active response and adaptation
Posted Jun 22, 2007 14:00 UTC (Fri) by kirkengaard
Parent article: Red Hat and IBM get certified
A hostile environment is not plannable. Hostiles do not exclusively follow known, dependable routes that can be routinely secured, and determined hostiles will not give up once the usual routes into a system prove to be moderately secure. What a system evaluated EAL4 gives you is a reliable platform that can be kept secure through active response and adaptation to threat, or further secured by additional checks, but you're not going to get "off the shelf" EAL7 (Formally Verified Design and Tested) without the system being a "device" rather than software. EAL7 ceases to be a usable "toy" because nobody classifies hacker toys for EAL7 - spending that kind of scratch is reserved for special-purpose, secure, locked-down functionality.
It is pointless to whine about EAL4+ being untried in hostile environments, because that's not what it's for, and the mild kind of "hostile environment" a server room will see is secured by a systems administrator with other tools to work with in addition to default operating system security. You're being silly.
to post comments)