[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenBSD and C2 certification
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: OpenBSD and C2 certification
- From: Adrian J Close <adrian_(_at_)_esec_(_dot_)_com_(_dot_)_au>
- Date: Sat, 4 Dec 1999 19:58:14 +1100
On Sat, 4 Dec 1999, Vikram Kulkarni wrote:
> > Consider the fact that C2 compliance means no network connection and no
> > floppy drive and I think you'll be able to draw a reasonable conclusion by
> > yourself... ;-)
> No it doesn't... read below from NTBugTraq:
Oh dear. I guess I'm a little out of date here...
> - - Server operating as a primary domain controller
[..other 5 snipped..]
Is it just me or does this seem more than a little strange?
What kind of security certification can validate a networking
implementation (i.e. SMB) that passes around password "hashes" on the wire
that can easily be sniffed and reused? Or does the C2 update "fix" this?
I guess I'll have to go dig up the C2 compliance specification from
somewhere. I'll get back in my box now - I don't want to sully a nice,
decent, family-oriented OpenBSD list with too much talk of NT...
Thanks for the info.
Adrian Close email: adrian_(_at_)_esec_(_dot_)_com_(_dot_)_au
Network Architect phone: +61 3 8341 2400
eSec Ltd fax: +61 3 8341 2499
P.O. Box 302, Carlton, VIC, 3053, Australia web: http://www.esec.com.au