todd glassey on Tue, Oct 09, 2001 at 07:55:46AM -0700: Todd,
I think it is going to take a while until it gets there.
I disagree.
I think everybody is excited to hear about readily available solutions that satisfy all your needs?
Hmmmm - Still sounds like the System's Admin's were culpable for the OS Audit Trails...
Well, having in the union involved and on your side helps a lot I would guess, besides that, going to court with the slightest complaint is not to common in my country :)
B1 is no longer a recognized standard. It is a part of the Orange Books (see: http://www.dynamoo.com/orange/fulltext.htm for a pointer to the Orange Book itself. The current methodology is the Common Criteria (See: http://www.commoncriteria.org).
I know that, but the features I was talking about have been outlined in the Orange Book first and happen to be defined in the no-longer-a-stan- dard B1 standard (and B2 or 3 for compartments, I don't remember). I am not talking about certification, just features required.
Given that you have local systems level access. Then you as the Systems Admin are the weak point in this Audit Model.
I'm getting more and more curious to see above mentionned readily available solutions that can still work with vanilla applications and address this sort of problem :)
hey Partner C2 is old hat. Most if not all commercially available OS's will support C2 and most have a hardened mode that approaches what was known as B1 as well.
C2 might be an old hat, and obviously every commercial OS supports it, because C2 compliance used to be the minimum requirement for government computers. Still though, can you tell me ONE commercial OS (in it's non trusted version) that supports useful remote audit-logging? And no, NFS doesn't count. I am not even going to start asking about encryption :) And old hat or not, configurable call-level-logs are probably the best you can get in terms of audit trails. Ideally of course, providing the means of security you desire. Regards, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B