AWS 95: NCSC Security Levels Available

I'm using an Apple Workgroup Server 95 (AWS 95) with Oracle in a TCP/IP environment. I am very concerned about the AWS 95 computer's security, since it will be serving mission-critical data and will be Internet accessible.

I'd like to know what additional security measures are available for A/UX, and to ensure that they will not break Oracle. Minimally, I need support for a shadow password file, but I would prefer full C2 security.

Does Apple have a C2 secure version of A/UX, and is it compatible with the AWS 95 with Oracle7?

According to the NCSC (National Computer Security Center) evaluation criteria, seven levels of trust called Classes have been defined. The AWS 95 server based on A/UX 3.1 (the latest version) doesn't, in general, meet the C2 class requirements, it only meets the C1 class level. AppleShare and AppleShare Pro also are in the C1 class security category.

As of April 1994, Apple doesn't have a C2 security version of A/UX.

Below is more information on the NCSC security classes:

The increasing order of trust (from left to right), D, C1, C2, B1, B2, B3, and A1.

    D       C1       C2      B1      B2     B3      A1
 <-------------------------------------------------------->
    not               increasing security           highly
    secure                                          secure

D systems aren't trusted. A1 systems are extremely resistant to compromise.

Up to level B3, each Class introduces additional features and functions to counter specific threats that weren't countered by lower Classes. For example:

Class A1 adds no features or functions over a Class B3 system.  The software system for a Class A1 system is identical to Class B3 system.  However, the Class A1 system is more trusted because it is subjected to extremely rigorous design verification, threat analysis, construction, testing, inspection, distribution, and operational procedures covering hardware, firmware, and software.

Published Date: Feb 19, 2012