>On Wed, 25 Sep 1996, Joseph S. D. Yao wrote:
> Much has been made of NT's "C2" certification. I've heard that it was
> certified without the standard NT file system; and with that file
> system, it can't be certified. Beware.
> It will only comply with C2 standards if you are using the NTFS file
>system (not FAT or HPFS) and, of course, as a stand-alone machine after
>service pack X (7?) is applied with some other holes closed
Greetings, fellow automators. First post to Firewalls from here in the Balkans. The U.S. Army (1st Armored Division) in Bosnia has come out of the Iron Age (no pun intended) and into the information age. We are currently utilizing Windows NT networks, and have introduced unclassified data connectivity to the field soldier primarily to support automated logisitics data requirements. However, it appears more and more users have discovered the convenience and utility of email, networks, and shared files to conduct effective coordination and staffing. We use two physically separate LAN/WAN's, one classified, and one unclassified. Problem is, everyone wants to use their unclassified workstations, and no one uses the classified, for obvious reasons, they like Web access, email loved ones back home, and coordinate with government contractors who do not have access to the secret LAN/WAN.
However, we have run into speed bumps with individuals processing classified information on unclassified PC's, and virus problems, mostly those that affect the boot sector. Converting from WFW 3.11 and WIN 95 to NT Workstation with no FAT partitions, strictly NTFS partitions seem to be the optimal solution.
We do not have the budget nor training to install expensive firewalls at the Division level. We think less, but more robust machines running NT workstation on both the class and unclass LAN/WAN's, would offer what we require in terms of processing power and NT's excellent auditing/security. However, it is very expensive, both in terms of equipment, and personnel, to maintain these two NT LAN's. While I have yet to see someone hack an NTFS partition with permissions and other holes plugged up (watched a couple of DISA's best guys try), the security goons still have conniption fits about placing classified data on an unclassified NTFS partition. Any word on when NT will be network certified?? We are also starting to use Iomega's Zip drive to store/archive/use large amounts of data. Merely attempting to find a solution that meets our needs, both from a function, security, and fiscal perspective. Thanks much in advance.
Stephen E. Bates
G6 Systems Integration