Firewall Wizards mailing list archives
TCSEC and firewalls
From: Magosanyi Arpad <mag () bunuel tii matav hu>
Date: Mon, 28 Jun 1999 10:07:49 +0200
Hi! I have just read the TCSEC interpretation for a networked environment. (The document called NCSC-TG-005) There are some questions left (maybe I was not read carefully enough): -What is the DAC functionality regarding a firewall? Is the ability of the firewall administrator to define the access list for a communication channel is the DAC functionality? Or is it completely outside the scope of network perimeter defense? -Is it sensible for a data to have different labels in different points of the transmission path depending on the properties of the transmission medium? -How would you define the MAC labels' non-hierarchical categories part in a corporate environment? Should they refer to the organizational units? Should they refer to some aspects of the IT infrastructure (and then how they glued into a comprehensive representation in the level of the corporate NTCB)? -There are only vague references to cryptography in the document. How should I express (in the terms of TCSEC) the need that the protection of the transmitted data should be proportional to its sensitivity label in the whole transmission path either by cryptography or phisical security? -- GNU GPL: csak tiszta forrásból
Current thread:
- TCSEC and firewalls Magosanyi Arpad (Jun 28)
- <Possible follow-ups>
- RE: TCSEC and firewalls LeGrow, Matt (Jun 29)