Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesOS Insecurity

November 1996 / Inbox / OS Insecurity

In "Air-Tight Windows NT" (August), author Jim Reynolds states that the U.S. National Security Agency granted Windows NT 3.5 C2-level approval. What few people know is that this evaluation was limited to a stand-alone computer and did not include network interfaces. If a user hooks up an NT server to a network, the computer can no longer be considered C2-secure until almost all network functionality is disabled. Failure to mention this is misleading and lures users into a false sense of security. The article also doesn't mention the so-called "boot floppy" vulnerability of Windows NT. By booting from a floppy and using assembly language utilities, a person can bypass NT security and can read, write, and delete files from the hard disk without leaving a trace.

Karl Pottie
Rumbeke-Roeselare, Belgium
ka rl@vl-brabant.be

The security features I discussed also apply to networked computers. NT is currently undergoing network evaluation (the NSA usually conducts stand-alone and network evaluations separately). But remember, the evaluated configuration, which includes hardware and software, might not match what you have or need. The NSA team was aware of the boot-with-floppy issue; the evaluated configuration prohibited physical access to the floppy. A less stringent need for security might take advantage of the common PC feature that prevents booting from a floppy. Of course, without physical security this solution can be circumvented. The bottom line is that if you can boot a different OS, then none of the security mechanisms of NT work. This is to be expected with any OS. What makes the NT case appear different is the ubiquitous character of the hardware platform and the fact it is generally designed to boot from floppy, unlike older, time-sharing systems such as Unix. -- Jim Reynold s

Up to the Inbox section contentsGo to previous article: Token Token RingGo to next article: Xyratex OmittedSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network