TCSEC and firewalls

[Magosanyi Arpad <mag () bunuel tii matav hu>]

Hi!

I have just read the TCSEC interpretation for a networked environment.
(The document called NCSC-TG-005)

There are some questions left (maybe I was not read carefully enough):

-What is the DAC functionality regarding a firewall? Is the ability of
the firewall administrator to define the access list for a communication
channel is the DAC functionality? Or is it completely outside the
scope of network perimeter defense?

-Is it sensible for a data to have different labels in different points
of the transmission path depending on the properties of the transmission medium?

-How would you define the MAC labels' non-hierarchical categories part
in a corporate environment? Should they refer to the organizational units?
Should they refer to some aspects of the IT infrastructure (and then how they
glued into a comprehensive representation in the level of the corporate NTCB)?

-There are only vague references to cryptography in the document. How should
I express (in the terms of TCSEC) the need that the protection of the 
transmitted data should be proportional to its sensitivity label in the
whole transmission path either by cryptography or phisical security?

-- 
GNU GPL: csak tiszta forrásból