CST(29)-C2 Level Security on LAN

C2 is a US govt. security standard for operating system. It requires that users and applications be authenticated before gaining access to any operating system resource. To obntain a C2 level certification, all clients must provide authenticated user id ,all resources must be protected by access control lists, and audit trails must be provided.

Security measures, the modern NOS provide to meet C2 level security are as follows:

1. Authentication – Are you who claim to be?

In time shared systems authentication is done by OS using passwords. NOSs must do better than that. Kerberos is the trusted third party that allows two processes to prove to each other that they are who claim to be.

2. Authorization : Are you allowed to access this resource ?

Once clients are authenticated, the server applications are responsible for verifying which operations the clients are permitted to perform on the information they try to access. Servers use Access Control Lists to control user access. They contain the list of names and type of operations they are permitted to perform on each resource. NOSs can easily meet C2’s ACL requirements.

3. Audit Trails – Where have you been? 
Audit services allow network managers to monitor user activities, including attempted logons and which servers or files are used. Audit services are a piece of weapon needed by network managers to detect intruders in their own organization. For example, they can monitor all the network activity associated with a suspect client workstation. Knowing an audit trail exixts, usually discourages the insiders from tampering with servers using their own logon, but they do under somebody else’s logon.
CST(29)-C2 Level Security on LAN Reviewed by 1000sourcecodes on 21:39 Rating: 5
Powered by Blogger.