs would be pleased....in reality just how much difference it
    >> makes.....not so sure....I suspect not a lot.

    >
    > Nothing PHB about it, this is serious stuff, with the security of important
    > systems at stake. My copy of Pfleeger & Pfleeger, "Security in Computing"
    > 3rd Ed, has a whole section (5.5) on "Assurance in Trusted Operating
    > Systems". Talks about the original US Orange Book specs, through European
    > ITSEC, then the US Combined Federal Criteria, to the Common Criteria which
    > seem to be used currently. Nothing wishy-washy about this: everything is
    > rigorously defined, so that the same product won't go through two different
    > evaluation facilities and come back with two different ratings.
    >

    From the article:

    "Red Hat Linux has been certified EAL4 Augmented with ALC_FLR.3 on IBM's
    mainframe, System x, System p5 and eServer systems."

    I don't see Intel architectures in there.

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
     
    Enkidu, Jun 19, 2007
    #6
  7. thingy

    Enkidu Guest

    Enkidu wrote:
    > Lawrence D'Oliveiro wrote:
    >> In message <>, thingy wrote:
    >>
    >>> Lawrence D'Oliveiro wrote:
    >>>> In message <>, thingy wrote:
    >>>>
    >>>>> http://www.computerworld.com.au/index.php/id;306842912;fp;4194304;fpid;1
    >>>>>
    >>>>>
    >>>>> Always thought this rating system was over-rated....
    >>>> But this is the successor to DoD Orange Book, isn't it? Which means
    >>>> it's
    >>>> acceptable for various kinds of government and military purchases.
    >>>> Which
    >>>> is no small thing.
    >>> Hmmm, PHBs would be pleased....in reality just how much difference it
    >>> makes.....not so sure....I suspect not a lot.

    >>
    >> Nothing PHB about it, this is serious stuff, with the security of
    >> important
    >> systems at stake. My copy of Pfleeger & Pfleeger, "Security in Computing"
    >> 3rd Ed, has a whole section (5.5) on "Assurance in Trusted Operating
    >> Systems". Talks about the original US Orange Book specs, through European
    >> ITSEC, then the US Combined Federal Criteria, to the Common Criteria
    >> which
    >> seem to be used currently. Nothing wishy-washy about this: everything is
    >> rigorously defined, so that the same product won't go through two
    >> different
    >> evaluation facilities and come back with two different ratings.
    > >

    > From the article:
    >
    > "Red Hat Linux has been certified EAL4 Augmented with ALC_FLR.3 on IBM's
    > mainframe, System x, System p5 and eServer systems."
    >
    > I don't see Intel architectures in there.
    >

    Hold on, eServer is Intel.

    Cheers,

    Cliff

    --

    Have you ever noticed that if something is advertised as 'amusing' or
    'hilarious', it usually isn't?
     
    Enkidu, Jun 19, 2007
    #7
  8. thingy

    Don Hills Guest

    In article <467782ae$>,
    Enkidu <> wrote:
    >Enkidu wrote:
    >>
    >> "Red Hat Linux has been certified EAL4 Augmented with ALC_FLR.3 on IBM's
    >> mainframe, System x, System p5 and eServer systems."
    >>

    >Hold on, eServer is Intel.


    zSeries = Mainframe (was S/390)
    iSeries = Midrange (was AS/400)
    pSeries = Power (was RS/6000)
    xSeries = X86 (blade servers etc)
    eSeries = X86 (small business servers and desktops)

    --
    Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
    "New interface closely resembles Presentation Manager,
    preparing you for the wonders of OS/2!"
    -- Advertisement on the box for Microsoft Windows 2.11 for 286
     
    Don Hills, Jun 19, 2007
    #8
  9. thingy

    thingy Guest

    Lawrence D'Oliveiro wrote:
    > In message <>, thingy wrote:
    >
    >> Lawrence D'Oliveiro wrote:
    >>> In message <>, thingy wrote:
    >>>
    >>>> http://www.computerworld.com.au/index.php/id;306842912;fp;4194304;fpid;1
    >>>>
    >>>> Always thought this rating system was over-rated....
    >>> But this is the successor to DoD Orange Book, isn't it? Which means it's
    >>> acceptable for various kinds of government and military purchases. Which
    >>> is no small thing.

    >> Hmmm, PHBs would be pleased....in reality just how much difference it
    >> makes.....not so sure....I suspect not a lot.

    >
    > Nothing PHB about it, this is serious stuff, with the security of important
    > systems at stake. My copy of Pfleeger & Pfleeger, "Security in Computing"
    > 3rd Ed, has a whole section (5.5) on "Assurance in Trusted Operating
    > Systems". Talks about the original US Orange Book specs, through European
    > ITSEC, then the US Combined Federal Criteria, to the Common Criteria which
    > seem to be used currently. Nothing wishy-washy about this: everything is
    > rigorously defined, so that the same product won't go through two different
    > evaluation facilities and come back with two different ratings.


    In the real world.....there is a difference between effective and real
    security and a document written by
    gnomes/accountants/clerks....excessive administrative overhead leads to
    entropy....

    ie a system is the some of all its parts (a strategic view) and paying
    too much attention to one (tactical) can often dis-advantage the
    others....or slow it down so much it becomes irrelevant...

    regards

    Thing
     
    thingy, Jun 19, 2007
    #9
  10. In message <>, thingy wrote:

    > Lawrence D'Oliveiro wrote:
    >> In message <>, thingy wrote:
    >>
    >>> Lawrence D'Oliveiro wrote:
    >>>> In message <>, thingy wrote:
    >>>>
    >>>>>

    http://www.computerworld.com.au/index.php/id;306842912;fp;4194304;fpid;1
    >>>>>
    >>>>> Always thought this rating system was over-rated....
    >>>> But this is the successor to DoD Orange Book, isn't it? Which means
    >>>> it's acceptable for various kinds of government and military purchases.
    >>>> Which is no small thing.
    >>> Hmmm, PHBs would be pleased....in reality just how much difference it
    >>> makes.....not so sure....I suspect not a lot.

    >>
    >> Nothing PHB about it, this is serious stuff, with the security of
    >> important systems at stake. My copy of Pfleeger & Pfleeger, "Security in
    >> Computing" 3rd Ed, has a whole section (5.5) on "Assurance in Trusted
    >> Operating Systems". Talks about the original US Orange Book specs,
    >> through European ITSEC, then the US Combined Federal Criteria, to the
    >> Common Criteria which seem to be used currently. Nothing wishy-washy
    >> about this: everything is rigorously defined, so that the same product
    >> won't go through two different evaluation facilities and come back with
    >> two different ratings.

    >
    > In the real world.....there is a difference between effective and real
    > security and a document written by
    > gnomes/accountants/clerks....


    Those security specs were not written by gnomes/accountants/clerks.
     
    Lawrence D'Oliveiro, Jun 20, 2007
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. RObErT_RaTh

    I've been on less :(

    RObErT_RaTh, Oct 10, 2005, in forum: The Lounge
    Replies:
    94
    Views:
    5,719
    The Modfather
    Nov 12, 2005
  2. =?Utf-8?B?Y2VudHVyaWFu?=

    driver irql not less or equal

    =?Utf-8?B?Y2VudHVyaWFu?=, Mar 10, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    6,661
    Pavel A.
    Mar 11, 2005
  3. =?Utf-8?B?S3VlMg==?=

    access is denied on wire-less computer

    =?Utf-8?B?S3VlMg==?=, May 16, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    496
    =?Utf-8?B?S3VlMg==?=
    May 16, 2005
  4. Shane

    RHEL5

    Shane, Apr 10, 2006, in forum: NZ Computing
    Replies:
    26
    Views:
    1,221
    Shane
    Apr 13, 2006
  5. Giuen
    Replies:
    0
    Views:
    1,018
    Giuen
    Sep 12, 2008
Loading...

Share This Page