Great Circle Associates Firewalls
(October 1996)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: RE: NT Security
From: g6amsib @ 1ADTFREAR . 1AD . ARMY . MIL (G6 CPT Bates)
Organization: 1AD G6 Automation
Date: Tue, 01 Oct 1996 10:12:27 +0200
To: Firewalls @ GreatCircle . COM (Firewalls)

>On Wed, 25 Sep 1996, Joseph S. D. Yao wrote:
> Much has been made of NT's "C2" certification.  I've heard that it was
> certified without the standard NT file system; and with that file
> system, it can't be certified.  Beware.
> It will only comply with C2 standards if you are using the NTFS file
>system (not FAT or HPFS) and, of course, as a stand-alone machine after
>service pack X (7?) is applied with some other holes closed

Greetings, fellow automators.  First post to Firewalls from here in the   Balkans.    The U.S. Army (1st Armored Division) in Bosnia has come out   of the Iron Age (no pun intended) and into the information age.  We are   currently utilizing Windows NT networks, and have introduced unclassified   data connectivity to the field soldier primarily to support automated   logisitics data requirements.  However, it appears more and more users   have discovered the convenience and utility of email, networks, and   shared files to conduct effective coordination and staffing.    We use   two physically separate LAN/WAN's, one classified, and one unclassified.    Problem is, everyone wants to use their unclassified workstations, and   no one uses the classified, for obvious reasons, they like Web access,   email loved ones back home, and coordinate with government contractors   who do not have access to the secret LAN/WAN.

However, we have run into speed bumps with individuals processing   classified information on unclassified PC's, and virus problems, mostly   those that affect the boot sector.   Converting from WFW 3.11 and WIN 95   to NT Workstation with no FAT partitions, strictly NTFS partitions seem   to be the optimal solution.

We do not have the budget nor training to install expensive firewalls at   the Division level.  We think less, but more robust machines running NT   workstation on both the class and unclass LAN/WAN's, would offer what we   require in terms of processing power and NT's excellent   auditing/security.  However, it is very expensive, both in terms of   equipment, and personnel, to maintain these two NT LAN's.  While I have   yet to see someone hack an NTFS partition with permissions and other   holes plugged up (watched a couple of DISA's best guys try), the security   goons still have conniption fits about placing classified data on an   unclassified NTFS partition.  Any word on when NT will be network   certified?? We are also starting to use Iomega's Zip drive to   store/archive/use large amounts of data.  Merely attempting to find a   solution that meets our needs, both from a function, security, and fiscal   perspective.  Thanks much in advance.

Stephen E. Bates
G6 Systems Integration
g6amsib @
 1adtfrear .
 1ad .
 army .
DSN 370-7179
MSE 551-3562


Indexed By Date Previous: Re: info
From: Krauss . SiemensAG @ t-online . de (Dietmar Krauss)
Next: Gauntlet 3.1 on SGI IRIX and SecurID
From: cgt @ ecmwf . int (Tony Bakker)
Indexed By Thread Previous: RE: NT Security
From: Chris Pugrud <ChrisP @ steldyn . com>
Next: RE: NT Security
From: Keith McCammon <keithm @ asymetrix . com>

Search Internet Search