Understanding the ins and outs of encryption
Getting to know IPSec
Familiarizing yourself with Microsoft Certificate Services
C2 is defined in the so-called "Orange Book," which is really titled the Trusted System Evaluation Criteria. C2 evaluation checks to see how secure a computer really is. However, C2 only applies to standalone computers. Microsoft is also testing to the specifications for network computers (Red Book and Blue Book). Microsoft has already gone above and beyond C2 with Windows
2003, so the term is really meaningless.
Note The operating system is not C2 out of the box. A vendor or security service provider has to set up a machine and the OS to be C2-compliant. This means locking down objects, setting up audit trails, creating user accounts with secure password philosophy, and so on. Only when a machine has been fully locked down can it be rated as C2-compliant . . . whether it's a washing machine or a file server. The first versions of Windows Server 2003 were more secure out of the box than Windows 2000; and now, with the threat of hostile software ready to pounce on a fledgling server, Microsoft has opted to lock the server down more fully until an administrator has fully configured it.
Windows 2003 can be as locked down as the space above your head, or it can be as tight as a hole on a pin head. You have the control to secure it or open it as you deem fit. The network is only as secure as you make it. If Windows 2003 is not properly configured, claiming awards like C2 will not get you out of a jam when a hacker pulls your pants down on the Internet. Blunt, yes, but security is part of the day-to-day life of a network administrator. If you don't take care of security problems, you don't have a network.
Was this article helpful?