Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Vulnerability Assessment of a EAL 4 system

from [Stong, Ian] Network Security [Permanent Link]
Subject: RE: Vulnerability Assessment of a EAL 4 system
Date: Wed, 1 Nov 2006 12:34:40 -0500 
You should get a copy of the security target and protection profiles
used for the EAL4 accreditation.  This will give you insight into what
they evaluated against. I would then suggest performing standard Linux
checks on the system (sounds like you already did some of that). Any
standard security protections missing need to be weighed against what
the vendor has done to provide similar protections. 


Thanks,

Ian Stong

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of castellan2004-fd@yahoo.com
Sent: Wednesday, November 01, 2006 5:12 AM
To: focus-linux@securityfocus.com
Subject: Vulnerability Assessment of a EAL 4 system

I am looking at a Linux server which has been accredited as a EAL4
system by IBM.  During the assessment, I was looking for standard Linux
protections like iptables, ssh etc.  On this server, there is no
iptables.

Regardless, I would like to know how to evaluate a EAL
4 system.  What do you need to look for in the EAL 4 system in
production that could become vulnerable?

Thank you in advance for any help.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Vulnerability Assessment of a EAL 4 system, castellan2004-fd
Next by Date:  Re: Vulnerability Assessment of a EAL 4 system, terry white
Previous by Thread:  Vulnerability Assessment of a EAL 4 system, castellan2004-fd
Next by Thread:  RE: Vulnerability Assessment of a EAL 4 system, Takayama Kawika (DTI)
Indexes:  [Date] [Thread] [Top] [All Lists]