The Rainbow Series (sometimes known as the Rainbow Books) is a series of computer security standards published by the United States government in the 1980s and 1990s. They were originally published by the U.S. Department of Defense Computer Security Center, and then by the National Computer Security Center.

These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria. Many of these standards have influenced, and have been superseded by, the Common Criteria.

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

The books have nicknames based on the color of its cover. For example, the Trusted Computer System Evaluation Criteria was referred to as “The Orange Book.” In the book entitled Applied Cryptography, security expert Bruce Schneier states of NCSC-TG-021 that he “can’t even begin to describe the color of [the] cover” and that some of the books in this series have “hideously colored covers.” He then goes on to describe how to receive a copy of them, saying “Don’t tell them I sent you.”

(Source: http://en.wikipedia.org/wiki/Rainbow_Series)

• Redbook – Trusted Network Interpretation (TNI)
• Time and technological changes lessen the relevancy of the TNI to contemporary networking
• Deals with technical issues outside the scope of the Orange Book with regards to networks
• Redbook interprets the Orange Book

Orange Book – Trusted Computer Security Evaluation Criteria

• A document published by the US Department of Defense which contains criteria used for evaluating the degree of security in a networked system. It characterizes security from D (the minimum) to A1 (very secure). Most OPERATING SYSTEMS and NETWORK OPERATING SYSTEMS are classified at the C2 level. It is also known as the Orange Book and is often abbreviated to TCSEC.

TNI Evaluation Classes

• D – Minimal protection
• C – Discretionary protection
• C1 – Discretionary Security Protection
• C2 – Controlled Access protection
• B – Mandatory
• B1 – Labeled Security
• B2 – Structured
• B3 – Security Domains

Protocols – a standard set of rules that determines how computers communicate with each other across networks despite their differences

Layered architecture – An architecture in which data moves from one defined level of processing to another. Communications protocols are a primary example (i.e the OSI model)

• Shows how communication should take place
• Clarify the general functions of a communication process
• To break down complex networking processes into more manageable sub-layers
• Using industry standard interfaces enables interoperability
• To change the features of one layer without changing the code in every layer
• Easier troubleshooting

Salami Attack – a series of minor computer crimes that are part of a larger crime