Case Study: C2 and Windows NT

SCENARIO

ESSENCE OF THE CASE

Three issues are at work here:

  • First, a security evaluation should match the intended use of the product.
  • Second, administrators should not run tools without understanding what they will do to systems. Adequate documentation explained the C2 certification for Windows NT 3.51 and should have alerted all but the clueless administrator as to what might happen when the tool is applied.
  • Finally, in this tool-crazy point-and-click administration world, perhaps the release of such a tool was a little premature. Yes, admins should understand what they are doing, but tools can also adequately prompt users and provide a way to remove the effects of the tool's application.

Windows NT 3.51 was evaluated ...

Get CISSP Training Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial