Feeds

How to get certified security for Win2k, by Microsoft

Lock up your network, no secondary boot devices, stay away from the Net, no mad admins, etc...

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Windows users whose spirits lifted at this week's announcement of Common Criteria certification* for Microsoft's Windows 2000 would do well to take a look at some of the assumptions and restrictions associated with the tested system. While perhaps not as extreme as when NT passed Orange book certification so long as it wasn't connected to a network, these do seem just a little restrictive and artificial.

Not, of course, that it's much different for any other manufacturer's products - security certifications are all very well, but tend to become of doubtful value as soon as the real world starts creeping in.

You can find various assumptions about the Common Criteria test system listed here, and indeed if you rattle around the general vicinity on TechNet you'll find lots of information about putting together your own test system, and - more usefully - sensible advice for securing your systems in the real world. Here though we have a description of an "evaluated configuration," consisting of a TOE (Target of Evaluation) which "includes a homogenous set of Windows 2000 systems that can be connected via their network interfaces and may be organized into domains." OK?

Now, if you tear down to 3.3, Connectivity Assumptions, you'll see these include "all connections to peripheral devices reside within the controlled access facilities" and "any other systems with which the TOE communicates are assumed to be under the same management control and operate under the same security policy constraints. The TOE is applicable to networked or distributed environments only if the entire network operates under the same constraints and resides within a single management domain. There are no security requirements that address the need to trust external systems or the communications links to such systems."

In the first case therefore we're talking about the physical location of the system being secure, while the second has a number of implications. The "same management control" and "same security policy constraints" mean that anything the TOE communicates with has to be, effectively, part of the TOE or the certification doesn't apply. Lob in other operating systems (even Microsoft ones, never mind Linux, and there's goes any dream you had of Common Criteria security. As for: "There are no security requirements that address the need to trust external systems or the communications links to such systems," we think that boils down to 'anything outside of the TOE is the Badlands.'

Section 3.4 is pretty self-explanatory, no crazy and/or embittered staff allowed (we rather like A.NO_EVIL_ADM though) while 3.5 requires padlock on processors, security hardware and security software. "The hardware protects the TSF in ensuring that only the TSF can be started" means no boot floppies, and these days no ability to boot CDs either.

The security professional who drew our attention to this wishes to remain anonymous (thanks anyway, masked man), but comments: "So maybe not quite as restricted as the original Windows NT non-networked certification, but still a far cry from most installations. Microsoft/SAIC [ Science Applications International Corp, the testing outfit] appear to have embraced and extended the CAPP profiles - I think in an honest fashion, though picking a few extra policies (on top of CAPP) may make it harder for the competition to do a like-for-like comparison. There are other profiles, though - COTS and CSPP are also appropriate." ®

* We have had numerous explanations as to why Solaris 8 is both certified and in the process of certification. Thanks all of you, but here's the one from Jane Medefesser, Senior Manager, Solaris Security Evaluations, who can presumably be deemed to know about this stuff:

"Solaris 8 FCS (First Customer Ship) passed Common Criteria Certification in November 2000, as you stated in your article. The Solaris 8 which is pending certification is an update release to the FCS version. The update release contains hardware features not present in our FCS version that were not covered in the original security target. These hardware features support our midrange and high end servers, which again, were not released at the time Solaris 8 FCS was released.

"New functionality to an evaluated scheme cannot always be grandfathered into the old certificate, therefore a new evaluation must be performed. Microsoft will find this out as time goes on, if a new Intel platform is introduced that allows users to do new and fantastic things never before possible. At that time, the new hardware will not be considered 'secure' under Common Criteria unless it goes through another evaluation."

Providing a secure and efficient Helpdesk

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.