Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [CISSP-D] System-high security mode vs Compartmented security mode

from [Doug Landoll] Network Security [Permanent Link]
Subject: Re: [CISSP-D] System-high security mode vs Compartmented security mode
Date: Sun, 15 May 2005 06:24:18 -0000 
I believe some clarification is in order. To understand these 
definitions you must clearly understand security labels and levels. 
This is something most all CISSP books and classes gloss over. A 
short tutorial follows:

1) a security LABEL is composed of both a level and a compartment 
(sometimes called category or formal need to know). 

   a) the level is the hierarchical part of the label. i.e., Top 
Secret > Secret > Confidential > Unclassified

   b) the compartment is the non-hierarchical part of the label. 
i.e., "Project Alpha", "Project Beta" these are simply members of 
the compartment "set" and each person is either 'read onto the 
program' or not. If you have been determined to have formal need to 
know for "Project Alpha" information then you are read onto that 
program.

   c) The security label will then look like this Level:Compartment. 
ie. Top Secret - Project Alpha, Secret, etc.

[That is a rather quick overview - if you still need help look up 
the terms "dominance" and "non-comparable" labels.

2) When systems are deployed with sensitive information and those 
systems are accessed by personnel with or without clearances, there 
is a level of risk in these systems based on the difference between 
the lowest cleared user and the most sensitive information. For 
example, a system with SECRET cleared users and SECRET information 
(no categories) is a low risk system, wereas a system with SECRET 
information and UNCLASSIFIED users is a higher risk system.

3) The US Government has names for the different levels of risk in 
systems based on the difference between the lowest cleared user and 
the most sensitive information. These are defined as 

   a) System High (everybody is cleared for everything - not even 
DAC-based NTK).
   b) Dedicated (everybody is cleared for all labeled information, 
but DAC controls are required - think personal records)
   c) Compartmented Mode (everybody is cleared to the highest LEVEL 
but may not have been read onto all categories - this means that MAC-
level enforcement is required. This is a big deal since many OSs do 
not have MAC-based access control).
   d) Multi-level System (not everybody has been cleared to the 
highest LEVEL. This also means MAC control is required but there is 
a higher risk. For example, there could be SECRET users and TOP 
SECRET information.)

You have mastered this concept when you clearly understand the 
following:

 - difference between a label and a level and a compartment
 - hierarchical vs. non-hierarchical 
 - domination, non-comparable labels
 - NTK vs. Formal NTK
 
Good Luck,

Doug Landoll, CISSP, CISA
President, Veridyn Inc.
(512) 310-2228

--- In CISSP-Discuss@yahoogroups.com, "Dave Sims" <davesims2@c...> 
wrote:

I think your definitions are slightly skewed.

Compartmentalized security is based on need to know "Regardless" 

of security level.  An example might be My security rating is higher 
than yours, but I am not allowed access to information stored in 
your compartment because I don't work on that project, or need to 
know about it.


Using need to know in system-high is somewhat confusing.  System-

high mode is more a certification of the system, than the user.  


This is another definition I Googled for you.  

system high mode: [An] information system (IS) security mode of 

operation wherein each user, with direct or indirect access to the 
information system (IS), its peripherals, remote terminals, or 
remote hosts, has all of the following: (a) valid security clearance 
for all information within an IS; (b) formal access approval and 
signed nondisclosure agreements for all the information stored 
and/or processed (including all compartments, subcompartments and/or 
special access programs); and (c) valid need-to-know for some of the 
information contained within the IS. [INFOSEC-99]


Meaning to me that the system meets System-high parameters, and 

you could still have compartmentalized security.  I am not 
absolutely certain on this and would welcome some more guidance from 
someone else on the list.


Thanks

Dave





 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [CISSP-D] Symmetric Key and authentication., Vijay Kumar
Next by Date:  Re: [CISSP-D] System-high security mode vs Compartmented security mode, Rand
Previous by Thread:  RE: [CISSP-D] System-high security mode vs Compartmented security mode, Dave Sims
Next by Thread:  Re: [CISSP-D] System-high security mode vs Compartmented security mode, Rand
Indexes:  [Date] [Thread] [Top] [All Lists]