fun fact about microsoft and security

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
Draco_03
Forum Regular
Posts: 577
Joined: Fri Aug 15, 2003 12:25 pm
Location: Montreal, Canada

fun fact about microsoft and security

Post by Draco_03 »

In security there's a scale going from 1-5 (5 is in theory, I don't think anything today is security 5.)
I don't remember the acronym, I think it's ael 1 to 5.. or something like that.
So from now i'll say ael (but i'm prolly wrong in the use of the acronym)

Anyways, government apps require ael 3 and army ael 4.
Well windows nt when it got out was certified ael 4, you know how, (they just couldn't do it) so they unplugged the machine from the server, and unplugged IT IS ael 4...hehe i'm not kidding

As soon as you plug your computeron ANY network it loses it's certification hehehe..

Good Job microsoft
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

and the "source" of this fact is....?
User avatar
evilmonkey
Forum Regular
Posts: 823
Joined: Sun Oct 06, 2002 1:24 pm
Location: Toronto, Canada

Post by evilmonkey »

LOL That's pretty funny.

I think it's more of a joke though, kinda like the old saying: "The only safe machine is one that is unpulugged from all connections and burried six feet under...and even then I'm not sure..." :lol:
Draco_03
Forum Regular
Posts: 577
Joined: Fri Aug 15, 2003 12:25 pm
Location: Montreal, Canada

Post by Draco_03 »

I was trying to find it (i'll find it eventually it was a link a friend gave me, they where talking about the security issues etc and brought up this exemple)
They where just pointing that a certified security ael 3-4 (whatever) is USELESS because even on a network, (i think windoes xp is 3) well it will be 3 ONLY if you NEVER add ANY third party programs. You add mysql on ypour server BA<M no more certification.

So that was tehre point, no server STAYS certified.
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

Yes, but then you can harden your system after adding third party software, therefore increasing the rating again, maybe to higher than it was before (finding vulnarabilities while fixing others..).
User avatar
phice
Moderator
Posts: 1416
Joined: Sat Apr 20, 2002 3:14 pm
Location: Dallas, TX
Contact:

Post by phice »

There's nothing like a confusing thread. ;)
Image Image
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

Except a confusing reply. ;)
Draco_03
Forum Regular
Posts: 577
Joined: Fri Aug 15, 2003 12:25 pm
Location: Montreal, Canada

Post by Draco_03 »

hehehe
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

I think Draco_03 maybe referring to TCSEC and Windows NT 3.5. It's only certified C2 in non-networked configuration and without the WOW subsystem. It certianly isn't A1.

[EDIT TO ADD]You could also be referring EAL too - Evaluation Assurance Level. Either way I still think it's Windows NT 3.5 you may be referring to here.
Draco_03
Forum Regular
Posts: 577
Joined: Fri Aug 15, 2003 12:25 pm
Location: Montreal, Canada

Post by Draco_03 »

EAL yes that's it!! :)
Post Reply