Homesecurity specifications
Page 1 of 1
security specifications
Admin Fri Jan 14, 2011 11:17 am
For government and military systems, a number of security specifications and
policy documents are available that detail the steps necessary to secure Solaris systems
in “top secret” installations. The U.S. Department of Defense, for example, publishes
the “Orange Book,” formally known as the “Department of Defense Trusted Computer
System Evaluation Criteria.” This publication describes systems that it has evaluated in
terms of different protection levels, from weakest to strongest, including the following:
• Class D Systems that do not pass any tests and are therefore untrusted.
No sensitive data should be stored on Class D systems.
• Class C1 Systems that require authentication based on a user model.
• Class C2 Systems that provide auditing and logging on a per-user basis,
ensuring that file accesses and related operations can always be traced to
the initiating user.
• Class B1 Systems that require security labeling for all files. Labels range
from “top secret” to “unclassified.”
• Class B2 Systems that separate normal system administration duties from
security activities, which are performed by a separate security officer. This level
requires covert channels for data communications and verified testing of an
installation’s security procedures.
• Class B3 Systems that requires that a standalone request monitor be available
to authenticate all requests for file and resource access. In addition, the request
monitor must be secured and all of its operations must be logged.
• Class A1 Systems that are formally tested and verified installations of a Class
B3 system.
All of the strategies that are discussed in this chapter are focused on increasing the
number of layers through which a potential cracker (or disgruntled staff member) must
pass to obtain the data that they are illegally trying to access. Reducing the threat of
remote-access exploits and protecting data are key components of this strategy.
policy documents are available that detail the steps necessary to secure Solaris systems
in “top secret” installations. The U.S. Department of Defense, for example, publishes
the “Orange Book,” formally known as the “Department of Defense Trusted Computer
System Evaluation Criteria.” This publication describes systems that it has evaluated in
terms of different protection levels, from weakest to strongest, including the following:
• Class D Systems that do not pass any tests and are therefore untrusted.
No sensitive data should be stored on Class D systems.
• Class C1 Systems that require authentication based on a user model.
• Class C2 Systems that provide auditing and logging on a per-user basis,
ensuring that file accesses and related operations can always be traced to
the initiating user.
• Class B1 Systems that require security labeling for all files. Labels range
from “top secret” to “unclassified.”
• Class B2 Systems that separate normal system administration duties from
security activities, which are performed by a separate security officer. This level
requires covert channels for data communications and verified testing of an
installation’s security procedures.
• Class B3 Systems that requires that a standalone request monitor be available
to authenticate all requests for file and resource access. In addition, the request
monitor must be secured and all of its operations must be logged.
• Class A1 Systems that are formally tested and verified installations of a Class
B3 system.
All of the strategies that are discussed in this chapter are focused on increasing the
number of layers through which a potential cracker (or disgruntled staff member) must
pass to obtain the data that they are illegally trying to access. Reducing the threat of
remote-access exploits and protecting data are key components of this strategy.
Admin- Admin
- Posts : 7
Join date : 2010-12-31 -
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|