Re: Physical access beats all
"Physical access beats all"
Orange book security standards allowed you assume physical security
Windows NT claimed to meet C2 level security, except for the network susbsystem.
So the machine was perfectly secure, so long as it wasn't networked and you could control physical access !
Not actually that silly, C2 required you to log certain actions in a secure manner. One other manufacturer we tested did log these events, but provided no way of viewing them. The Orange book just said they had to be logged, it didn't mention retrieval.