Page 1 of 1

fun fact about microsoft and security

Posted: Thu Jul 29, 2004 9:53 am
by Draco_03
In security there's a scale going from 1-5 (5 is in theory, I don't think anything today is security 5.)
I don't remember the acronym, I think it's ael 1 to 5.. or something like that.
So from now i'll say ael (but i'm prolly wrong in the use of the acronym)

Anyways, government apps require ael 3 and army ael 4.
Well windows nt when it got out was certified ael 4, you know how, (they just couldn't do it) so they unplugged the machine from the server, and unplugged IT IS ael 4...hehe i'm not kidding

As soon as you plug your computeron ANY network it loses it's certification hehehe..

Good Job microsoft

Posted: Thu Jul 29, 2004 10:21 am
by feyd
and the "source" of this fact is....?

Posted: Thu Jul 29, 2004 10:30 am
by evilmonkey
LOL That's pretty funny.

I think it's more of a joke though, kinda like the old saying: "The only safe machine is one that is unpulugged from all connections and burried six feet under...and even then I'm not sure..." :lol:

Posted: Thu Jul 29, 2004 10:44 am
by Draco_03
I was trying to find it (i'll find it eventually it was a link a friend gave me, they where talking about the security issues etc and brought up this exemple)
They where just pointing that a certified security ael 3-4 (whatever) is USELESS because even on a network, (i think windoes xp is 3) well it will be 3 ONLY if you NEVER add ANY third party programs. You add mysql on ypour server BA<M no more certification.

So that was tehre point, no server STAYS certified.

Posted: Thu Jul 29, 2004 10:47 am
by d3ad1ysp0rk
Yes, but then you can harden your system after adding third party software, therefore increasing the rating again, maybe to higher than it was before (finding vulnarabilities while fixing others..).

Posted: Fri Jul 30, 2004 11:55 am
by phice
There's nothing like a confusing thread. ;)

Posted: Fri Jul 30, 2004 12:19 pm
by d3ad1ysp0rk
Except a confusing reply. ;)

Posted: Fri Jul 30, 2004 12:34 pm
by Draco_03
hehehe

Posted: Fri Jul 30, 2004 7:28 pm
by Buddha443556
I think Draco_03 maybe referring to TCSEC and Windows NT 3.5. It's only certified C2 in non-networked configuration and without the WOW subsystem. It certianly isn't A1.

[EDIT TO ADD]You could also be referring EAL too - Evaluation Assurance Level. Either way I still think it's Windows NT 3.5 you may be referring to here.

Posted: Mon Aug 02, 2004 8:33 am
by Draco_03
EAL yes that's it!! :)