Re: ISA 2004 PPTP VPN--Multiple Client Connections

Jeez; get a clue, whydoncha?

Common Criteria is decided by the governing body, not the developers.
Those aren't caveats; they're the scenario that was tested and evaluated
by the CC folks.
CC requirements can be applied equally well to hardware as it does to
hardware - try reading it through once.

In fact, CC *does* matter.   A great many governmental entities won't
buy a product unless it's been through the CC wringer.

-----Original Message-----
From: barrett [mailto:barrett.mcguire@xxxxxxxxxxxx] 
Sent: Thursday, October 06, 2005 8:15 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA 2004 PPTP VPN--Multiple Client Connections

http://www.ISAserver.org

Common Criteria is NOT an absolute (nor good) indication of the
"security"
of a product. The developer gets to write the Security target and define
the Target of Evaluation. The product then gets evaluated, in the case
of
ISA by the Germans. So while those damn Ruskies may have the Cisco
source,
those damn Germans (yes, their lab evaluated ISA) get to put the little
certification stamp on the product that lets you sleep at night

Common Criteria.....Below are a coupla of quick notes on CC Validation
for
ISA

ISA 2004 (EAL 4+)
--Thought it was in evaluation. If you can find the Security Target or
Certification Report, please post.
--Can't wait to see the caveats like the ones below for ISA2000

ISA 2000 (EAL 2)
--Must be installed on Windows 2000 Server
--No Active Directory Integration allowed (WoW!!)
--Local Administration only (who cares about the neat little Admin
console
you can run from your desktop instead of walking up to the server room
floor)
--ISA must be installed on a HP/Compaq Proliant ML330 G2 hardware. (May
be
able to pick one up on Ebay)
--Must run in Firewall Mode only (What a shame, the cache feature was
pretty cool)
--You can not change the evaluated configuration. (So, please do not
install Win2k Server Serice Pack 4)

So, does Common Criteria really matter?

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.



Other related posts: