Firewall Wizards mailing list archives
Re: Trusted Unices Aren't?
From: Gordon Greene <Gordon.Greene () netsec net>
Date: Fri, 23 Oct 1998 15:54:18 -0400
Jeremy Epstein <jepstein () tis com> said :I've never heard that VMS was designed as MLS, and given the pain they went through to get it evaluated, I doubt it was. Having said that, it certainly has fewer "gimme-all-privileges" applications (as you correctly note), for two reasons: it was correctly designed to have granularity of privileges and there are fewer applications altogether :-)The first reason is good enough to ease securing the system much (comapring to unices..)
Actually, there is a B1 VMS system: http://www.digital.com/security/sevms.htm ---------------------------------------------------------------------------- ------------------------ Security has been a key strength of the OpenVMS operating system since the first version. Today with client/server computing and Internet connectivity, security is more important than ever before. SEVMS, a security-enhanced version of OpenVMS, satisfies the need of government agencies, national defense organizations, prime contractors, and other commercial environments to label and protect classified information. SEVMS provides mandatory access controls (MAC) and enhanced security auditing for secure standalone or clustered OpenVMS systems. SEVMS provides the system security manager with software to enforce a system wide security policy that helps protect users, data, software, and hardware from security compromise. Designed to meet recognized security standards SEVMS for OpenVMS VAX meets the B1 level of security as defined by the United States National Computer Security Center (NCSC). Some features SEVMS allows security managers to: Define and control access between subjects (users) and objects (files, programs, and devices). Designate sensitivity labels, consisting of hierarchical levels and non-hierarchical categories for any user, file, program, or device. ---------------------------------------------------------------------------- ------------------------------ Looks pretty MLS to me!
Current thread:
- Re: Trusted Unices Aren't?, (continued)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Rick Smith (Oct 28)
- Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
- Re: Trusted Unices Aren't? dreamwvr (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
- Message not available
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)