Domain: dodccrp.org
Stories and comments across the archive that link to dodccrp.org.
Comments · 8
-
Re:Doubly hard for Databases
I disagree. SSL is only useful for protecting data in transit, where the data is only valuable in transit. Too many companies make the mistake that if data is protected while on the network, the databases don't matter. Then malicious intruders who hack in past the firewall have unfettered access to clear data.
Don't misunderstand me, SSL *IS* a useful part of a secure design, but it's only a part and is in no way a security solution in and of itself.
A more optimal solution is one which encrypts sensitive portions of the database. XML-Encryption and XML-Signature are good examples of how to represent data with sensitive bits encrypted and/or signed. It's the data in the database that's important, not the connections to the database, so it's the data which should be secured at all costs.
Using X509 certificates, data can be encrypted via a session key, which can then in turn be encrypted with the various certificates of people who require access to that data. A private key passphrase is then required to gain access to the private key, which gains access to the session key, which gains access to the data. Further measures can be taken such as key separation, where a certain number of private key fragments (ie the owners of those fragments) are required to recover the private key to gain access to the data.
Furthermore, if the database is encrypted then an intruder can't gain access. I completely agree with the statement that the database is the last line of defense, and should therefore be Done Right(TM).
My work revolves primarily around network security, and even in my own company I've watched divisions of people design applications with the intent of tacking security on later. Encryption is NOT a panacea, digital signatures are NOT a panacea. Intelligent key management infrastructure is difficult to do right, but investing the time and effort up front leads to the ability to easily leverage it and reap its benefits in many different ways down the road. Authentication, authorization, key escrow and recovery, nonrepudiation, and so forth. In addition to key exchange for sending encrypted data.
The people that stand up and shout about the evils of shared encryption keys have a point, shared keys are bad, but key management has evolved to the point where it's becoming useful in the real world. I've written a research paper on the subject (http://www.dodccrp.org/events/2005/10th/CD/papers /081.pdf), in which the concept of secured data is discussed in depth. Anyone interested in discussing it further is welcome to email me (email address is in the paper) or to directly message me through slashdot.
-Rod -
Re:It's Future COMBAT system...
And here's a link with info on NCW.
I read most of the book mentioned in this site. Interesting concepts, even if the book is 3x longer than it needs to be to get the point across. -
All kinds of office
IM is even used in warfare.
A good example of this is the CTF-50 Case Study done by OFT. The types of capabilities they used to increase Mission Effectiveness (i.e. Instant Messenger, Web-logs, basic Portal) would be available directly from Core Information Services.
The study doesn't say which IM protocol/client was used. The value of IM over phone/radio was having a history of what was communicated.
-
Re:Oh brother...
Shock and Awe was the name of a book published in 1996, all about blitzkrieg, rapid dominance, etc., in relation to modern warfare (cruise missles, et al.)
-
Re:Shock and Awe
No actually, Harlan Ullman coined it in his book in 1996: Shock and Awe: Acheiving Rapid Dominance.
http://www.dodccrp.org/shockIndex.html -
Sun Tsu, on Shock and AweThe more I think about it, the more I'm beginning to appreciate that "Shock and Awe" do not mean what the media want them to mean.
In the practical art of war, the best thing of all is to take the enemy's country whole and intact; to shatter and destroy it is not so good. So, too, it is better to recapture an army entire than to destroy it, to capture a regiment, a detachment or a company entire than to destroy them.
Hence to fight and conquer in all your battles is not supreme excellence; supreme excellence consists in breaking the enemy's resistance without fighting."
Sun Tzu, Art of War
And going to the paper that seems to be the source of the Shock and Awe terminology:
Rapid Dominance will strive to achieve a dominance that is so complete and victory is so swift, that an adversary's losses in both manpower and material could be relatively light, and yet the message is so unmistakable that resistance would be seen as futile.
Key words here: adversary's losses in both manpower and material could be relatively light
The paper is a long read, but it's extremely insightful.
The paper describes many ways of inflicting Shock and Awe on an opposing force, and they do not necessarily require the complete and utter (military) devastation of the opposing force.
(Then again, just as I was about to click "Submit", I saw most of the government buildings in Baghdad get the absolute shit blown out of 'em. Consider me shocked and awed either way.
:) -
Shock And Awe
This morning all the news channels are throwing around the term "shock and awe" when they talk about the first missile strike carried out against Iraq. What exactly is that? Well, I did a little researching on the net and I found a site hosting the text of a small book written by Harlan Ullman and James Wade called Shock And Awe: Achieving Rapid Dominance. It appears this was written as kind of a military playbook or "intellectual construct", written back in 1996. At the time of it's writing, this handbook had to undergo testing at something called the MRC (Military Relations Committee?) and the "Quadrennial Defense Review of 1997". Finally it had to be proven against the Operations Other Than War doctrine and training platforms. Now, I'm not certain what these terms mean, but I'm wondering if this manual is the script for the style of tactics we are now seeing Iraq. If so, the timeline suggests to me that as soon as the first military action in Iraq was over, we started planning the next one... Cross-post from my blog at www.kellytadams.com
-
Shock And Awe
This morning all the news channels are throwing around the term "shock and awe" when they talk about the first missile strike carried out against Iraq. What exactly is that? Well, I did a little researching on the net and I found a site hosting the text of a small book written by Harlan Ullman and James Wade called Shock And Awe: Achieving Rapid Dominance. It appears this was written as kind of a military playbook or "intellectual construct", written back in 1996. At the time of it's writing, this handbook had to undergo testing at something called the MRC (Military Relations Committee?) and the "Quadrennial Defense Review of 1997". Finally it had to be proven against the Operations Other Than War doctrine and training platforms. Now, I'm not certain what these terms mean, but I'm wondering if this manual is the script for the style of tactics we are now seeing Iraq. If so, the timeline suggests to me that as soon as the first military action in Iraq was over, we started planning the next one... Cross-post from my blog at www.kellytadams.com