A few years ago, the U.S. Department of Defense formulated four guidelines for different levels of computer security. The orange book (formally known as the trusted computer standard evaluation standard) includes the classification of computer security levels. Looking at these classifications, we can understand the various security risks inherent in some systems and master how to reduce or eliminate these risks.
1,D 1
This is the lowest level of computer security. The whole computer system is untrustworthy, and the hardware and operating system are vulnerable to attack. D 1 Computer System Standard stipulates that users are not authenticated, that is, anyone can use the computer system without obstacles. The system does not require user registration (user name is required) or password protection (unique access string is required). Anyone can sit in front of the computer and start using it.
The computer system of D 1 level includes:
MS-Dos
MS-Windows3.xe and Windows95 (not in workgroup mode)
Apple's System7.x
2. Grade C 1
The C 1 class system requires the hardware to have a certain security mechanism (such as the hardware with a locking device and the key to the computer). ), and users must log in to the system before using it. C 1 class system also needs the ability of complete access control, and system administrators should be allowed to set access rights to some programs or data. The disadvantage of C 1 level protection is that users directly access the root directory of the operating system. C 1 level cannot control the access level of users who enter the system, and users can delete the data of the system at will.
Common C 1 compatible computer systems are as follows:
UNIX system
XENIX
Novell3.x version 3.x or higher
Windows operating system
3. C2 level
C2 level strengthens several characteristics of some shortcomings of C 1 level, and C2 level introduces the enhanced characteristics of controlled access environment (user authority level). This feature is not only based on the user's authority, but also further restricts the user from executing some system instructions. Authorization classification enables system administrators to group users and grant them access to certain programs or hierarchical directories. On the other hand, user rights authorize users to access the directory where the program is located separately. If other programs and data are in the same directory, users will automatically get this information. C2 level system also adopts system audit. The audit function tracks all "security events", such as login (success and failure) and the work of system administrators, such as changing user access and passwords.
Common C2 operating systems are:
UNIX system
XENIX
Novell3.x version 3.x or higher
Windows operating system
4. Grade B 1
B 1 class system supports multi-level security, that is to say, this security protection is installed in different levels of systems (networks, applications, workstations, etc.). ), and it provides more advanced protection for sensitive information. For example, security levels can be divided into decryption, confidentiality and top secret levels.
5, B2 level
This level is called structured protection. B2-level security requires that all objects in the computer system be labeled and security levels be specified for devices such as workstations, terminals and disk drives. For example, a user can access a workstation, but may not be allowed to access a disk subsystem that contains personal salary data.
6. B3 level
Class B3 requires the user's workstation or terminal to connect to the network system through a trusted channel. At this level, hardware must be used to protect the storage area of the security system.
7. Grade A
This is the highest security level in the orange book, sometimes called verification design. Like the level mentioned above, this level contains all the characteristics of the level below it. A-level also adds a design requirement, that is, the security system is monitored, and qualified security personnel must analyze and pass this design. In addition, strict formal methods must be adopted to prove the security of the system. Moreover, at Grade A, the sources of all the components that make up the system must be safe, and these safety measures must also ensure that these components are not damaged in the sales process. For example, in a Class A setup, tape drives are closely tracked from the production workshop to the computer room.