Finally we turn to the much discussed but almost universally misunderstood notion of Windows NTís C2 evaluation. Most think that C2 rating means a system is secure (and perhaps that a system without this rating not secure). Not so. First, "security" is a relative term, like "user friendly" or "high-performance." What is "secure" to some users or sites is not to others. Second, security comes as much from how you manage a system as from its features. But let us return to C2.
C2 is an opinion. An opinion from an experienced, trained, largely unbiased team of government security analysts. This team has the full cooperation of the vendor (Microsoft) and access to source code, internal design documents, and the core software designers. The team works through often-tortured meetings with these designers to gauge their expertise, commitment, and thoroughness. At C2, the team will sort through some of the source code and virtually all the documentation and test results. They concentrate on fundamental system security architecture and are guided by the Trusted Computer Systems Evaluation Criteria, the "Orange Book." The team summarizes their study in a Final Evaluation Report, which for Windows NT is as fine an exposition of its basic security mechanisms as youíll find.
C2 does not mean the system is "secure" in any particular sense of the word. However, it certainly should increase our confidence that the systemís security features have been responsibly implemented. Does C2 say the system is free from security flaws? No. But it helps. For example, when the team finds "problem areas" that are not in direct contradiction to the Criteria, they usually require the vendor to prominently note them in system documentation so that system administrators can at least work around the problems.
C2 is most definitely not a "mode" that you can turn on or off. The government does not give a fig as to what security features you do or donít use. C2 is a point-of-sale badge of confidence, not perfect, not absolute, but definitely useful. And itís features are yours to use or ignore as befits the "security" of your situation.
Windows NTís U.S. C2 rating does not include its networking software. Does this mean the Windows NT is not secure because everyone uses its networking? No. It just means that we havenít been given the same boost in confidence in networking as the rest of the system. (Anyway, Windows NT recently competed its European C2-like evaluation that included its networking component.)
Whether or not Orange Book evaluations will last much longer, and despite all they might be that they are not, that opinion from the evaluation team should certainly elevate our confidence in Windows NT a notch or two, even though itís no claim to absolute "security."
Internet FAQ top