Domain: cert.mil
Stories and comments across the archive that link to cert.mil.
Comments · 6
-
Re:OT: Foreign IP addresses
Try here http://www.iana.org/ipaddress/ip-addresses.htm and here http://www.cert.mil/techtips/whois_by_ipaddr.htm as starting places.
-
Re:It's not about the hardware
Generally good advice.
First, foremost, and always - consult your facilities security officer (FSO), read your SSAA (Site Security A.. A.. ?).
Before you fire anything up or - heaven forefend - put any classified data on.. GET YOUR FSO TO INSPECT AND TEST.
Configuration - ensure that you follow the CERT/NSA (http://www.cert.mil/) configuration guidelines (STIGs, http://iase.disa.mil/stigs/index.html), and employ, to whatever extent possible, the SRR (Security Readiness Review??) scripts.
On a practical level, build your hardware, build your operating systems, harden everything down, validate with STIGs and SRRs, THEN install your applications, loosening security configs as required (WRITE DOWN YOUR VARIANCES), then go back and plug your variances to the extent you can and still have your apps work. Revalidate your STIGs and SRRs, then document remaining variances, check 'em with your FSO, and put 'em in the SSAA binder. Rinse and repeat until your FSO is happy ;)
The extent to which you'll be able to network things together or have fixed hard drives depends on your facility SSAA - generally if you've got a SCIF environment, you'll be able to have a closed LAN (or maybe a SIPR connection), and be allowed to have fixed drive computers. If you don't actually have a full SCIF, then you'll probably have to have removable drives that can be secured overnight.
THINGS THAT ARE RIGHT OUT:
- wireless anything
- dynamic USB devices (esp. storage), though fixed devices (keybd, mouse, certified CAC reader, &c.) are generally OK (don't worry, your config for hardening should take out all the dynamically loadable drivers...)
- MANY SORTS OF PRINTERS - laser printers generally have too long a memory (on the drum) for the security folks - hard drives are right out (unless removed and secured), etc. CONSULT YOUR FSO
- bootable media - never count on being able to boot your secure WS from fixed media - your hardening config should disable this capability (in BIOS)
umm.... talk to other local admins. a lot.
I'm not a certified security officer, but I play one at DISA -
Re:So how do I...
Start by blocking (or treating as spam) all email from addresses with "verizon" in them. Beyond that, try using ARIN http://www.arin.net/ and IP registry lists like this http://www.cert.mil/techtips/whois_by_ipaddr.htm to identify and block IP address ranges registered to Verizon.
-
Re:Saw it Coming, but no one listened
I wonder, I bet I could make buku dinero doing as a DoD IT/IS security consultant. Security is a economically inelastic product... entities will pay $$$$$$$$ for real security, not airport TSA-brand of security.
DOD Cert -
Re:Defense IT jobs.
If they are calling to whine at you... you are probably working in a facility under DISA control. That being the case, why would you turn off a DISA ATM switch without directions from DISA to do so? You being in the military, and being assigned to a facility with DISA equipment, places you under DISA control. Don't say that isn't true, because I know you are supposed to abide by DISA regulations and I'm sure you've had to bust your ass to prepare for those ever so fun DISA inspections
:) But yeah, I think for the military, the WAN side is a bit more important then the LAN side. The LAN side of military networks, is just like any other LAN.. 80% of all trouble tickets are simply resetting a locked account. Anyway, in addition to providing trunks and connectivity, DISA also has several RNOC's which are responsible for routers, servers, and firewalls on the defense network. In addition, as the military networks continue to move towards implementing SAN solutions, who do you think is controlling these? As far as not DISA controlling traffic on the WAN... DISA controls all traffic on the WAN. DISA controls the priority for circuits on the DATM and the IDNX, and will drop non-essential circuits when needed based on their DISA assigned priority. DISA also has the Computer Emergency Response Team for the military. So um.. Yeah. I don't think it's me who doesn't quite know what they are talking about. -
Re:Hmm....
Holy crap! This is serious...
Someone should file an incident report form!
:-)