Bush Wants an Unhackable Private Network

Slur points out an article at the New York Times which says that the "Bush administration is considering the creation of a secure new government communications network separate from the Internet that would be less vulnerable to attack and efforts to disrupt critical federal activities," writing "It seems to me money would be better spent getting the next-generation Internet going, for the government to fund more of the existing research and standards boards to create protocols that are invulnerable to the kinds of attacks the government seems to fear, namely massive DOS attacks. Or is there something else a 'net terrorist' could do to 'disrupt the vital flow of information'?" Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow? Update: 11/19 22:48 GMT by T : This was mentioned before a little while ago when USA Today wrote about the same concept, but apparently a Digital Pearl Harbor is still being flogged.

Great

[baronben]

One more person who says they invented the internet (or in this case, the Neo-Internet)
Do I need to say that the only network that can't be hacked is the network isn't connected to anything? All this will be doing is creating a new challenge for a new generation of hackers and crakers. But then again, it will result in some interesting technological develpments, so I can think of things that could be worse wastes of taxes.

Re:Great

[EvlPenguin]

But then again, it will result in some interesting technological develpments, so I can think of things that could be worse wastes of taxes.

Yeah. Too bad that any interesting technology would probably not be released to the public domain in the name (rather, under the guise) of national security. We can wave the FIA (Freedom of Information Act) in their face, but "our" government seems to have no problem overturning other legislation under the guise of national security; I doubt this will be any different.

Re:Great

[Reikk]

Very good point. Yes, there are much greater wastes of our tax money, like the missile defense system.

Re:Great

[ScottKin]

It's unfortunate that we live in a time where access to information can also foster such scenarios where people fear that some 14-year-old punk is going to steal their VISA & MasterCard info on their computers, thanks to those who think that hacking and cracking is just another form of social recreation.

Here's a better idea:

1) Make it a Federal Crime to hack, crack, break software protections or reverse engineer ANY software, or to be involved in any kind of "hacktivism" activities - and make it a 20-year manditory sentence, with no possibility of parole.

2) Revoke the Domain Names and IP addresses of sites that espouse these activities under current RICO laws.

3) Demand that every OS Developer, from Microsoft to RedHat make their OS absolutely air-tight and unable to be used for such purposes, and fine that company 100% of their revenue from such products and have that money go to humanitarian projects such as feeding and housing the homeless. Of course, this would put an end to the hackers...oops....Open Software initiatives out there, because such protections could be easily circumvented by just modifying the source code. Like I've said many times here before: Open Source OS's belong in academia, and not on Mom & Dad's PC.

4) Enact Federal Legislation in connection with #1 and #3 that would also make it a Federal Crime to be in possesion of software that is either cracked/hacked or is illegally used in such activities. Of course, this would cause software makers for producse such as SoftICE much more liable. Also, this would end the warez-pipeline - which is an adjunct to the activities of most hackers/crackers.

5) Enact Federal Legislation against IP spoofing, unsecured VHOSTS and proxys in connection with #1 through #4, and make such providers of these unsecured systems liable under current RICO statutes, in connection with #2

All of the above are technically feasable and possible through current software technology. Machine-types can be identified while connected to the Internet, activity can be monitored, and evidence collected.

To prevent hacking, cracking, and so on, you must do two things: Make it extremely prohibitive and downright dangerous to hack/crack, and remove the tools or make them also as prohibitive and dangerous.

For myself, I'm a regular emailer to piracy@microsoft.com, and have had a hand (although a small one) in having many hacking/cracking/warez sites shut-down - and I'll continue to fight hacking/cracking/warez as much as I can on a personal level.

And for those that think that the issues I raise here are "Free Speech" or "Protected Speech" issues are sadly mistaken, and if you'd care to prove me wrong, have at it.

Peace,

ScottKin

Re:Great

[matrix29]

1) Make it a Federal Crime to hack, crack, break software protections or reverse engineer ANY software, or to be involved in any kind of "hacktivism" activities - and make it a 20-year manditory sentence, with no possibility of parole.


Isn't John "Best Buddy of Hitler & Satan" Ashcroft trying to get LIFE SENTANCES for hacking?

(Which would make breaking in physically and shooting the information managers a crime with a shorter imprisionment given that outright murder gets an average of 5-7 years these days.)

Re:Great

[HBD]

the wires inside the comp still create an em field that could possibly be read out and altered, thereby hacked..lol..nothing is unhackable, not even nothing.

Re:Great

[fishebulb]

since this wasnt a coward ill reply, what does hacking have to do with warez. Microsoft (or any company) can have a warez site shut down, but they cant do shit for a hacking site.

Re:Great

[molli123]

and some weeks ago they were all talking about abolishing strong cryptography...
Does that make any sense or is the plan to encourage strong government cryptography and to force all other users to transmit unencrypted-
because evereyone out there could be a terrorist ? I dont understand it- do you ? Micha !!!

Re:Great

Hmmmm...no

Re:Great

At least it isn't for the children . A separate network makes sense to me for certain applications. We know how good the government is at handling security concerns (i.e., pathetic). A little isolation can't hurt.

Cyberspace?

[czardonic]

It seems to me that if this Clarke is qualified to advise the President on network matters, his first piece of advice would be "Umm, Mr. President, only lamers use the term 'Cyberspace' these days."

GOVNET analysis from Bruce Schneier

[st.+augustine]

Bruce Schneier has an informative story about this in the November 15 CRYPTO-GRAM, including some of the pros and cons. Basically, he says it would be better than what they have now, but still not all that great (he points out that the government already has several separate, secure internets, for various purposes, and they were still infected by Melissa and LoveLetter). And that this is one of the few cases where security and convenience might really be inversely proportional.

Re:GOVNET analysis from Bruce Schneier

[Philbert+Desenex]

the government already has several separate, secure internets, for various purposes, and they were still infected by Melissa and LoveLetter

Now that's something we didn't see on C|Net.

I worked in the aerospace industry from '86 to '92. Every big defence contractor had one or more classified IP networks. Unfortunately, the security measures imposed were sort of stupid: the ethernet cables of the classified net had to be at least so many feet from a phone line (they were worried that induced voltages from ethernet would allow someone on the phone to "tap" the classified net), keyboards attached to computers attached to the classified net couldn't be traded out to unclassified areas, and had to be elaborately destroyed when they broke. At the same time, you could walk through checkpoints with pockets full of floppies.

It was as if a Korean War Drill Instructor dreamed up ways to actually impede using the classified network, but at the same time allow (possibly) classified information in and out of the building.

Re:GOVNET analysis from Bruce Schneier

(he points out that the government already has several separate, secure internets, for various purposes, and they were still infected by Melissa and LoveLetter)

Wouldn't one of the most obvious requirements for a "secure" network, be that virus-friendly software, which doesn't know the different between programs and data, like MS Outlook would not be allowed?

Re:GOVNET analysis from Bruce Schneier

[alen]

Actually one of the networks is currently being migrated from a Unix OS to Windows NT/2000.

Re:GOVNET analysis from Bruce Schneier

[cruelworld]

RE: Unfortunately, the security measures imposed were sort of stupid: the ethernet cables of the classified net had to be at least so many feet from a phone line (they were worried that induced voltages from ethernet would allow someone on the phone to "tap" the classified net)

This is actually true. You could and do get enough crosstalk that a good sniffer in van could pull packets off your ethernet.

RE: keyboards attached to computers attached to the classified net couldn't be traded out to unclassified areas

Maybe they're worried about trojan hardware? A keyboard gets borrowed out, a small modification is made so that it logs every key pressed and then a week or two later gets "loaned" out again to extract the data.

remember these are people who get payed to be paranoid.

Re:GOVNET analysis from Bruce Schneier

[babbage]

Well yes, but that's not the security model here. The idea is to have a strong perimeter, for the same sorts of reasons you'd use a firewall. Within that perimeter you [generally, not you specifically] can use the same software & hardware that is used out on the public internet, hopefully secure in the belief that any malware from the outside can't get in, and anything sensitive on the inside can't get out. The problem is, you're focusing too much on that perimeter defence, and getting lulled into thinking that the interior doesn't matter. You can't do that. In the case Schneier cites, one or more people took laptops to & from work, getting infected at home and then plugging the computer into the 'secure' network in the office, and whoops now it's past your defences.

Re:GOVNET analysis from Bruce Schneier

It's not likely that they're talking about classified networks. They're probably referring to the spread of Outlook viruses over the unclassified networks of the DoD (collectively known as NIPRNet), which are connected to the Internet through multiple gateways.

Re:GOVNET analysis from Bruce Schneier

Care to quote a source on that? Just a guess, but if your assertion is correct I am guessing that is a decision based on one of two reasons:

they can't find/won't pay for/won't trust competent UNIX administration

their model calls for comprehensive and easy-to-implement auditing (which 2000 is great at)

Re:GOVNET analysis from Bruce Schneier

Did you read the rest of the post? They guarded against the very difficult attacks, but did nothing against the easy ones, e.g. carrying floppies in and out. There is some tiny bit of sense to it, in that it makes things difficult for a remote attacker to directly hack in, while doing nothing for the more effective local ones. Sounds not unlike missile defense, or the proposed secure network.

Re:GOVNET analysis from Bruce Schneier

[alen]

Can't really post a link, but I got out of the army last year and saw it happening before I got out. And I was offered a job in the NY area migrating siprnet from unix to nt. I'm really guessing on the win2000 part but it's probably true.

Re:GOVNET analysis from Bruce Schneier

[Philbert+Desenex]

This is actually true. You could and do get enough crosstalk that a good sniffer in van could pull packets off your ethernet.

You'd have to explain why the building where this classified network resided had offices with glass windows, and terminals ('92 remember?) facing the windows. The "security" people apparently didn't consider someone with a telescope a threat.

Maybe they're worried about trojan hardware? A keyboard gets borrowed out, a small modification is made so that it logs every key pressed and then a week or two later gets "loaned" out again to extract the data.

Let's see... keyboard gets used a maximum of 12 hours a day, and an engineer types 50, 5-letter words a minute. That's 12 x 60 x 50 x 5 = 180,000 bytes of info a day to store in the keyboard. Nope. Even in '92, we had 1.44 Megabyte floppies. It would have been much more efficient to move info via floppy. Security folks being dumb again.

remember these are people who get payed to be paranoid.

You make a correct statement, but "paranoid" doesn't mean "intelligent". It means "a variety of insanity". I'd rather have security people paid to be intelligent, than paid to be insane.

Re:GOVNET analysis from Bruce Schneier

[mpe]

they can't find/won't pay for/won't trust competent UNIX administration

But they'd have just as many problems finding NT/2K/XP admins of a sufficent level of competance.

their model calls for comprehensive and easy-to-implement auditing (which 2000 is great at)

Not exactly what NT (and derviatives) calls "auditing" only covers whatever activities Microsoft thing it should cover on the computers only. Not what goes over the wire. If you want to be able to audit the actual software then you need it to be open source.

Re:GOVNET analysis from Bruce Schneier

[mpe]

I worked in the aerospace industry from '86 to '92. Every big defence contractor had one or more classified IP networks. Unfortunately, the security measures imposed were sort of stupid: the ethernet cables of the classified net had to be at least so many feet from a phone line (they were worried that induced voltages from ethernet would allow someone on the phone to "tap" the classified net)

But were the cables themselves secure, ie armoured?
The senario seems possible but unlikely, telephone cables are intended not to pick up "interference"
as are network cables for that matter

keyboards attached to computers attached to the classified net couldn't be traded out to unclassified areas, and had to be elaborately destroyed when they broke.

Someone appeared concrened about some kind of data recording device in the keyboards. Problem with that is in order to be useful there would need to be a method of getting the data out.
Was this in a room designed as a faraday cage where all the windows are "one way mirrors"?

At the same time, you could walk through checkpoints with pockets full of floppies.


Effectivly you have a tent with a very secure door :)

Re:GOVNET analysis from Bruce Schneier

[Hater's+Leaving,+The]

True. And that's just _accidental_ breaching. What could an inside man do if the network did have a soft centre?

THL.

Re:GOVNET analysis from Bruce Schneier

[monkeydo]

You'd have to explain why the building where this classified network resided had offices with glass windows, and terminals ('92 remember?) facing the windows.

So you were using dumb terminals that had floppy drives?

I'd rather have security people paid to be intelligent, than paid to be insane.

I think the point is that he is willing to believe that at the time the "paranoid" security folks put more thought into it (since it was their job) than you did. If they let you carry floppies out, maybe it was because they knew something that you didn't. Or were you actually succesful at your espionage attempts?

Re:GOVNET analysis from Bruce Schneier

[monkeydo]

If you want to be able to audit the actual software then you need it to be open source.

Just because you can't see the source doesn't mean they can't.

Re:GOVNET analysis from Bruce Schneier

[ek_adam]

Let's see... keyboard gets used a maximum of 12 hours a day, and an engineer types 50, 5-letter words a minute. That's 12 x 60 x 50 x 5 = 180,000 bytes of info a day to store in the keyboard...

On the other hand, something that only records the first few dozen keystrokes after a reboot would be great for stealing passwords.

question

:Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow?

Yup

Re:question

[garcia]

yeah, it was hard to disrupt w/a nuclear explosion taking out half the country yet it isn't hard to take out a good majority of the network now by sending around a DoS attack that spreads.. A nuclear blast was theoretically a localized event (although a limited engagement is something that is debated). A DoS attack (as has been shown) spreads fast and furious due to stupid people not protecting themselves. Lead walls won't protect Lisa this time...

Re:question

[Cato+the+Elder]

Yeah, but we're talking about completely different kinds of disruptions here. The APRAnet was designed to resist machine failure at critical hubs, caused, for instance by them being blown the hell up.

It was NOT designed to be secure to attack from the inside--and with the global Internet, everybody is inside now.

Re:question

[Alien54]

Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow?

But somehow that all went to hell when it got commercialized. How many people here remember the splash made by that first infamous piece of broadcast spam from that lawyer in Arizona?(or was it California?) Or the September that never ended with the advent of Internet access via AOL.

As soon as all these commercial interests got into it, wham. And this is the information superhighway invented by algore. The bloody mess of spam and commercial jerks. Not Darpa

Re:question

[rhekman]

In some way, creating a new private network is an admission that the government "failed" in its original sponsoring and development of the internet.

Well, it has failed. Despite expectations the internet has failed to provide a secure and reliable channel for commerce and communication. Worms clog servers and rampage about on subnets. Viruses compromise user information. Crackers harvest credit card numbers.

But solutions to these problems are being sought in the wrong places. There are those at the highest levels that would duplicate the core of the 'net. However, replacing the wires doesn't make the applications of this network any more secure. Additionally, separating the network is detrimental to its utility. Having a unique government network, especially in the control of those that are paranoid about information sharing harms the potential for finding new and innovative applications.

This attitude by administrators to fear insecurity in the network betrays a more fundamental trepidation. This fear is shared by those that make money with the network as well. This is the fear that the core of the network is too dumb. There is a vested interest by network operators to provide the best quality of service. They see a way to provide superior quality of service by making the network itself more intelligent. And by intelligent, they want to discriminate between high priority traffic and lower or invalid ones.

Making the network intelligent is a fundamentally flawed strategy. The true innovation of the internet lies in the common carrier aspect of the network and the intelligence of its endpoints. Discriminating between traffic on the internet administers policy where it doesn't belong. Dropping packets that the carrier feels is less important ignores the possibility that new and different packets could appear that make the network more valuable.

In the end, making a new network is the ultimate type of service discrimination. It's presuming the purpose of an all purpose network. You might as well put AT&T back in charge of all aspects of the phone network.

So how do we fix things? The original revolutionary paradigm of the internet, as I have alluded, is that the network's intelligence is at its edges. The way we fix it is making these edges even more intelligent. We should utilize updated protocols for communication and routing to make better decisions about what to do with packets when they reach their destinations. We need to write better software for network communications. We need to develop more automatic and adaptive strategies for dealing with network stress. And for specific solutions, VPN's, public fool-proof encryption, and more advanced trust-relationship management should be used to make the internet a truly universal and revolutionary communication medium.

Regards,
Reid

Re:question

[odaiwai]

"The internet was designed so that, in times of nuclear war, the United States Military would have free and east access to pornography."

dave

Well,...

[easter1916]

"It seems to me money would be better spent getting the next-generation Internet going, for the government to fund more of the existing research and standards boards to create protocols that are invulnerable to the kinds of attacks the government seems to fear, namely massive DOS attacks. Or is there something else a 'net terrorist' could do to 'disrupt the vital flow of information'?"

For the same reason that the War on Terrorism has involved very little "hard" contribution from allies (not that they didn't want to contribute) a go-it-alone approach is more likely to accomplish this quickly. Yes, I am trolling.

...

[BrianGa]

How long will that 'unhackability' last...?

Isn't this a repeat?

[Krimsen]

Wasn't this covered back in Sept?

Re:Isn't this a repeat?

Yes it is.

Slashdot repeats stories to pay lip service to linux/apache when they are really using Windows 2000/IIS.

It is also to increase banner-clicks and email address harvesting to sell to marketers.

Security through obscurity.

[nick_burns]

Of course, if the whole network is obscured. A logical temporary solution to higher security is to give less people access to the network. If you want to keep your money safe, put your safe in your house, don't leave the safe outside where anyone walking by can attempt the combination.

Re:Security through obscurity.

[mr100percent]

Until someone from "The Phone company" puts a tap on the connection in the building, snooping everything going through the line.

I hope we don't make the same mistake the Russians did. Ever hear of Operation Ivy Bells? An underground cable from Murmansk to Vladvistok. All the conversations were unencrypted. The US sent a sub to snoop the line, and glean lots of information.

Already exist

[firewort]

Bush may not know it, but these already exist in the form of SIPRNET, and INTELNET.

SIPRNET

SECRET INTERNET PROTOCOL ROUTER NETWORK

SIPRNET will replace the DSNET-1 during the migration to DISN. It operates at the SECRET Collateral level and can interface with the TROJAN network. It provides higher and selectable data rates at a much lower O&M recurring cost. Inter-site data rates are 512 Kbps and in some cases T-1. Users can connect to the network at selectable data rates that meet the need.

INTELNET

NAVAL INTELLIGENCE COMMUNICATIONS SYSTEM

The NICS is designed to consolidate Naval Intelligence communications systems. The system has three parts. INTELCAST plan calls for each FOCIC or Facility to consolidate up to 12 different message traffic circuits, including OPINTEL, MUSIC, FIST, and DODIIS through INTELDATA extended in an SCI LAN Extension and Stand Alone capability configuration. The SCI LAN encompasses a full suite of SOCRATES equipment, including workstations, secondary imagery dissemination systems, and a mapping and graphics capability. The Stand Alone capability provides a workstation with tailored data bases specific to unit operational orientation. Stand Alone capabilities are being provided to Guard and Reserve units as well as to certain active, lower-echelon units.

NIPRNET

UNIFORM INTERNET PROTOCOL ROUTER NETWORK

The NIPRNET is the consolidation of several service/agencies networks (AFNET, NAVNET, MILNET) with common protocols and standards. It is a product of the DISN near Term Program, which sought a reduction in cost of operation through interoperability and standardization. Connectivity over high-speed trunking is supported by the NIPRNET. It operates at the unclassified level, while the SIPRNET supports classified networks in a similar manner.

Re:Already exist

[junkgrep]

Maybe Bush is just looking to the next election here: he just wants to be able to claim that he created an internet too!

Re:Already exist

[kin_korn_karn]

and can interface with the TROJAN network.

It's definitely much safer to input and output if you're interfacing with TROJAN :)

Re:Already exist

[ConsumedByTV]

Works well right?
Until part of it goes down again like it did last month (sept) and you have to use secure faxing right?

Re:Already exist

[DaoudaW]

From MARKING CLASSIFIED EMAIL MESSAGES ON SIPRNET

(Original all caps, lameness filter encountered)
Until an automated solution has been evaluated and approved for use in the USMC, classification markings will be done MANUALLY.

"Um Sarge, when can I clean all these ink stamps off my monitor"

Re:Already exist

[Ziviyr]

It's definitely much safer to input and output if you're interfacing with TROJAN :)

Queue the horse.

Re:Already exist

by ConsumedByTV on 06:56 PM November 19th, 2001 ... like it did last month (sept)

Dude - stop watching so much fscking t.v. - you are a whole month off. Sheesh!

Re:Already exist

[tcc]

>Bush may not know it, but these already exist in the form of SIPRNET, and INTELNET.
>SIPRNET
>SECRET INTERNET PROTOCOL ROUTER NETWORK

Ok It's a secret, Shhhhh! only you and 2,000,000 more readers now knows about it :)

Re:Already exist

[chriscrick]

Don't forget JDISS/JWICS (Joint Deployable Intelligence Support System / Joint Worldwide Intelligence Communication System), which is basically the Top Secret/Sensitive Compartmented version of SIPRNET, with some imagery transfer, battlespace management and videoconferencing software on top.

Using a parallel internet like this for highly classified work really changed the whole nature of the intelligence world -- it became a lot easier to do analysis, because the information produced by different sources and agencies was all on line and available, but it completely destroyed the idea of "need to know". Every intel tidbit within your clearance level is now accessible by your browser, which is a potential security nightmare on its own.

Chris

Re:Already exist

[karb]

Think bush wants another separate internet for _unclassified_ government stuff. That doesn't exist yet.

Classified

[Chagatai]

I guess this means that Bush is putting his top secret two-coffee-cans-and-a-piece-of-twine technology to the side for now.

--Chag

Re:Classified

[czardonic]

That was so funny I forgot to flame you for trying to be funny.

Re:Classified

[jon+doh!]

don't you mean his cone of silence?

(how many other people think he resembles maxwell smart a little?)

Already exists for the DOD

[SirWhoopass]

The military and intelligence services already have a network like this.

SIPRNET

In the beginning

[Dirk+Pitt]

It seems to me money would be better spent getting the next-generation Internet going

It seems to me this would evolve just the way the Internet did before; it would at first be used just by government agencies, next given to the large defense contractors, eventually adopted by the research universities, and then swallowed whole by Joe Public. This, IMHO, is the best way to get the next-gen Internet.

Re:In the beginning

[gilroy]

Blockquoth the poster:

It seems to me this would evolve just the way the Internet did before; it would at first be used just by government agencies, next given to the large defense contractors, eventually adopted by the research universities, and then swallowed whole by Joe Public. This, IMHO, is the best way to get the next-gen Internet.

This might well be the evolution of this new network, but it is not how the current Internet evolved. The Internet, as ARPAnet, was explicitly for the research universities from the get-go. The first nodes on were universities; the first "commercial" node was BBN, the consulting firm charged with building the net.

The government, in fact, was in general quite reluctant to get into something that was perceived, at best, as a convenience for computer researchers.

Grow up, Georgie

[babbage]

"Bush Wants an Unhackable Private Network"

And I want Bambi's father to come back, but it ain't gonna happen. Sorry to disappoint you with this Real World stuff, Dubyuh, but there's no such thing....

Re:Grow up, Georgie

[Xerithane]

Feel free to hack into my home network. It's IP range is 192.168.0.1 - 192.168.0.13.

Running drywire or some other method of lines as long as they are physically seperated from the rest of the internet (think of the way the bank systems do this via verifone boxes) does make it unhackable and private

Of course, it relies upon physical security and not so much bit-based security. Before flaming our president understand it is a real concept. And I'm sure he has quite a few people that know a lot more than you do on the matter; never try to know everything just know people who do.
Note, he didn't say an "internet based private unhackable network" but a private network. My guess in the private IP range. Considering all the secure channels (via satellite, or some other method of communication) I'm sure that this can easily be achieved. Granted all that, I do think it's a stupid idea... but realistic none-the-less.

Re:Grow up, Georgie

[dougmc]

Feel free to hack into my home network. It's IP range is 192.168.0.1 - 192.168.0.13.

Already done. My login and password are so ubitquious that they work on these systems as well!

Alas, they don't seem to have any mp3s or warez that I don't already have. Bummer.

Re:Grow up, Georgie

"Bush Wants an Unhackable Private Network"

There is a difference between want and expect. There is no harm in attempting such security. You are right, there probably isn't such a thing as an unhackable network, that doesn't mean your president doesn't want to attempt such a thing.

Hell, every network I put together, I want it to be unhackable and I try to make security the priority. If enough effort were put into this, who knows??

Of course if it were a democratic president such as Gore, you /.'ers would praise the "inventor of the internet" for being so tech savvy... Come now, admit it...

Re:Grow up, Georgie

[4of12]

Oughta be modded up +2 for Funny.

Moderators asleep again...

Re:Grow up, Georgie

[Xerithane]

Yeah, and my girlfriend made me delete my pr0n..

Re:Grow up, Georgie

[Cally]

Feel free to hack into my home network. It's IP range is 192.168.0.1 - 192.168.0.13.

How wonderful, someone who still thinks NAT equals security!

I'm not going to spell it out to you, but I suggest you:

1. tighten up your firewall rules immediately. (You ARE running
a firewall, aren't you?)and

2. Start checking your IDS logs closely for the next few days.
(You ARE running an IDS, aren't you?)

OK, if you want further hints for your googling: firstly, look for `arp poisoning Dug Song MitM'. Then search the Bugtraq, and perhaps the sec-focus Pen-testing list archives, for info about how to own the OS/platform you're NATing with (ie if you're NATing thru Linux, I mean the Linux box.) Remember to check for known vulnerabilities in the services that show up when you nmap your external interface. Yeah, of course you're completely up to date with all current patches, but I bet that there was a window of vulnerability before you applied each one...

In general, boasting on Slashdot about how secure one's network is, is a BAD idea.

Re:Grow up, Georgie

[babbage]

I understand that it is a real bad concept. (Kinda like missile defence, but that's a whole other flame war... :). Go read the Bruce Schneier article that was mentioned elsewhere in this discussion, then reconsider your position. The value of a network rises as the number of nodes rises, and as a corrollary falls as the number of nodes falls. Thus for this private government [contradiction in terms?] network to have value, it will have to be big enough to be of value. But as the size of the network increases, the difficulty of defending it also increases. And the difficulty of having a sizable network that really is completely physically separate from the public internet will be considerable.

Think about it: every employee could end up needing two separate computers on their desk, one for the local network and one for the government one. That employee would have to be vigilant about not ever transferring files from one to the other, either by wire, wireless, or disc. If the employee needs to transfer an email, it'll have to be a hard copy or a retype. If any personnel have laptops, they can't be brought out onto the internet, and laptops from home can't be plugged into the network. For that matter, pretty much any kind of wireless networking is out since none of it can be trusted not to accidentally send or receive anything that wasn't supposed to be sent or received.

The chief problem here is that it places a ridiculous emphasis on perimiter defence without paying any attention to internal defences. Kinda like missile defence. Kinda like a bad firewall product. Kinda like the Maginot Line. These kinds of systems are difficult to set up in the first place, difficult to maintain across any span of time, and once a chink in the armor is found you tend to have a complete collapse in defences, because you've placed all your resources into this one point of failure.

Again, read the Schneier article, and the points about viruses running rampant through military networks because some idiot plugged his laptop into both the public & private networks. If this proposed network is to be useful, again, it will have to be big -- because the utility of a network generally rises as the square of its node count -- but chances are the difficulty of defending it will rise at about the same rate. That's untenable in the long term.

You're right that I'm no expert, and maybe the people advising the moron in the white house are smarter than I am. Certainly they were pretty clever to get that Orwellian Patriot Act passed without anyone noticing in time. But my hunch is that if we want to have some sort of secure networking capabilities, the way to do it is not "vertically" by cutting off parts of the 'net & placing them behind a Maginot line, but "horizontally", with secure protocols, encryption, and the like. I'm not well versed enough to express this more coherently, but it seems to me that protocols like ssh are reasonably secure while being able to leverage the high utility of a large network, whereas this kind of isolated subnet can't guarantee any greater level of security and yet it loses out on that large network usefulness.

Re:Grow up, Georgie

Find a girlfriend that enjoys watching porn with you then.

They do exist, and you don't have to put up with your current one's shit any more.

Re:Grow up, Georgie

Wow, this is the 4th anti-bush post I've seen from you. You're about as bad as the Uninted State's leftist media.

Re:Grow up, Georgie

Hmm, maybe I am wrong. But I thought Bambi's mother died and his father led him to safty in a fire clearing. Then left...

Re:Grow up, Georgie

[batkiwi]

His point is saying it's a network NOT ATTACHED TO THE INTERNET.

He's not saying "oh look I have a firewall/NAT/etc and I'm secure."

He's saying "I have 4 computers hooked together by a hub and not connected to anything else, lets see you hack it".

Re:Grow up, Georgie

or find one likes to make porn! They do exist!

Re:Grow up, Georgie

Now I don't know if this was a troll or I didn't understand your point.
I'll explain you just in case, the 192.168.x.x IP addresses are reserved for local networks, they are not Internet addresses.
Do try to hack into 192.168.0.1 and you'll be hacking into your OWN network, not in that guy's one.

Re:Grow up, Georgie

[babbage]

And I'm saying, and Bruce Schneier is saying, for that matter George Bush is saying that we're not talking about four computers and a hub. We're talking about a relatively large network of computers, pretty much all of which are likely to have floppy drives, network cards, modems, and various connector ports. You might be able to guarantee that the hardware is minimally secure -- take out the modem, ban use of the floppy drive, etc -- but I can absolutely guarantee that you can't get the users to be 100% vigilant about never transferring data to & from the open public internet, and that only has to happen once to violate the integrity of this so called isolated network. Your reduction to absurdity is, as advertised, absurd.

Re:Grow up, Georgie

[alen]

If you can hack into a separate physical network than the general internet good luck. And there is hardware encryption encrypted with more hardware encryption much stronger than the measly 128 bit that us civilians use. If I remember correctly someone told me it was something like 1024 bit at the lowest level.

Re:Grow up, Georgie

[babbage]

I just can't parse the beginning of your second sentence. There is ...what, exactly? Hardware encryption with more hardware encryption? I don't know what that's supposed to mean...

Anyway, if you see a very tall fence that goes part of the way around the building, do you try to go over the fence, or do you try the gate? Hacking into this network from home may well be an exercise in futility, but that isn't to say that it'll be safe from malicious or incompetent insiders.

And key length really doesn't mean very much. A long key with a bad encoding algorithm is no better than a short key with a good algorithm, or put another way, if that 1024 key chain runs an algorithm that can only generate 32 bits of entropy, then you might as well just use a 32 bit key. Furthermore, keys of the same length aren't necessarily of equal quality. A clever algorithm might be able to get more use out of say 40 bits than a less clever algorithm does in 64, but then that's just the earlier idea expressed in reverse.

In any event, the main point is that key length looks good in marketing literature, but the best way to know for sure is to have a cryptographically established algorithm, and the more open that algorithm is the better you can trust that it's actually secure. Don't be impressed just because someone told you an algoritm can spit out lots of bits, since anyone can do that:

for (1..10000) { print $_; }

Hey look at that I just came up with a ten thousand key algorithm, I'm smarter than the NSA! Yeah right... :)

Re:Grow up, Georgie

Read RFC1918 dude. And no, you're thinking 127.0.0.1.

Re:Grow up, Georgie

[alen]

The military has been sendding encryption keys over the radio waves for years. Naturally it has found a way to encrypt them. As far as my post here is what someone told me before an exercise I helped set up. The intel people's data is classified top secret and is encoded with the appropriate encryption. General classified data is secret and isn't encrypted as well as top secret data. At another point these two streams are combined with plain text data and then encrypted again. The opposite happens at the other end. Here is some info on the web: KIV-7

KG-84

Secure telephones

The NSA has some really smart people to rip this stuff apart and certify it to be secure before it goes into production. These products are usually designed to a higher standard than software programmed by people in their spare time or microsoft.

Re:Grow up, Georgie

[SpinyNorman]

Alas, they don't seem to have any mp3s or warez that I don't already have. Bummer.

Yeah, but much worse, the nudie pictures of the guy's girlfriend suck!

Re:Grow up, Georgie

[babbage]

Long key length doesn't mean hard to break. Overly complex encryption schemes doesn't mean hard to break. I'm sure these people are very smart, and I wouldn't pretend to have a clue how to break them myself, but the fact is that it's silly to say that any encryption strategy is strong just because it's impressively arcane. The fact is that for regular personal & commercial use, ciphers of as little as 128 bits are perfectly safe and will remain so for a good while -- distributed cracking efforts don't really invalidate them as much as they prove how difficult they are to break, and they have proven that they are in fact comfortably difficult to break. I'm sure the NSA wants a higher level of comfort, and I'm sure they have a lot of smart people that spend all their time trying to do even better, but I'm also sure that anything that is cryptographically secret or proprietary is also cryptographically unproven. That might be okay -- the NSA might not be too worried about formal academic proofs for all I know -- but in the absence of better knowledge and analysis, it's really impossible to comment on the quality of what they're using.

Re:Grow up, Georgie

And I want to resurrect Aeris! Still not gonna happen, though.

Re:Grow up, Georgie

Huh? What'd be the point of doing NAT to private address space? ... kinda defeats the purpose!

Re:Grow up, Georgie

[Pig+Hogger]

Think about it: every employee could end up needing two separate computers on their desk, one for the local network and one for the government one. That employee would have to be vigilant about not ever transferring files from one to the other, either by wire, wireless, or disc. If the employee needs to transfer an email, it'll have to be a hard copy or a retype. If any personnel have laptops, they can't be brought out onto the internet, and laptops from home can't be plugged into the network. For that matter, pretty much any kind of wireless networking is out since none of it can be trusted not to accidentally send or receive anything that wasn't supposed to be sent or received.

Not really. You simply use an encrypted VPN between the Internet/Dubyanet interface and the workstation.

Security could be implemented, say, with a one-time pad that is keyed to the workstation actual address (so if the key is stolen, it can't be used elsewhere to spy on the conversations).

Re:Grow up, Georgie

Here's the NSA's backdoor.

Re:Grow up, Georgie

[Moonshadow]

In general, boasting on Slashdot about how secure one's network is, is a BAD idea.

...unless, of course, your network's IP address happens to be this. Bring it on.

Re:Grow up, Georgie

Whoever wrote:

Feel free to hack into my home network. It's IP range is 192.168.0.1 - 192.168.0.13.

Is a 101% complete MORON! LMFAO. Especially if it's Linux, his 'internal' network is just as easy to get into from the inet, as would be his external one on his Luser (Linux User) box.

Hell, he probly not even stopping source routing, spoofing, ip options, etc..

boy oh boy, these Linux kids are just morons.

Even if you ran OpenBSD, still doesn't mean your internal network is then secure, unless you have some nice tight ipf/pf rule sets.

Re:Grow up, Georgie

Makes abolsoutly no sense. That's like saying 'I'm secure, you can't hack me' and I run *BSD/Linux/Windows or whatever.

ps: oh btw, I unplugged my computer from the wall and turned off all the power in the building too.

Re:Grow up, Georgie

[Xerithane]

How wonderful, someone who still thinks NAT equals security!

I'm not going to spell it out to you, but I suggest you:

1. tighten up your firewall rules immediately. (You ARE running
a firewall, aren't you?)and
...

What firewall. That was my point. I have one network that I use for development, that is not public. I also have a firewall setup that runs a network via 802.11b and one ethernet connected box that is for checking mail, playing starcraft and such. Rarely, and only with my laptop, do the networks ever talk to each other.

Boasting on slashdot about a network that is not connected to any other network outside of the room each computer resides in, doesn't matter.

Re:Grow up, Georgie

[Xerithane]

I have actually worked in a 500+ employee company that had two seperate networks, a private and public network. The reasoning was simple: they needed absolute security from the outside.

It was inconvenient, in every department they had a whole lot of computers that could talk to each other and usually one computer that could talk with the outside world. But, it worked. Mail was handled in a way that the outside mail server did bulk transfers between two servers (one inside, one outside) which I felt was absolutely ridiculous. Their internal security was a joke, but their external security was quite well. It worked, but was inconvenient.

Re:Grow up, Georgie

[Cally]

If you're not connected to the internet, how do you post to Slashdot? Mind control?

Re:Grow up, Georgie

[Xerithane]

Work. You think I actually spend 8 hours a day coding? Gotta take a break. Also, the entire structure of my network consists of two networks, one private and one public. The public is done via 802.11 with the exception of one box. I have one computer that shares the link occasionally, but not often. This will change when I finally get my DSL I ordered 4 months ago, but my point still stands. Private networks can be achieved over distance without having a wired connection to the outside world. Short of internal security (which doesn't matter if it's wired to the internet or not) it's not vulnerable to outside attacks.

So do I...

I want a secure private network too. But those damn script kiddies just won't leave me alone.

Sign Says "Hack Here"

Wouldn't creating a wholly separate network for restricted traffic be a bit counterproductive?

I mean and spy/hacker who found a physical location to hack into it (i.e. tapping into a line on a phone pole or at a phone company switch) would find *everything* on that network to be of interest. In essence they would have hit the jackpot for illicit information. We're kind enough to organise it away for them.

True it would probably prevent 15 year old script kiddies from casually hacking in at home, but it would make any break into that 'other' network all the more catostrophic prospect.

Re:Sign Says "Hack Here"

[sokoban]

These aren't like networks you have probably ever seen though. The current government "secure networks" aren't VPN's or anything. They run on their own lines between very secure (heavily guarded, extremely redundant security) data centers (ie. DMS has 2 in europe, 2 in the pacific, and like 10 in the USA). The traffic between data centers is encrypted with proprietary DoD software. From data centers to the end user, data is encrypted (once again, with proprietary software) and is read using an off the shelf e-mail client. So, for your lucky spy/hacker to really hack the network, he/she would have to hack either the Encryption for which he or she will never be able to find the algorithm, or just hack the computer of one user. Even then though, the hacker would only have one side of the communications and most of it would probably be of little interest as the DoD uses a 7-12x random overwriting scheme to destroy sensitive computer data. Intercepting transmissions between the user and the data center might be interesting, but still this is a Departement of Defense Computer. I think they keep pretty thorough logs and any exploit would be quickly terminated.

Re:Sign Says "Hack Here"

[Slipped_Disk]

I can't resist:

>The traffic between data centers is encrypted with
>proprietary DoD software.

mail president@securenet.gov -s "SuperSecret Stuff" `rot13 secrets`

:)

Re:Sign Says "Hack Here"

[eudas]

yeah, well, that's the idea...

put all your eggs in one basket... and then WATCH THAT BASKET!!!

eudas

Okay Script Kiddies...

[thryllkill]

Time to dig out your War Dialers, there are bound to be dial ups on this thing. What's a War Dialer you ask? /me shakes head. Kids these days...

Re:Okay Script Kiddies...

[_J_]

It seems that there would have to be some outer linkage and any outer linkage would be a target for hacking.

Security would probably be laxer on the secured network since intruders would be a rarity. Compared to the rapid pace of cracking on the net, anyway.

Intruders would come forarmed with battle experience from the wide, wild net.

When someone finally broke in (it would be inevitable) The government systems and all its secrets would be at the cracker's feet.

Mind you, any unauthorized use of cracking tools (such as war dialers) will soon be considered acts of terrorism. That will soon get you arrested in secret, tried in secret by a military tribunal, convicted on hearsay evidence, and executed. No Appeal.

but maybe I'm being pessimistic.:)

IMHO, as per

J:)

Re:Okay Script Kiddies...

Heh, that reminds me of one of my favorite days of hacking.

We intercepted the wire (many of them atleast) to one of the local tele-marketing depots (you know, they have a basement full of fat middle aged women, bathed in red light, and neve allowed to leave, DON'T YOU???)

We were pretty discrete about it, although some times we would break in on the sales pitch and either harass them (both parties), pretend to be a maintance person who accidentally tapped the line, or just put lots of static on the line. I tell you, we got lots of grea t credit card and personaly information (enough to make our computer habits happy). During the off hours (like midnight +) we would use the line to break into big UNIX systems.

We eventually were discovered by the telco (what a bunch of morons), our leads were cut, and we pretty much never returned to, to avoid BigBro.

What a blast those days were. Nothing like a bunch of kids with alligator clips in hand..

Re:Okay Script Kiddies...

[thryllkill]

(you know, they have a basement full of fat middle aged women, bathed in red light, and neve allowed to leave, DON'T YOU???) not true I used to work at one. (Quality Control (at a telemarketing firm, yes I am not being silly), not a sales person. But the system we worked on was a bong load of dumb terminals running into these massive dialers which ran HP-UX. We only had menu driven shells to work with, no #!sh tricks or anything. But when I ganked the admin manual and reset my terminal's terminal emulation it caused the screen to speak "chinese" (just a mess of garbled crap) it really confued the managers there. Lucky for me they had absolutly no tech support there and had to just mark that station "out of order" until they brought the system down on Sunday and it reset.

Re:Okay Script Kiddies...

A War Dialer alone wouldn't do you much good. The dialups are encrypted. You would have to break the encryption...

toys for christmas?

[stumblebum]

Do you think maybe George and Barbara didn't get li'l George what he wanted for christmas as a tot?
I wanna missile defence system, I want the bestest internet for me and my govt buddies, I want Osama's head on a plate. They should just sit him down in front constant toy commercials, at least then his requests might be possible, unless someone forgets to preorder that shiny he xbox

Re:toys for christmas?

Nice try...He will get missile defense and he will get Osama...

When you learn to follow current events, try again.

Doesn't such a thing already exist?

[Daniel+Wood]

Hasent the US Gov't/Military been using a provate network for years? Like the military would trust the ever uncertain internet for life or death communications.

SIPRNET?

You mean like SIPRNET?

The public Net IS vital

[Cally]

the kinds of attacks the government seems to fear, namely massive DOS attacks. Or is there something else a 'net terrorist' could do to 'disrupt the vital flow of information'?

The problem is that much of the 'vital information' in today's society flows over the public internet - by definition. Sure, take military command and control comms out of band - that makes perfect sense anyway, which is probably why there are several separate, highly secure military and governmental IP internetworks that are supposed to be completely separate from the public Net. (Although, as Bruce Schnier points out in the latest Cryptogram, ILoveYou made it onto the 'secure' network within 48 hours...

Re:The public Net IS vital

[andymac]

The fact that these viruses got into these "private & secure" networks has more to do with uneducated users than with the network itself (hardware/software/config/etc.). Maybe Dubya should spend the money on making the goverment employees more tech-savvy. I'll take that contract, thanks.

And he can start with himself ;-).

Re:The public Net IS vital

[Col.+Panic]

Well, I agree to the extent that users who launch .vbs attachments should be taken out back and shot at once but G-dubya has his hands full just now -- let's pick up the slack for 'im, eh? ;)

There are Always Inside Jobs

[Ieshan]

What he's asking for is like asking for poison-free food. Sure, the ovens can be locked and the food can be tested over and over, but the cook is still there.

The only concievable way to do this is to either:

a) Eliminate Government Data Access to All But the Highest Officials (which still poses the same problem, in theory) or
b) Eliminate the network altogether.

Bush is asking for something that isn't possible because social engineering and the "inside job" is the oldest way to hack any system of anything. Hacking didn't start with computers, bank vaults, locks, jewelry stashes... they were all done in the past with inside work.

It's impossible because of human error and human presence.

Re:There are Always Inside Jobs

[gwernol]

Of course you are right, but you're missing the point somewhat. Of course no useful system can be totally secure. However just because the system isn't perfectly secure doesn't mean we shouldn't have any security measures in place. The fewer points of vulnerability, the easier it is to control and monitor those parts of the system that you can't secure technically.

What Bush wants is not "poison-free food" but to make sure that the more egregious security problems of the Internet are solved. To extend your metaphor: if the ovens are unlocked, the food is never tested and the staff can't be trusted you're pretty much guaranteed a less-than-poison-free Thanksgiving feast.

Re:There are Always Inside Jobs

[Detritus]

That's why there are such things as security clearances, background checks, access lists, security officers, etc.

No system is perfect. That doesn't mean that it isn't worth it to build a secure network. A security officer once told me that any system could be cracked, it was just a question of time and resources. The art of security is to make the cost of breaking into the system higher than the value of the information being protected. He said that the government had tested all of our locks and safes, and knew how long it would take an expert to crack them. They didn't have to be perfect, just good enough to stall an attacker for a specified amount of time.

Re:There are Always Inside Jobs

[Dr.+A.+van+Code]

Limit access to the highest officials? Think about that for a second. Now, do you think that would improve security, or degrade security?

If the concern is DDoS attacks, a more general solution is needed anyway for the business world. If the concern is privacy, a VPN over the public Internet, using top-flight encryption, is probably both cheaper and better than a private network. And if the danger is social engineering then the only solution is to get brighter users, a problem that remains unsolved so far.

Re:There are Always Inside Jobs

[zeno_2]

Yea, it seems to me if someone really wanted some information that would be on that network, they could possibly be willing to pay millions of dollars for something.. more then enough to turn a straight and narrow military worker into a spy of sorts for the other side..

Maybe im reading too many Robert Ludlam books =)

Re:There are Always Inside Jobs

[simon_cockle]

You forgot;

c) Eliminate Government Data
d) Eliminate the Government
e) Eliminate EVERYONE

I think that's a great idea.

[Ruis]

They will probably start from the ground up. They probably will create a lot new technology on the way which will in turn be useful for us. Just like the space program.

Gov't is the only valued target?

[dilvish_the_damned]

It seems to me that it would be foolish to think that a country that is heavily dependant on the Internet, could not be brought to its knees by attacking the commerce bearing infrastructure. This smacks a little less like 'Fortress USA' and more like 'Fortress US Gov't'.
I guess it just seems like a short sighted approach. Its not even a quick fix, just a narrow view.

Big Scary Financial Institutions

[Jeremiah]

It would seem that a non-military network already exists that meets these criteria, in the form of the Fed's inter-office communications.

Maybe this is highly specialized, and maybe I'm naive as to its relative security merits, but it would seem that a network that handles so many high-level banking transactions would have to be fairly private, secure, and robust.

- jlph

*blinks*

[DarkKnightRadick]

This all exists. This all has already been said and done. Then WHY does Mr. Bush, the only man with access to every bit of information this country has to offer, think that he has to develop a "new" internet. Obviously a new 'net already exists, all it needs to do is expand and be standardized. *shakes head* Sometimes I am actually ashamed to be a citizen of the USA, but only sometimes.

Unhackable?

The odds of creating a totally unhackable network are about as good as winning the "war on terrorism".

Both are impossible.

Mae West/East

[lrc]

I've been wondering just how susceptible Mae West and it's ilk are to terrorist attacks.

It seems to me that it wouldn't take a whole lot of bang to bring the internet to it's knees.

Funny how it was originally designed to be immune to this sort of stuff.

Re:Mae West/East

[Arandir]

If it were just Mae West going down we could manage. That's how the internet was designed. We'll have some inconveniences and crap, but the internet will still operate just fine.

The problem are all of the servers that are colocated there. Stupid stupid stupid.

Re:Mae West/East

If it were just Mae West going down we could manage.

What if MAE-WEST were not taken down, but merely all of the routing tables were screwed up? Could we manage that?

Re:Mae West/East

This talk of Mae West going down is strangely titillating. Which episode of Gunsmoke was that in?

Re:Mae West/East

[Arandir]

I believe that it wouldn't be a "big" problem, as everything would eventually route around it. Things like this have happened before to tiny nodes, and there's no reason to think that major nodes would be different. That's why I think the major problem with a Mae West outage (of any cause) would be with all the colocated servers.

Re:Mae West/East

[onion2k]

Yeah, take out a US telco and the entire net falls down.. coz the entire net is American after all.

While he's at it...

[Bake]

Why doesn't he demand an eternal-machine and cold fusion as well? Oh, and don't forget world-peace.

Frankly I think he'll have better luck attaining those three than an unhackable network.

Re:While he's at it...

[Penguinoflight]

Cold-fusion? possible, theoretically. Eternal-Machine, no. Humans will never live forever physically. World-Peace, yes*

We all know that a "unhackabe" network is virtually impossible, but, it could be theoretically possible.

"And as it is appointed unto man ONCE to die, and after this the judgment:" - Hebrews 9:27

"And ye shall hear of wars and rumours of wars: see that ye be not troubled: for all these things must come to pass, but the end is not yet." - Matthew 24:6

"And when ye shall hear of wars and rumours of wars, be ye not troubled: for such things must needs be; but the end shall not be yet." - Mark 13:7

"But when ye shall hear of wars and commotions, be not terrified: for these things must first come to pass; but the end is not by and by." - Luke 21:9

*The only time world-peace will be had, is during the 1000 year reign of Jesus Christ.

Bush Administration Wants to Stop Information Flow

[mr_don't]

Of course, what the Bush Administration Considers as information flow is questionable. The Bush Administration supports the WTO TRIPS agreement, as well as the authority of the WIPO. Unfortunately, when developing countries are in need of affordable pharmecuticals, Bush will advocate that compulsory patents are not issued, yet when an Anthrax scare hits the US, Bush will be a hypocrite and issue compulsory patents to aquire cheap Ciprofloxin!

The Bush Administration has a poor record when it comes to Information Freedom. Bush has, for example,picked the pro-privatization James Rogan to head of the US Patent Office. The USPTO is in dire need of reform, as business interests are able to push through unacceptable and barely reviewed patents.I doubt Rogan is the person to reform the US PTO.

Fight for Information Freedom!

Great opportunity

[ez76]

Perhaps in the spirit of bipartisan cooperation, he could contract Al Gore to invent one?

Re:Great opportunity

[StevenMaurer]

Actually, what he's doing is what Al Gore claimed he did for the original internet - e.g. "create it" by championing it and causing it to be funded.

He never claimed he invented it.

I thought that the "Nerds" in "News For Nerds" were people who actually knew something about technology, but given the number of people who modded you up to +5, this obviously isn't the case.

Re:Great opportunity

Al? That you? Congrats on Metro West!

Re:Great opportunity

[dillon_rinker]

Wrong. Lewis Carroll doesn't work here. Words don't mean exactly what the speaker means; they mean exactly what the hearer believes. When you say "I...[created] the internet" when you mean "I encouraged funding of the internet" then you are a moron. When you do not realize that "invent" and "create" are synonyms, you are a moron. And, [OT] when you spend eight years overseeing the world's largest democracy and fail to overhaul the voting system and then complain about your loss because you failed to create a new voting system, you are a moron.

Note also that, by your argument, Al Gore invented all of the following:
- interstate highways
- social security
- the national debt
- the U.S. military
- etc.

While he was in Congress, he voted for all of these. None of these would exist in their current form had it not been for his votes.

I want the opposite...

[aozilla]

Bush administration is considering the creation of a secure new government communications network separate from the Internet that would be less vulnerable to attack and efforts to disrupt critical federal activities.

That's funny, I've always wanted the creation of an insecure anonymous non-government communications network separate (or on top of) the Internet that would be less vulnerable to efforts to regulate non-critical non-federal activities.

Why not demand IPv6?

[pdqlamb]

None of the major backbones are willing to provide IPv6 connections. The U.S. Government contracts out almost all of its long-haul communication requirements. They used to get AT&T to build underground bunkers for them, but now they get nothing. Why not start by requiring IPv6 in all government RFPs/RFQs for long-haul comm? That should provide an instant market to kick-start IPv6, complete with all the security features that have already been designed.

Re:Why not demand IPv6?

please -do not- encourage the government to use IPv6 on its internal networks. We -do not- want to government to get so big that it actually needs it.

Re:Why not demand IPv6?

[SuperJ]

They may end up using IPv6, but simply because nobody is using it, which would make crossovers (connecting one computer to both GOVNET and the Internet) a bit more difficult.

Re:Why not demand IPv6?

[marxmarv]

None of the major backbones are willing to provide IPv6 connections.

Bullshit. None of the major backbones are willing to provide IPv6 routing because IPv6 is still experimental for the next several quarters, and I assure you they're as desperate for a gimmick as the rest of the technology sector, or more so. If you think it's so damn easy, buy a Cadence or Synopsys license, take the risk, and do it already.

Why not start by requiring IPv6 in all government RFPs/RFQs for long-haul comm?

What does IPv6 use for security? It uses IPsec encapsulation and authentication, exactly the same as IPv4 save that it's not optional in IPv6. What's the advantage? We don't even have an address assignment scheme for IPv6 yet that's known to scale, and IPv6 users and early adopters need to work the bugs out as the scale of the system grows. Do you want routers to die or run impaired just because some non-conforming implementation tries to send a packet formed just wrong? Neither do I, and good infosec does things correctly, not quickly.

There are ZERO operational advantages to carrying classified information over the public network when you are an organization of this size. You get a lack of control over the availability and of the network as a whole, and a nonzero possibility of leaked information via covert channels. Strictly divorcing the government operations network, properly done and with appropriate physical security applied to end-user terminals, reduces the chance of information leakage to zero and gives the network operator absolute control over availability, reliability, and access.

If it were such a bad idea, then why do so many large corporations lease lines between offices?

-jhp

Gresham's Law

[sharp-bang]

I'd be really interested to know how Mr. Clarke et al are going to come up with believable cost figures for this unhackable network, particularly as what makes a network hackable is NOT so much the routers, bandwidth, etc. as the due diligence done by the managers, which is an ongoing expense. (The exception might be for a physically secure signalling infrastructure... anyone know how to keep a physical network from being blown up or jammed?) But I just don't see how this would hold up in the long run... bad security inevitably drives out good if human operators (and usability drivers) have anything to do with its maintenance. Perhaps the money would indeed be better spent deploying IPv6 on a large scale, which is probably the only way we will see it replace IPv4. Since this network ultimately subsume the existing Internet or be subsumed by it, it seems best to keep this end in mind.

Finally something not boneheaded

[Merk]

It might be a better idea to support research into strong encryption, good protocols, etc. Maybe. But this is a pretty good idea. Think of all the boneheaded things they could have done instead: outlawed tools that could potentially break encryption. Outlawed computers that don't pass a "security audit" which required that all security-related source code be closed (effectively killing off Linux). Or worse still, done nothing and left sensitive government data floating around on the Internet, weakly encrypted.

This isn't a half-bad idea. A private network is still of course vulnerable, but it's like putting a fence around your property. People might still end up on your property, but they'd have a lot harder time explaining why they're there, rather than just "uh, I just got lost".

Re:Finally something not boneheaded

[imrdkl]

Agreed. Not bad for government work. But eventual deployment of anything vaguely MSish will certainly lead to trespass without footprints. Can you see a bunch of bureaucrats using anything but MS? Even if this net is totally closed, and never sees a packet from the (cruel) world outside, it wont reducy one iota the need for vigilence and good intelligence/training. Just like in the real world.

Security is a game that is never won. And certainly not with one swell foop like this.

But we already have a public system.

[El+Camino+SS]

The internet became public because there was a need for public mass computing. That is now in place. So why would we need a second system? Necessity is the mother of invention. The Gov't needs a secure network. They will invent a new one. We won't need a secure network, so the only people that will invade it are spies.

re:spending money

[snmpkid]

>"It seems to me money would be better spent getting >the next-generation Internet going, for the >government to fund more of the existing research >and standards boards to create protocols that are >invulnerable to the kinds of attacks the government
>seems to fear, namely massive DOS attacks. Or is >there something else a 'net terrorist' could do to >'disrupt the vital flow of information'?"

Just please remember there were already airport security standards in place to secure baggage and personell screening within 18 years. I believe we can go forward with the standards creating process
however I believe the President wants to secure the current infrastructure that is in place. Over the last 10 years or so the Federal government started relying on the commodity internet for certain functions. This all happened at the same time they started ripping out real servers in lieu
of the current Microsoft corporation installation .

Hacking in Context

[tino_sup]

This is not a matter of hacking, this is a matter of opportunity exploitation. Regardless of how secure a net is, poorly constructed code will (generally) allow for intrusion. Additionally, this is not just a code issue- a sneaker net, and lack of regard for security and patches (see poorly constructed), allow for a breakdown.

Encourage sound code development - keep marketing away from the alpha, and keep them on a leash aroung the beta. Write solid code. Isolate nets whose admins want to play in the big pond, but piss in their own pool.

Just my humble view-

answer Re:question

[gilroy]

Blockquoth the posters:

Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow?

Yup

Um, nope.

While some work had been done on using packet-switching to improve communication reliability after a nuclear attack, that work was purely theoretical and not directly tied to the origin of the ARPAnet. The ARPAnet was explicitly created to allow computer researchers to share files and resources, reducing unnecessary duplication of effort and resources. The nuclear war myth might be better copy, but it's just a myth.

Check out Where Wizards Stay Up Late for the real story.

Re:answer Re:question

[man_ls]

According to The American Institute of Physics in their Physical Review Letters journal article "Resilience of the Internet to random breakdowns" (19 Oct 2000) [a copy of this article is available in .pdf from my personal web page on the left side bar for your reading pleasure.] stated that the Internet could lose 99% of its nodes, and still maintain routability. The content lost in those 99% of nodes is another matter, but the Internet would not segment until over 99% of the routing nodes were removed. That's pretty impressive.

Re:answer Re:question

[Ray+Yang]

Careful: this article is only with respect to *random* breakdowns. A massive amount of internet traffic is connected through a few particular `nodes,' and selective destruction of relatively few of these nodes would be enough to massively degrade connectivity (read: really slow things down) across the entire network.

Now, this isn't a problem when you're considering a network where the topology isn't widely known (i.e. secret military or government networks), or when you're considering random breakdowns, but if there's a hostile group out there that a) knows where those critical nodes are (and on the Internet, these are public), and b) wants to take the network down, it can be done for comparatively little effort. That's where vulnerability to terrorists lies.

Shouldn't be too expensive..

[A+Commentor]

With all the reports of networking equipment surpluses and lots of fiber-optics in the ground that is still unlit, it seems like the government could get an awesome network for cheap... ;-)

Fear the Backhoe

[The+Dev]

If the current telco and internet infrastructure is any example, their efforts will do no good. A dozen terrorists with rented (or commandeered) backhoes in select locations could cause massive disruptions in the Internet (and therefore the economy). Miss Utility could even be an unwitting accomplice.

Don't even start with "physical diversity blah blah blah". The fact that your physically diverse circuits aren't has been proven time and again by the mighty backhoe/flaming hazmat car/junior achiever.

Of course some improvements to BGP wouldn't hurt either.

Re:Fear the Backhoe

[WillSeattle]

You don't even need backhoes. Just find the telco loc where the Net colocates and drive a truck into it, just as you would a plane, loaded with amfol and deisel fuel.

Simple, direct, and too darned effective.

Concentration of resources and access is the downfall of any system. Diversification allows one to reroute around damage.

I'd still be more worried about human security failings than physical, to be frank.

-

Re:Fear the Backhoe

My favorite was the homeless guy who lit a fire underneath the bridge and melted the fiberoptic cabling. :)

Re:Fear the Backhoe

[pcurran]

Yeah, you could do that, but I think that a possibility that rarely gets talked about is that of an EMP bomb. A few of these in strategic locations (I'm thinking Silicon Valley, DC, etc.) would not only thrash the Net by ruining colocation facilities, routers, etc., but the economic implications would be unbelievable. Anyone touting a "Digital Pearl Harbor" ought to be aware of just how fragile our technology really is.

Re:Fear the Backhoe

[marxmarv]

The fact that your physically diverse circuits aren't has been proven time and again by the mighty backhoe

And even the mighty backhoe takes doing to impede the satellite or the carrier pigeon. If you've got such a large organization, and the data Absolutely Positively Has To Be There and Absolutely Positively Has To Remain Private, you use diverse media and serious encryption.

Trust no one, not even a sweetheart government contractor.

-jhp

Internet ist hard-to-disrupt, but...

[j7953]

Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow?

Yes. And the internet itself is hard-to-disrupt.

However, a single server can be the target of an attack, and this is what they want to secure against now. The idea of the internet was to be able to communicate even if lots of nodes failed (i.e. got physically destroyed). The idea was not to secure every single node against destruction. Also note that the internet was designed with physical rather than digital attacks in mind.

The government certainly does have a point here, but I think you can reach security for each individual node only by securing those nodes, not by simply seperating them. How will they make sure that, for example, no email can get in from the internet? Have two computers at each user's desk?

Re:Internet ist hard-to-disrupt, but...

[jhanson]

I think that it would be a much better use of resources to make the government computers dual boot into securenet and internet modes.

Re:Internet ist hard-to-disrupt, but...

I get people telling me that the whole Internet is goes down all of the time...

It only takes a few mins for the whole thing back up after I plug the cat 5 cable back in to the system...

Re:Internet ist hard-to-disrupt, but...

[j7953]

Yes, of course. But would that work? Technically, it could, but it will cause a lot of user acceptance problems. Do you really want to reboot to send an email to someone who's not part of your private network?

Digital Pearl Harbor

[whiteben]

How ironic. The title of the NYTimes article is "To Forestall a 'Digital Pearl Harbor'". The US had a lot of success breaking Japan's codes. Pearl Harbor was a devastatingly successful surprise attack not because of a shortcoming in the US' theoretical ability to know what Japan was up to. Rather, it worked because of human error. Nobody would believe that Japan would pull so brazen a stunt. Even when the intel suggested that it was immanent, nobody acted on it beacuse it was so far beyond what they could imagine happening. Intel wasn't acted upon and Pearl Harbor crushed the American Pacific fleet.

One of the lessons of Sept 11th is that we need to be more vigilant in imagining what the possible attacks are. We had good intel that the people who perpetrated the terrorist acts were living in America but didn't have the manpower to quickly round them up and didn't have the brainpower to imagine why rounding them up quickly was so crucial.

Likewise with the Internet. We should be spending out time identifying what the potential attacks are and thinking about ways to minimize or eliminate them.

This is a separate issue from the fact that many private networks already exist: SIPRNET, INTELNET, etc.

BEN

Re:Digital Pearl Harbor

ah, history is not so simple:

Even when the intel suggested that it was immanent, nobody acted on it beacuse it was so far beyond what they could imagine happening.

I'm not sure that is totally the case - the issue was perhaps more to do with the risk of disclosure of the actual interception abilities of the USA at that point by releasing the intel to wider distribution.

Re:Digital Pearl Harbor

It's more complicated than that. We had the intercepts. We didn't have sufficient decoding power. What we got was enough to hint
that something was coming, but not enough to really say where. Most of the revisionist carp about "FDR knew" dishonestly use 1940-1941 dispatches actually decoded in 1945 when decoding
capability was at its peak but our enemies weren't sending anything worthwhile anymore.

AUTODIN

[pete-classic]

AFAIK AUTODIN is still where the "serious business" happens.

AUTODIN is an ancient, circuit switched network. It's a real bear to operate (I spent four years operating it) but it is genuinely secure. AFAIK the whole "packet switched so it can't be decapitated" thing that the APRANET was supposed to solve was supposed to be an answer to AUTODIN.

I hope they get something going so they can retire AUTODIN.

-Peter

Re:AUTODIN

[sokoban]

AUTODIN has been pretty much been replaced by DMS. I'm pretty sure that now DMS handles Unclassified through Top Secret and Specat messages. Basically it is just a secure e-mail only network though. It does not handle the machine-machine communications that AUTODIN handled (and still does AFAIK). DMS does use commercial e-mail programs (Outlook Express, IIRC) and some off the shelf hardware, so I doubt you could consider it "unhackable".

Re:AUTODIN

[pete-classic]

So are you saying the "other" stuff (i.e. SCI) is still on AUTODIN?

Are you a 74C/B by chance (I think that C has been collapsed into B, hasn't it?)

Anyway, I was a Chuck.

-Peter

Re:AUTODIN

[sokoban]

TS/SCI is now handled by JWICS, but each Regional Node of DMS has a connection to JWICS. AUTODIN may still be active, though because in April '98 the pentagon said it would be maintained for Nuclear command and control's EAM traffic.
I'm just a college student with an internet connection. All this information I have is freely available. www.fas.org has quite a bit of interesting info. I'm suprised that this is still allowed.

It's not only the network

[Florian+Weimer]

The hosts on it are also important. Now most people don't want to use overly secure systems (B2 level can become quite painful, but is actually required to prevent users from executing arbitrary code received over the network), so host security will remain low. Even if you separate the network from the other internets, one security breach can still have devastating results. And since people tend to keep modems in their drawer in order to log in from home, security breaches are going to happen.

What Bush REALLY meant to say...

...was that he wants a closed government network because all those gubmint hosts running M$ products will never be secure. Kinda like saying "Our routers and servers will never be secure from the vendors, so let's just close the network off from the world so we can forget about pesky things like having secure operating systems."

Will the real GovNet please stand up

The GovNet is a physically separate network that will connect a few "limited" sites. Physically separate means that it uses dedicated circuits, not the Internet.

And, in case you don't know, the Internet does have some significant points of failure. It would not cause a total outage, but it would grind things to a slow pace. The idea of GovNet is to insure that the Government can still communicate in the event that one of this points were hit.

What a jackass!

[bytes256]

Notice that this lovely post comes straight from an Anonymous Coward...hmm...anybody else smell the irony of that?

Re:What a jackass!

"...anybody else smell the irony of that?"

No. That'll be your mother reeking of cigs, cheap gin and the greasy mexican that's been working in your trailer park. post your e-mail address so I can paypal transfer a couple of bucks to you - You could probably do with a wash and education.

Why not demand Internet2 AND IPv6?

[WillSeattle]

None of the major backbones are willing to provide IPv6 connections.

I think you may have hit on something here. Why not demand a separate and secure Internet 2 with Bastille Linux and IPv6 with full security enabled and mandated. And have the gateways deny non-capable access.

It would be useful in terms of jobs, forcing the Net to switch, and addressing all the problems, while being infinitely more secure than the current Net.

Remember, private enterprise needs the government to force it to take the big leaps forward.

Re:Why not demand Internet2 AND IPv6?

[david614]

I absolutely agree. IPv6 and certified secure OSs would be a great first step. Interoperability rules preventing certain *unreliable vendors* from providng software to government agencies connected to this new network would be a second step. This might actually worry mickeysoft enough to make them straighten out some of their security problems.....Then again, it probably wouldn't do that, but it might help to catalyze alternatives.

Re:Why not demand Internet2 AND IPv6?

[Ziviyr]

I think you may have hit on something here. Why not demand a separate and secure Internet 2 with Bastille Linux and IPv6 with full security enabled and mandated. And have the gateways deny non-capable access.

It will be a while before you can pull the commercial internet into the deal. Which I'm guessing is what will really push the v6-net2 into life.

Of course denying access to normal net will only further slow things down. Probably make sense to let unsecure v4 tunnel through it to facilitate the transition.

Or perhaps I'm missing something here...

All it takes is one...

[weave]

All it takes is one idiot to install PCAnywhere and throw a dialup modem on their office computer so they can work from home. Or someone who dials out to the net from their office computer and runs something like Go to my PC.

Re:All it takes is one...

[raindr]

you got that right Sir, can't believe the amount of potential entry points a big corp. can make available with pca and gotomypc, not to mention the hard drive sharing/ms networking etc. if the fed net is anything like the corp networks, I can't imagine it will be secure......D

Re:All it takes is one...

[clarkgoble]

It would probably be SOP that you can't use any hard drive on the private network that is used on a public network (i.e. internet). Further it would be trivial to limit the computers so that they aren't hooked up to modems.

I suspect that this network would be used for moderate intelligence information, IRS information, and government email. It really makes sense to me.

I should add that there are already lots of secure networks. All Bush is suggesting is something like this for workflow information and government traffic. (i.e. sharing information between law organizations, INS, etc.) Stuff like that shouldn't be put on a public network.

Re:All it takes is one...

Good fucking luck getting an analog dialup line in these places.

Re:All it takes is one...

[weave]

Good fucking luck getting an analog dialup line in these places.

Eight years ago, I spent a few evenings on an air base outside of Detroit. I was providing medical care to a quadriplegic who had been invited their as a guest. We had a suite of rooms in some sort of officer's military hotel within the base.

There were notices on every phone about how the phones were not secure and to not discuss military operations on them. It also had a notice prohibiting modem calls.

I said to myself "flock() that, I'm a civilian, not my rules" and unplugged the phone on the desk and plugged my laptop in. Less than a minute later, there was a knock on the door.

Point of the story, it was an analog line on one hand, on the other hand, they knew what was connected to their lines somehow.

I wrote of my experiences in the comp.dcom.telecom newsgroup and an archive of the post is still online:

Date: Mon, 28 Jun 1993 07:51:33 -0400
Subject: Telecom Experience at a Military Base

To read it, go to Telecom Digest Archive and do a page search for the above subject string.

Re:All it takes is one...

[weave]

Hmm, after re-reading my 8 year old post, I noticed it said I never got dial tone. So maybe the AC's smart-ass comment was correct after all. Maybe it *was* a digital line. In that case, at least it didn't blow my early 90s era powerbook modem out...

Morale of the story, don't fuck around inside a military base. And that was during peace time. I bet if I pulled a stunt like that these days, my ass would have been hauled out of the building and I'd have been sent somewhere...

It isn't about security

[owlmeat]

This is about money and ego.

97 percent of the fiber in this country is dark because of no demand. The major telecoms desperately need another source of income. A new *major* network would turn Cisco around overnight.

Add to this the bureaucats and their desire for their own little playpen and you have a recipe for screwing the taxpayer.

repeat again...

[zoftie]

Start coversion of the internet over to IPv6.
But do it the smart way. Make strict standards,
derived from the IPv6 standard. Create certifications.
That will make sure that PHBs will buy into it.
Strict standards will allow for flow controls,
and massive genetic system that will detect influx
of copious data and manage network nodes to cut
it down. 128 bit address space will allow to
idenetify every computer. Strict certification
rules for the routers will ensure that network
is protected and is still open to the public!

Now there are negative possiblities here.
Government may create standards that will require
backdoors, and advertise these as the most
secure for the people's networks. As usual PHBs
will ignore utter cries of their employees and
buy equipment enmasse. IPv6 shall eliminate
generally most of vulnerablities. Stacks though
are not many in IPv6.
this could be really really good, or just horrendous...
p.

How long will it take ..

[kd5biv]

..before someone plugs in their wireless base station with NAT/DHCP turned on and WEP turned off?

You know it will happen .. it's inevitable .. ;-)

Hard-to-disrupt

[Wavefront]

Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow?

While this is true, remember that DARPA was trying to prevent communication disruption under traditional war conditions - i.e. physical attacks on wiring and facilities. High path redundancy, packet acknowledgement and retransmission, and multiple routing paths were the main ways they solved this problem. In those days, I doubt anyone considered the idea that nodes on the Internet would render the network unusable by flooding it with traffic.

If Bush creates a private network, what's going to stop someone with a pair of alligator clips from hooking in and exploiting the flaws in that network? At least on the Internet now, security issues can be identified and fixed under real-world conditions.

Bush wants a private network eh?

[thelexx]

Give him a Lite-Brite, a couple plastic cups and some string, he's all set...

LEXX

Re:Bush wants a private network eh?

LOL, cute.

Re:Bush Administration Wants to Stop Information F

For Christ's sake, calm the fuck down.

Secure Network

[hookskip]

It is nice to know the level of knowledge our leadership has and even more the level of knowledge that their adviser have. Sleep Well America your elected government officals and their crack team of experts are on guard.

"Unhackable" is still very crackable...

[damien_kane]

No matter how much security tehy put on such a system, it is still very vulnerable at a hardware level... Obviously for something like this they wouldn't use a wireless solution for datacommunication... as that is very easily read by anyone with a reciever (although transmission on said backbone is more difficult) Even a buried cable/fiber link is still vulnerable however, someone could easliy add a reader somewhere in the middle of the thousand-mile long cable running through the plains of southren US, even passive readers are easily available which do not require cutting the link and, since they draw no power from the line (the read the radiation given off by it) they are nearly indetectable... I think this unhackable network idea of bush's is worse than normal internet communications, because at least with the internet, someone trying to find data has to sift through terabytes of data from regular users to get at the sensitive gov't data... personally if I were a data miner I'd have a lot easier job if I knew all the traffic on a line was useable...

Re:"Unhackable" is still very crackable...

[clarkgoble]

It wouldn't be "unhackable" but it would be far more difficult to hack.

Consider: it'll almost certainly use different protocols. But unlike systems running on the Internet the average person won't be able to have a system on the network to test for vulnerabilities.

Further to "hack" the system you'd have to be physically at a computer on the network. However since the network will almost certainly just be at government facilities, this will be much harder to accomplish.

Yeah it can still be hacked. But it will be much, much more difficult. Basically all you have is an alternative network that is somewhat in between the really secure systems that the military and intelligence communities use and the fully open network for the public.

It makes a lot of sense in my mind.

Re:"Unhackable" is still very crackable...

[czardonic]

Further to "hack" the system you'd have to be physically at a computer on the network. However since the network will almost certainly just be at government facilities, this will be much harder to accomplish.

I think your optimism is misplaced. As the parent to your post pointed out, passive sniffers are available that can read data as it travels over a physical connection w/o touching the network physically. Now, consider that in order for this network to be useful, it would have to connect remote locations, not just exist within government facilities. Basically, it is inevietable that part of this network will be left unsupervised, and thus vulnerable to being monitored or worse.

Want unhackable network ?

[UniMike958]

If you want a unhackable network then run distributed.net client!!! It searches for RC5 key and sends to RSA to analyze it once it approves..we got new security!

Carnivore

[fathed]

If the internet developed by DARPA, which we currently use, was as open and impossible to destroy, then the FBI would have a harder time installing carnivore.

The best defence

What has happened to America ? All this running scared and talk of DEFENSIVE measures.

The best defence is a good offense. America should be prepared at any moment to bombard its enemies with its own terrorist software, causing their communication networks to crash, loss of data, etc.

America won't be safe until B52s loaded with Windows 98 are ready for take off at a moment's notice. For first world enemies, Windows XP offers even more security.

Um, yeah.

[rlangis]

An *isolated* government network, eh? Okay.

Let's forget about the technical and monetary problems to overcome. We will assume that it can be put into place with minimal fuss. Given enough money and technical know-how, we know this is the case anyway.

But...now, Senator Fritz can't get email from his constituents on his brand-spanking new, PentiumV 4GHz, Federal-Government-Issued computer! So, he tells Joe, the inter-department geeky-type, to hook up his new computer to the old network, and to make the new network work as well. Joe, being the good intern that he is, does so dutifully, and soon both networks work on the Senator's computer.

Anyone else see a problem with this? Granted, this is a hypothetical situation, but... Can't you just see it happening? And then where would all that money have gone? Senator Fritz is now an open relay on the new, <quote>SECURE</quote> network. Money down the tubes, taxpayers screwed, because El Presidente doesn't understand how networks work.

Networks WANT to be connected. They will prevail.

Al Gore

[Tom7]

Somehow this whole discussion would be a lot funnier if it was Al Gore saying that he wanted his own private internet.

George's wish

[jdmmmmm]

Little does he know there currently is a unhackable private network. It's called localhost.

--jdmmmmm

Re:George's wish

....dipshit.

Sometimes I feel like a cow's udder

Why bother with a private network. Simply run Slashdot at a loss until it has to close down, or be sold , or drags down whatever loss-com owns it?

*THATS* what I don't understand. Then nobody would be able to hack it. All osdn employees can't post on the weekend as they're not at work.

This poses a problem , as with stronger encryption methods , Slashdot is actually paying it's own way.

Bush is incorrect however in assuming that it's important still holds with the guys upstairs. "We are nothing but a ghost" they say.

We're stuck with it, and we can't sell it. At the moment.

The server they'll use.

[briggsb]

Given their cozy relationship they'll probably want to use Microsoft's latest server which is the only one proven unhackable.

The Bush Revenge

[metis]

Simple

George Busth will never forgive the internet for allowing itself to be invented by Al Gore.

So he is going to redo the whole things and invent the BushNet, a secure unhackable network based on the ingenious idea of running the following script on all government machine:

#!/bin/sh
rm /dev/eth0
ln -s /dev/null /dev/eth0

Re:The Bush Revenge

[fsck!]

Dude, since when are NICs represented in /dev?

knowing the government

[AA0]

they'd build a massive secret ultra secure network then run IIS on it.

Re:knowing the government

[trilucid]

Hmm... actually, if the network itself had insane levels of physical (totally isolated) and human (good resistance to dumb-ass social engineering exploits) security, you could really run anything you want on it and be fine.

Of course, that said, there's no way in hell I'd want to admin a Windows network (err... again... I used to do that sort of thing a while back). ;)

Web hosting by geeks, for geeks. Now starting at $4/month (USD)!
Yes, this is my protest to the sig char limit :).

Terrorist? WTF?

[sharkey]

Or is there something else a 'net terrorist' could do to 'disrupt the vital flow of information'?"

I thought this was the government's job, not the terrorist's job.

Unhackable, you say?

[Luggage]

"The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair." - Douglas Adams, Mostly Harmless

Too Bad They Shot Bambi's Mother

: )

Re:Too Bad They Shot Bambi's Mother

[babbage]

Yeah well the dad is next, so watch it, bub!

Serves me right, I saw "Bambi" when I was like three, and of course I barely remember it now. Shoulda thought of a better example... ;)

I'd like to point out

[gmplague]

I'd like to point out that whatever the government's intentions may be, it's near impossible to prevent DOS attacks on any form of computing platform. I personally think that if the goal is to keep government communications going, then this is a better idea than trying to develop protocols for Internet 2 that will be invulnerable to DOS attacks.

one word.... HAHAHAHAHAHA

[Lumpy]

Unhackable? not possible.
that's like asking for unpickable locks,un crackable encryption and uncopyable CD's and DVD's.

Glad to see that our executive branch hasn't veered too far from the normal...

Re:one word.... HAHAHAHAHAHA

[Trepidity]

Well, since the intent is to physically separate this network from other networks, it would indeed not by "hackable" by the common definition fo the term. The only way to penetrate it would be to breach the physical security (i.e. break into a building and tap a cable), which is more "breaking and entering" than "hacking."

Re:one word.... HAHAHAHAHAHA

[czardonic]

I beg to differ. First of all, whatever your definition of 'hack' is, it's pretty damn narrow. Second, in order for this to be a network capable of replacing the functionality of the Internet to any degree, it would have to pass through publicly accessible areas to connect remote facilities.

Re:one word.... HAHAHAHAHAHA

[dfenstrate]

Interesting bit of information... in highly secure faclitys, all the CAT-5 wires have a white coating. Thats right, no colors to differentiate them. So if you did gain physical access to a cable, it would be difficult to tap.
It's a bitch to wire up, of course, they have to put resistors across one end so they can differentiate the pairs, and screw around with it for a while, but it's worth it for the extra security.
Also, some of the security systems are so sensitive that you've can't even put 1M-ohm across the wires (i.e. an DMM or O-scope) without setting off the alarm.
The government, when properly motivated, can make things very secure. The above examples are from my friends father, who was an electrician at Raytheons Labs for the patriot missle system. Now that the system is public knowledge, he can talk about it a bit. Though this was several years ago....

I think the net is probably more secure

[fortinbras47]

My initial impression is that the net would be less prone to complete shutdown than other infastructure. The net still is sort of a wild wild west, and everybody from skript kiddies to hackers are continually trying to break in and DOS various different sections of the Internet. It's hard to imagine how any group (unless it was some massive government funded operation) could be more disruptive than what currently takes place. Radical islamic fundamentalists dont' seem THAT tech savvy.

Airports thought about security a bit, but really serious measures generally weren't taken. However, security has been one of THE TOP issues for the Internet for a long time. Kerberos, ssh, bastille linux etc... there are a lot of tools out there to lock systems and networks down.

That said the government is probably getting hacked all the time now. Really critical systems probably should physically seperated from the net. One aspect of security that is the most difficult is human error. Sure a system can provide ssh and kerberized login, but if people use the same password for their yahoo games account, all the encryption in the world doesn't appear to do a lot of good.

Just some random musings.

But what about private coproations?

[sterno]

The notion of a secure private network for the government seems like a decent idea. To think that through such a private network we can avoid some sort of internet peral harbor is absurd. Why? Real simple: was the world trade center a government building?

Why would any terrorist waste their time and resources trying to take down the FBI when it could go after banks, airports, power grids, and a whole host of other things that are on the public Internet? All of those things are far more visible and have a far more significant immediate impact on the lives of US citizens. Remember, terrorism isn't about taking out strategic assets, but creating a sense of fear in the every day lives of normal unassuming people.

Now, one might say that the answer to this quandry is to put corporations on that network. Of course then you are expanding the base of users and increasing the likelyhood that a few terrorists (or those easily bribed or fooled by them) will be able to breach that network. I suspect that even putting large swaths of the government on that network already risks that compromise within the government itself but that just amplifies it.

Why don't we take that money and put it into developing policies and technologies that will make the current networks more secure? I know that this doesn't look as impressive to the public, but in the long run it will probably do more to prevent an Internet Perl Harbor.

Is "unhackable" really what they want?

[apushadow]

If you read the New York Times article (free reg., you know you want to!), nowhere does it actually say "Bush wants an unhackable network." That, my friends, would be a great Christmas wish. However, what the article says is the Bush administration is considering making a government-only, always-closely-monitored network. They want a "less vulnerable" network, which I'm sure they realize is still hackable (as is implied by saying it will be constantly scanned for viruses, etc.). Their network in its current state is too difficult to shield, so they want something a little easier to defend. I don't see the problem with this.

I was a bit disappointed that /.'s headline skewed many readers' perceptions of the article it was referencing. What's up? Have you been watching too much CNN? :-)

Its time for Professor Leibstrum

[t_allardyce]

HEY!!! Its Professor Leibstrum!!! (Mr Bushes sock puppet from 2DTV)

Hello Mr. President, its me, professor Leibstrum, and i'm here to tell you about "secure networks". You see, many years ago, some clever people had an idea to make a big clump of computers connect with each other. But they didn't want any 'evil' russians (Bush butts in: Yeah! bloody ruskis) to break it. So, they made loads and loads and loads of wires to join up the computers lots and lots of times to create a 'network'. Soon, the network spread, and people invented ways to make it easyer to use with lots of pretty colours and buttons (Bush: And mickey mouse?) yes, and Mickey too. Nowdays this 'network' as we call it, is use mainly to trade dirty pictures (Bush: Like the ones of Misses Bush?) Um... yeah, anyway, the network was designed to be really hard to break, but _someone_ made it all commercial and public and now so many people use it, its hard to know whats going on... (Bush: So can we have a new one professor? huh? huh?) Well, no... you see, we're kind of low on money at the moment, what with paying for that war, and giving all the major corporations of America money, and that rather expensive missile system... so, no, we can't.

From the sexist-dept-names dept.

[plagiarist]

from the and-i-want-a-cute-smart-girl dept.

yeah, and i want a cute-smart-slashdot-editor...
sheesh.. c'mon timothy...

OT? maybe, but we're commenting on the article, and this is my comment on the article.

RE: The topic

[ShadeEagle]

Riiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiight.

Like THAT will happen in OUR lifetime.

Then again, it may happen in our lifetime. But not today with TODAY's technology.

Owell.

Physical security

[cr@ckwhore]

Building a private network isn't a big deal. I think the government could build an encrypted WAN without much effort. I think the biggest challenge to security is going to be on the physical front... meaning that every piece of network equipment must be in a secure location. This includes every router and bridge in every network shack along the WAN lines. Wouldn't want any 1337 hax0r5 to come along with a patch cable and bring down the government network. Since guarding every inch of wire is impossible, point to point connections must be made with fiber line so it can't be tapped like copper.

None of this even begins to consider the physical local machine security... government workers shouldn't be alowed to bring any media from home, no incoming modem lines, etc.
Lots to think about. If GB wants to cut me a check, I'll begin the engineering work tomorrow.

Re:Physical security

[WillSeattle]

Building a private network isn't a big deal. I think the government could build an encrypted WAN without much effort. I think the biggest challenge to security is going to be on the physical front... meaning that every piece of network equipment must be in a secure location. This includes every router and bridge in every network shack along the WAN lines. Wouldn't want any 1337 hax0r5 to come along with a patch cable and bring down the government network. Since guarding every inch of wire is impossible, point to point connections must be made with fiber line so it can't be tapped like copper.

None of this even begins to consider the physical local machine security... government workers shouldn't be alowed to bring any media from home, no incoming modem lines, etc.

I used to be Acting Security Officer a few years back for one of the MilHQs. The major problem with security is almost always personnel, secondary is physical security.'

And in fact, most of the breaches at DOD/DND were because someone brought stuff home or just plain forgot to keep it secure.

You are only as strong as your weakest link. This doesn't mean you shouldn't go to something useful, like using IPvSec over IPv6 with encryption enabled, and insisting on Bastille Linux or BSD implementations or Secure Unix as a bare minimum.

We used to limit the boxes, so that the points of access were kept to a minimum. But when security gets in the way of people doing their jobs, they will actively work to defeat the security, and then you might as well have no security at all.

-

Re:Physical security

[cr@ckwhore]

You're right... and thats exactly the point I was trying to make. By "physical security", I also meant to include the personnel that will be around this equipment. Those people must be held in a high level of trust with a number of safeguards in place, such as inspections upon entry and exit of government facilities.

Re:Physical security

[alen]

The last army unit I was in before I got out we had a siprnet datacenter. Usuall stuff like locked doors and needing to be identified on camera before entry. But the people who worked in there used to give the entry code to their wives who would come in with classified info on the monitors. Then they went to a code and entry card. So the wives would ring the doorbell first and then be let in while there was classified info on the monitors.

Re:Physical security

[WillSeattle]

The last army unit I was in before I got out we had a siprnet datacenter. Usuall stuff like locked doors and needing to be identified on camera before entry. But the people who worked in there used to give the entry code to their wives who would come in with classified info on the monitors. Then they went to a code and entry card. So the wives would ring the doorbell first and then be let in while there was classified info on the monitors.

Exactly my point. Another way we would find to show that a room lacked physical security was the coffee break trick. We would be talking with someone next to the door when they went to coffee break. That person would then say they were heading there too, distracting them, while we defeated the door closure. Then we head off so they think there's no prob, go around the corner, and then head back and we're in the room.

Because they were "just going for coffee" they were still active. So we had defeated security.

Hence, it's not physical security that provides hack access, it's social engineering that defeats the network security.

Once you're in and trusted, you can build out the rest of the access, whether by dongle or other device or password captures and opening up other methods.

So, basically, it won't be unhackable. This is not to say we shouldn't be encouraging the Bush administration from building a Secure Linux setup with IPv6 and IPvSec. If nothing else, this would be better than the current situation.

-

Who needs DoS?

[Ho-Lee-Cow!]

The government is still so busy licking Gates' buttcheeks that they are still running mission critical operations on Windows machines. Outside of DoD and some quarters of the military, all you need to do is get something into a computer behind one of those MCSE maintained firewalls and it's gameover.

Just because no one has bothered to erase hard drives with these vulnerabilities before now, doesn't mean that it isn't coming.

newscast from the future

[fearboy]

Turning to other news tonight, new reports on the status of Unhack-a-Net, originally proposed by former President Bush, indicate the test servers were actually transmitting gps information to would-be hackers, indicating their course and heading.

And in an ironic turn of events, an undisclosed number of people were arrested in nationwide raids following the most recent round of Unhack-a-Net testing, on charges of using illegal circumvention devices. Officials close to the case described the devices as 'Garmin eTrexes.' The official hinted at prosecution under the SSCA (Super-Secret Copyright Act), the details of which are still classified.

One detainee was overheard saying, "But...we're beta testers! You know, Unhack-a-Net!"

SSCA was signed into law in 2003, following the terrorist threats to the music and film industry. Those attacks came in the form of the thirteen year-old son of a record company exectuve, who crashed his father's Windows 2000 computer one night. Under the terms of the MASTA (Microsoft Antihacking, Security, and Terror Act), the child was sentenced to a prison term, but President Ashcroft felt greater protection was needed for America's vital interests.

Uhh, milnet?

[Omega]

...the creation of a secure new government communications network separate from the Internet that would be less vulnerable to attack and efforts to disrupt critical federal activities.

Doesn't MILnet do this already? Isn't this why when the DoD gave up control of ARPAnet, they forked and created MILnet to retain a secure channel?

Bush needs to lay off the MSN. The U.S. government is already waaaaaaaaaay ahead on this one.

Re: The topic

[ShadeEagle]

I'm speaking both from an encryption perspective and a physical perspective.

Breaking into Fort Knox isn't impossible - we just haven't had anyone who is smart and resourceful enough to do so.

As for computer networks - if it is built, it can be hacked. It's just a matter of just how much work will have to go into said hack and how dedicated the prospective hacker is.

Then again, if it DOES happen, the aforementioned prospective hacker would be thrown into jail SO friggin fast...

Maginot Line, part 2

[poot_rootbeer]

I expect this initiative to be exactly as successful as the "Missile Defense" plan that was going to keep America from being hit by explosive airborne projectiles...

attractive targets

[chizor]

precisely by defining the network as high-security and "unhackable", it will be a much more attractive target. the private sector will benefit mightily from reduced attacks, as they are concentrated on delicious government systems.

Bad for MS, good for SELinux, bad for SSSCA

[einhverfr]

That is pretty witty.... Good point. However, I think that there is something to be said for the idea of a relatively separate network. However, untortunately, this could actually be a BIG blow to MS. Here is the problem: Security.

Now, I am not talking about vulnerabilities like those exploited by Code Red. I am talking abount internal security and differing levels of security classifications that would make implimenting such a network on NT or Windows 2000 based infrastructures a really daunting task.

Enter SELinux. SELinux uses a concept of MAC (Mandatory Access Control) rather than DAC (Discressionary Access Control) which allows one to actually enforce security access and localize the effects of security incidents. With SELinux, if I send you a file, you may not be able to access it if you don't have the relavent security classification and, if it is really secret, the mailer may not be able to read the file and hence I may not be able to send it at all!

To do this sort of thing with Windows 2000 or NT would require a large number of servers, and each server would have to have documents only of one security classification on them. Each of these servers would have to be carefully evaluated as to their suitability for their jobs but with MAC in SELinux, these can be combined onto a single system.

Re:Bad for MS, good for SELinux, bad for SSSCA

[alexborges]

Even though a good point, I dont think GWB has any idea about what security means. MS is practically his tech advisor (where not his lover, or illegitimate son in law) and they will push their crap nontheless...

So, lets stop worrying, Bush is sold to the big industries. I only hope Big Blue kicks in and bribes a larger (than microsoft) part of the federal government so at least this new "Hacker proof network" (LOL), is not "Built on NT technology"....

Alex

Re:Bad for MS, good for SELinux, bad for SSSCA

[einhverfr]

Even though a good point, I dont think GWB has any idea about what security means. MS is practically his tech advisor (where not his lover, or illegitimate son in law) and they will push their crap nontheless...

You are right about that, but I think that he would probably get some interesting feedback from the NSA, Air Force, Navy, et. al. NT/2k/XP simply does not meet the needs of such an organization in terms of internal security and security classifications...

But he already HAS a secure network!

Or has he pulled his head back out of its port again?

GW Bush, Stupid is as stupid does.

Oh boy. GW "I don't read email" Bush wants a secure government. Betya he's been chating with billy boy gates.

Re:Bush Administration Wants to Stop Information F

[mr_don't]

NO WAY!

Ahhhhhhhhhhhhh!!!!!!!!!

O.K. Just Kidding

Already did this with milnet

[peter303]

The problem is that open networks evolve so much faster than closed, secure networks, that users become frustrated with the later and start moving files surrepticiously between them. Thats what Prof Deutch of MIT did while head of the CIA and Wenho Lee of Los Alamos.

Re:Already did this with milnet

[marxmarv]

Thats what Prof Deutch of MIT did while head of the CIA and Wenho Lee of Los Alamos.

It can be made impossible (read: "prohibitively difficult") for most people to move data off of the red network without infosec officers noticing. simply by defining your network border to include end-user terminals and securing the network to match. Yank the floppy drives, lock down MAC addresses on switch ports, ban CD writers, install tamper switches in the cases. Ban cameras, save copies (hard or soft) of everything that gets printed, control physical access to printers, embed radio security tags into the paper. A rogue user can always lie about why they're removing plaintext classified information from a classified network, but if they can't get it off the network, they can't get it out of the building.

As for open vs. closed networks, who cares about evolution? If you've got the tools to do your job correctly, you don't need anymore.

-jhp

Reinventing the wheel

[catseye_95051]

We alreayd have such a network. Its called milnet and is used by the US millitary who funded the original inetrnet research.

As soon as the internet was working they built their own, secure network, and got the hell off of the publicly acessible one.

Maybe Colin won't let Georgie play with his toys, so Georgie wants his own....

But is Jobs always inside the Net?

[WillSeattle]

The only concievable way to do this is to either:

a) Eliminate Government Data Access to All But the Highest Officials (which still poses the same problem, in theory) or
b) Eliminate the network altogether.

We already went down this path with the CIA and NSA. Turning to more hardware meant that we were less adapatable, and missed more things.

While people will always be the weak link of any network, and inside access the way to defeat security, this does not mean that it is unwise to trust people.

Instead, we should make security transparent and easy to use, and learn from our mistakes.

This is the lesson of open source - the security actually increases as the number of eyes peering at the code increases. Dependence on the technology ignores the fact that someone has to see the data at the beginning and end of the process.

-

Re:But is Jobs always inside the Net?

[Moonshadow]

Or you could just eliminate the human aspect of the network.

Imagine, once we develop A.I.

"I'm sorry, Dave. You are theweakestlink! Goodbye!"

Re:But is Jobs always inside the Net?

[bigchris]

And we all die from nuclear radiation. Hey, I've seen Terminator and Terminator 2!

Slashdot is losing its touch

[Jucius+Maximus]

Why in the world was this article not put in the 'It's Funny, Laugh' category?

Stupid stupid stupid government

[CordMeyer]

Oh my god. This is hideously ironic considering what the internet was set up for in the first place.

Sure...

The government could create an unhackable net...

Keep in mind the following...

These are the same people who spent 2-3 million dollars during the cold war to see if burning a photo of a soviet missle could destory the real missle...

Deja Vu?

C'mon, this is *old* news - hell, it's been *posted* *on* *Slashdot* *before*!

And as I said then, I'll say now. STFU.

They want a network solely for governmental agencies. This is a *good* idea.

And while it won't be foolproof as anyone with access to it will still be able to carry out malicious access, it'll be a hell of a lot more secure than what they have now - the plain old Internet (Presumably invented by Al Gore ;)

"They'll still have hackers and crackers and blah blah blah!"

Yes they will. What they won't have is every twelve year old kiddy who think's he's a l33+ h@x0r sending out his little virii thinking he's cool. I Love You, Sircam, Code Red, Nimda.. These four alone have cost the government quite a bit in time, resources and money.

It's a proven fact that you can't train the average computer user to not open attachments that seem strange. We've all tried. :) Their only option is to reduce the amount of hostile actions they recieve against them.

Go Government, Go. Someone up there has a brain when it comes to tech... Now if they'd only strike down the DMCA. ;)

should be ..

[NumberSyx]

from the and-i-want-a-cute-smart-girl dept

Shouldn't this be from the and-i-want-a-cute-smart-bisexual-girl dept

Re:should be ..

[Ziviyr]

Shouldn't this be from the and-i-want-a-cute-smart-bisexual-girl dept

Looking to set up your own personal token ring network?

Bush wants what?

that's funny. i thought it was that a bunch of hackers wanted "bush!"

The unhackability will last...

[Scoria]

As long as only government officials can connect to the network. No connection, no cracking.

Unless you have physical access, which is a completely different matter.

It seems to me

[mindstrm]

That the US Govt saying they want to do this is akin to a company saying they want to build a large, private WAN, because they don't like working on the internet for sharing info between offices. Fair enough.

Apples and Oranges.

False sense of security?

[rice_burners_suck]

Even with a private network that isn't connected to the Internet, there is still at least one big security issue: A false sense of security. Government employees may think that because their private network is so secure and separate from the big bad Internet, they can relax and give computer security a low priority. What most folks don't understand is that computers are like any machine: They require constant maintainence for reliable operation. Security is a large part of that maintainence, and cannot be set aside while other things take place. On the contrary, security must proactively be part of everything that goes on in a computer and network. This is partly why a false sense of security is dangerous.

Besides, intruders could still access the network through such techniques as war-dialing, to name one example off the top of my head.

Re:yo dumbass

> The breach will come when some high offcial
> doesn't like having two computers

Oh, the "breach" will come way before that. It'll come when Mr. Politician is too lazy to log in himself and has someone else do it for him. Pretty soon, everyone in his office will know how to log into the "Unhackable Private Network" but the one person who is SUPPOSED to have access.

You can never have a secure network until you can ABSOLUTELY BE ASSURED that one person and ONE PERSON ONLY can log into the system. That will not happen for quite a while. (Probably until we have some sort of retina scaner built into these "high security nodes", but I'll leave that up to your imagination.)

I thought the government already had this?

[HanzoSan]

Whats Bush Talking about? The government has had independent secure private internets since before we even had the internet.

Why are they telling us what they are building unless its going to be a public government internet.

I mean really, if something is private and secure, the last thing to do is tell the world about it.

When the government wants to keep secrets they can, and they do so by not telling us anything about it,

Perhaps bush wants an internet seperate of the private government internets already in place so he can email his friends in various other countries on any computer (not just the secure private ones) without worrying about people reading his msgs.

Re:I thought the government already had this?

[Nate+Eldredge]

Given that every government employee that uses a networked computer is going to have to know about it, it would be awfully hard to keep such a thing secret. Furthermore, given that the funding required for this project will likely be substantial, Congress will have to know about it, and they don't tend to be good at keeping secrets. Also, it's good PR if Bush can convince the public that this is one of the many projects he has in mind to protect the nation's security.

So it would be neither practical nor especially desirable to keep the project secret.

Ian Clarke of Freenet advising the president?!?!

[HanzoSan]

This is funny.

The president talks to a "Mr. Clarke" and i think its really clear who this Mr.Clarke fellow is,

It would be funny if the unhackable internet ends up being based on freenet or uprizer.

as much as i like the idea of this, i dont like the idea of freenet people working for government, the two just dont mix.

Nothing is unhackable

[Apreche]

first of all nothing is unhackable. Second they're talking about setting up a seperate wan for just the government. If just ONE computer on that network is also connected to the real internet, then someone can get in. If none of the computers on that network are connected to the internet, then government employees will be very unhappy at work. Hence, another waste of money.

Re:Nothing is unhackable

[alen]

That's right it is separate. For fun I would surf the different sites on there if I was ever bored and all I had was a siprnet computer to play with.

i think its a good idea

Actually, I think this it a good idea. If the government used a seperate network with seperate protocols it would be very hard for a script kiddie to attack it. If fewer people are using the protocol(unlike the internet where everyone uses the same) there will be less people with the know how to hack it.

Global Systems integration.

[the_real_bayliss]

It seems that there is a growing push for integrated technologies. A great example is VoIP integration for the United States Postal Service Office of Inspector General :

http://www.cisco.com/warp/public/784/packet/apr01/ p22-enterprise.html#title

Sounds great doesn't it, 40% Cheaper phone calls, more secure network etc, but As more and more technologies and services get incorporated into the one implementation, the number of eggs in the basket continue to grow.

Just remember, attacks can come from behind the firewall too.

Just incase you are interested in how the government currently protects their Cisco routers:

http://nsa2.www.conxion.com/cisco/download.htm

is an interesting read.

Republicans Against Strong Federal Government?

[LionKimbro]

GyaHaHaHa!

I will never believe that the Republicans are against big government.

I'll take public libraries and health care over a gluttonously large military and an ultra-strong federal government any day.

Re:Republicans Against Strong Federal Government?

[SecurityGuy]

Republicans were against strong central government. They still are compared to Democrats, but not in an absolute sense enough to be really meaningful. Both parties have pretty much devolved to protecting their own power base by pandering to one group or another. Fortunately, we have other choices.

Re:Republicans Against Strong Federal Government?

[Legion303]

Fortunately, we have other choices.

Hahahahahahahahahahaha. That's rich. Oops, no pun intended.

-Legion

Secure Systems? Trusted Systems?

[Samuel+Nitzberg]

Some basic things can be done to make "secure" or "segregated," or other types of somewhat-more-protected-than-usual environments.

Unfortunately, I think that there are also some very real problems. Some very old military systems (e.g.) SAGE - were secure. The customer (Government) could own and have all code reviewed. All end points were well controlled. The number of nodes and links, etc... were limited. The system was also special, and dedicated - purpose.

There are limits as to how secure any system will be if it will be built on off-the-shelf components, software and hardware components that the gov't can't fully inspect, networking protocols that are not provably secure, and the inevitable ... using currently available products to implement solutions, rather than building that which might be necessary.

Sam Nitzberg
sam@iamsam.com
http://www.iamsam.com

Maybe he wants TCP/IP... old-style.

[hearingaid]

Think about it: when the Internet was restricted to non-commercial nodes, it was pretty secure. The first major security disaster was the Worm of 1988, which came from a university site.

If you maintained a separate TCP/IP network that only had physical connections on military bases and the like, I'd think it would be pretty secure. It's this business of giving everybody an Internet connection that gets all the script kiddies online.

Re:Maybe he wants TCP/IP... old-style.

[klykken]

I for one am quite happy that most people in developed countries has been able to get on the internet. Back in 1991 I had severe trouble getting access whatsoever (finally managed though)

Yeah, we have a problem with the script kiddies, the spam, the ad flash/shock/popups, the DMCA, the restriction of free speech, the spam, the patenting of open standards, believed non-patentable terms like "one-click shopping", DoS, DDos... and spam.

SIPRNET

Those ignorant fools already have that very thing in place. The military has been using it for years. I hope to burst everyones bubble but no I highly doubt that it could be compromised and even if it could it would not be for long. Each and every single packet is encrypted with daily changing crypto before it even hits a ethernet card. To further secure the network each and every single cable, every inch is walked and inspected every single day, this to avoid any taps and such.

Re:But what about private corporations?

[catfood]

To think that through such a private network we can avoid some sort of internet peral [sic] harbor is absurd. Why? Real simple: was the world trade center a government building?

s/private/government/
s/world trade center/Pentagon/

Security.....

[F34RL3SS+L34D3R]

Someone explain to me how a nationwide government network, PHYSICALLY seperated from the "Internet/public ISPs/and population in general", is unsecure? With the exception to the human factor, this is theoretically possible. And for all realistic purposes, I support this move by the government.

"AK47. When you absolutely positively have to kill every mother fucker in the place. Accept no substitutes."

Re:Security.....

[the_real_bayliss]

And who will run this network isolated from the people? Aibo isn't that smart.

Re:OT, but it needs to be said

Do you realize you sound like a complete idiot? Not only is that peice poorly written it exposes what a pathetic and unintelligent mother fucker you are.

Earth to Dubya: STOP USING WINDOWS

Seriously, if Bush was *really* concerned about security, he'd stop fucking around with that piece of shit Microsoft calls an operating system and roll out Linux desktops and OpenBSD servers, all running IPv6.

"Digital Pearl Harbor"

[geigertube]

So, instead of users experiencing hours of downtime seperately, as is par for the course with the internet anyway, in the "Digital Pearl Harbor", it will all happen at once? Would anyone even be bothered?

"Oh. Another outage. Darn."

I think I experience a "Digital Pearl Harbor" about once a month with my Road Runner account.

Re:"Digital Pearl Harbor"

[Grab]

If you're still on a dial-up connection and you're doing a video download, you've already got a Digital Pearl Harbor. As with the film, you spend 90 minutes sitting around with not much happening, waiting for 10 minutes of decent visuals...

Grab.

most big companies are intranets

[mrm677]

Yes, the U.S. government better be on a nationwide Intranet. I've worked for a few Fortune 50 companies, and their networks are all private. Sure, they external webservers and employees can use port 80 for WWW traffic, but everything else stays internal.

Hackable Whitehouse

[Thakandar2]

I dont know about you, but I would rather have a very easily hackable http://www.whitehouse.com.

Whoops...

[DaoudaW]

Well, I blew that link

I can allready imagine

[Niksie3]

How will they email with the outside world??? Knowing Bush he will prolly have a email forwarding server that will forward all the normal email to the internal system... Code Purple with yellow dots and orange stripes here we GO!

Seperate networks...still same problems exist...

[Mashiki]

Such as, on-net cracking...all someone needs to do is bluff their way though security or come up with a good forged security pass, especially a visitor pass, slip in and get onto a terminal that's secluded. I beleive that /. already had an article on this, same rules still apply...

I suppose it comes down to this, you can make the most perfect, impenertable network but...as long as you have lax human security someone will still get into it.

It shouldn't use TCP/IP

[isdnip]

If the government wants a really secure network of nontrivial size, then it probably should not use TCP/IP as its underlying protocol suite. TCP/IP was designed in the 1970s for a limited-access insecure network of researchers (ARPAnet). If anyone misbehaved, they'd be booted, and/or their site manager would get a nasty notice. Nobody was "entitled" to be on ARPAnet, and almost everyone cooperated. The network was designed for maximum openness within that selected community.

Now we have the public Internet, and Microsoft's virusware for applications. Firewalls help, but as many have noted, it's too easy for a laptop or floppy to inject something, and if an email gateway it provided, MSware will do the rest. Or any other mail client that follows their evil lead and executes email.

A serious fix is to create a new protocol suite that has security designed in. New stack code with no buffer overflows. A stack that doesn't invite address spoofing, flooding, or various other vulnerabilities of TCP/IP. Not that TCP/IP is all that bad for public use, but you just don't try to add security later and expect it to work! (It's a sieve: It should stand for Transmission Colander Protocol/Insecure Protocol.)

This new stack would have new, or at least modified, applications written for it, the way ARPAnet did back when it was young. And rules against insecure crap, so no Outlook ports! It might then catch on outside, but if the protocols have security handles in them, it's okay; there's no security through obscurity. This would help long-term stabilization of the public Internet, if it adopted more secure (and probably more efficient) protocols. Just as government funding for its own use led to TCP/IP.

Some people seem to think that TCP/IP was handed down to Moses on Sinai, and is thus sacred, Perfect, and should be inviolate. I don't buy that for a minute, and I was on the ARPAnet back in the NCP days. It was a nice experiment but it has ossified with widespread use, and clearly has trouble keeping up with current needs. IPv6 is not an improvement in any sense, efficiency or security; it is a distraction whose misbegotten presence, on balance, makes things worse.

Re:It shouldn't use TCP/IP

[Nate+Eldredge]

That's a nice idea, but the government uses an awful lot of existing software which expects TCP/IP. The expense in porting all of them would be immense and probably outweigh the cost of whatever they end doing with TCP/IP. Not to mention, many of them are commercial and they may not have the source. Then there's the issue of reinstalling ALL the software on ALL the government's computers... whew!

Nobody thinks TCP/IP is perfect or inviolate. But like it or not, it's what the world is using. The expense associated with being different would be very large.

Because IPv6 sucks.

[Bob_Robertson]

It's simple, really.

what about physical security? drugs:1 prisons:0

[studboy]

Secure network? The gummint can't
even keep drugs out of prisons!

Improbable ....

[Ashcrow]

Well, the US government doesn't have the best record when it comes to security of any kind. They can try using their technology ( like tempest [http://www.eskimo.com/~joelm/tempest.html] and whatnot) though they will always have a problem with the users of the system. Poloticians arn't very good at keeping their own lives straight how do we expect them to keep there personal security which is vital to the network as a whole?

Damn it

[dimator]

I love it how the /. editors always have an excuse as to why they post dupes. Either it's witty, or dodgy, or it's "this is important enough to read twice." Please.

Is it THAT IMPOSSIBLY HARD to use your OWN search tool before posting dupes?

Give bush a break!

[incy+wincy]

Hey.. Give bush a break. At least when he is talking about things he does not understand (I fear most of the time) he is not bombing some peasants into oblivion.

Let him talk all he wants about "secure", "hack proof" networks. With any luck he will throw more money at our industry and in doing so actually contribute to "more secure" and "hacker resilient" networks. If he then wants to claim he invented the internet... good luck to him.

One clever cowboy there!

Ahh, Irony

[eudas]

What... the irony doesn't speak out to you?

eudas

When it comes to technology...

[npietraniec]

The government has it's head up it's ass...

Well, ok, you've got me. The government almost always has it's head up it's ass.

If the government really wants to secure it's communications, it ought to post an "ask slashdot."

G_W_Bush asks:
Dear Slashdot, I'm a leader of a major world power and I don't know my ass from a hole in the ground... How should I secure my communications?

Bush administration / Microsoft

Given the Bush administrations obvious love affair with Microsoft, I hope he makes his secure network entirely out of Windows machines.

I think this story and one a few back intersect.

[wadetemp]

I was actually going to reply to "Ask Slashdot: French Government Online-Why Isn't the U.S.?," but I figured it was too late. Then I saw this story, which basically states what I was going to say about the former. The US isn't online because they can't keep something like that secure and they know it. I wouldn't be surprised if someone wipes out the French system fairly soon now that the "word is out." Of course, I may be wrong; they may have hired a building-full of 1337 French hackers to secure the system. But I doubt it.

Unhackable?

[alexburke]

A while back, a bunch of folks built a ship. It was loudly trumpeted that even Mother Nature herself couldn't sink it.

Remind me again what happened to it?

Bushism Internet

[Amon+CMB]

Don't "misunderestimate" Bush's private internet plans, "hispanically speaking".

Yah and I want ...

[cullenfluffyjennings]

Santa Claus to personnaly deliver me a windows based computer that has 99.999% uptime.

We all got our wants. Reality Sucks.

And I want a threesome with his daughters,

but that isn't going to happen.

And I want...

[megaduck]

• A cat that comes when you call it.
• An oven that doesn't burn things.
• A silent chainsaw.
• Enough RAM.

• Wishing doesn't make it so, Mr. President. Networks are designed to let people share information. Even if you cut yourself entirely off from the Internet, you leave yourself wide open to moles, leaks, and all sorts of human error. A private network may make the human security holes even wider because it gives you a false sense of safety. I'd rather see my tax dollars spent on secure open protocols and sensible security policies. Security is a mindset, not a technology.

Every government employee does NOT use it

[HanzoSan]

Thats why bush wants to make a more public government internet for the common government employee.

The private internet Bush himself most likely cant even use is what you'd call, a military secret, only used for serious business by intelligence agencies to exchange information with the military, and people know about it on a need to know basis, its not common knowledge, and only a few people actually know how the whole thing works technology wise, so even if you've used it, 1 you wouldnt know how it worked, and 2 the people who do know how it works prolly have no clue what its being used for.

Technologicall Advisors

[alexborges]

The real problem with no-tech-dummies-with-power is that they can make decicions, but they dont have a clue as to why they are taking them.

Of course, this guy is a politician (subclass of NoTechDummiesWithPower), and his tech advisor is probably no other than the all ubiquitous and ultra smart devil Mr. Will F. Goats.

Now, its obvious that WFG is another (although altogether different) subclass of the said NTDWP.

So, why does it surprise anyone that politicians (and CEO's of big companies, a NTDWP subclass) allways take the wrong track where technology is whats being discussed?

Lets accept NTDWP as part of our society and just try and help them as well as we can. Of course, its not a nice prospect to be against them since they are WP, but lets pitty them as they are also NTD.

Little stupid GWB, take WFG's nose out of your ass and get a decent tech advisor. Thats the only good word we can give you....

Alex

Unix - Windows Transition

[J.J.]

It's more like a DoD wide transition from Unix to WinNT/2k. It's all the DoD networks - not just the classified ones.

I think it's a mistake personally, but I've never researched the reasoning behind the decision. The difficulty in finding unix admins shouldn't matter that much, since the military tends to grown their own anyhow.

Re:Unix - Windows Transition

[firewort]

my understanding of this transition is:
in the past, they've trained people on UNIX, only to have them finish three years and get high paying gigs in private industry- they're tired of investing time and money in training only to have the soldier leave, so they are moving to NT/2k where admins are a dime a dozen.

God help them, and god help us when it goes down..

Re:Unix - Windows Transition

[mpe]

they've trained people on UNIX, only to have them finish three years and get high paying gigs in private industry- they're tired of investing time and money in training only to have the soldier leave,

Are these officers or enlisted? IIRC whilst an enlisted can leave as soon as their enlistment is up an officer can be told to stay until the military dosn't want them any more...

so they are moving to NT/2k where admins are a dime a dozen.

Except that they probably still need plenty of training because military use of such systems may not be covered in an MSCE exam...

Re:Unix - Windows Transition

[MadAhab]

The point is not acquiring expertise from elsewhere, but in preventing them from leaving. Presumably, NT/2k admins are less likely to leave, because less reward entices them from outside, because there are more NT/2k admins in the market and so the salary incentive to jump ship is not so great.

It was... and it can't that is why US quit darpa

They came in designed a prototype / poc and then left it. It was not a project that was going into the next century ... just the 60's and 70's

And

[Raven42rac]

I want a million dollars.

What about....

[alexborges]

SSH, VPN's with decent encription...etc.?

Hasnt the SS told GWB about this kind of technology?? I mean, just use private keys and the like. I think government officials are responsible enough to carry arround a fucking key and not give it to anyone, arent they?

Alex

UnHackable?

[PbHead]

Didnt some old chinese man once say:

"If you build it, they will Hack."

... or maybe it was some Murphy Guy. Can't remember.

Security? Strength? Dump electronic communication

[pclminion]

No matter what our wonderful government chooses to do, their network will still be vulnerable to physical destruction. I've always wondered, what are the alternate means of communicating information over long distances that are more difficult to disrupt?

• Sonic communication? When your "wire" is the atmosphere/ocean, no one can cut the wire.
• AM radio? This already travels long distances, but might be susceptible to (brief) interference by nuclear explosions. (A nuclear detonation will ionize a large portion of the atmosphere, making it quite opaque to radio signals.)
• High-power visible lasers?

For all these methods, signal repeaters would be a must, but remember: signal repeaters are used in solid-state communications as well, so this isn't really a drawback. You might argue that someone could simply blow up the repeaters, or the transceivers, but it's impossible to eliminate those elements of the system. The wires are the most susceptible element of the system, since they have to travel long distances through unguarded territory. And the wires can surely be eliminated.

If you make the argument that all of these methods will necessarily have very low bandwidth, you'd probably be correct. Except for the fact that in a wartime crisis, you don't need to swap gigabytes of porn -- you just need to send vital information such as "The enemy is at 56.47 by 14.03," and "Incline the mortar by 56 degrees". These messages don't need much bandwidth.

As for DOS or DDOS, however unlikely they might be on a private network -- just use a strong protocol such as IPv6.

Hacking threat assinine, no greater than ever...

[aquarian]

With all this hysteria about the WTC, naturally people are getting paranoid about the internet. But I don't believe the threat from hackers is any greater than usual. Where are they going to come from? Afghanistan? That's a laugh. I doubt they even have internet access over there. It takes talent, time, and readily available internet access for hackers to hone their skills. Citizens of unfriendly countries have none of these things. Sure, there could be the odd evil nitwit genius sent over here to go to college and learn computer crime, but that drastically narrows the pool. I simply don't believe that there are legions of enemy hackers out there- for the near future, at least. When the average Chinese or Syrian kid has a computer with internet access from the age of 4, I'll worry. But not 'til then.

Which is safer in the long run?

[Bellwether80]

Perhaps a system that is constantly being challenged on a wider scale where the gaps in security are discovered and patched relatively quickly due to sheer magintude and a shared problem (i.e. the internet as is), would be more secure than one that is seperate such a GWB is proposing. (i.e. tested by outsiders much more rarely and thus more open to a catastrophic security failure)

The real reason for this network.

[supabeast!]

Right now this thread is filling with posts about why or why not this network will be secure, and why or why not all of the OTHER protected/secret government networks are/are not secure. What people are missing out on is that the government does not actually WANT a secure network.

Bush and co. want a new network because two states, California and Viriginia, are full of out-of-work techies, left jobless by the dotcom collapse. Virginia and California are also the top two states in regards to defense agencies, contracts, locations, dollars, etc.. Building a new government network would create a huge number of stable, high-paying jobs in Virginia and California as the agencies and contractors in those states were wired up; and even more jobs all across the country as the network spread out to all of the other states in between.

Not only does this have the effect of greatly boosting the economy without pissing too many people off (Which Congress has proven they cannot manage to do.), it also earns a lot of loyalty to the Republican party from all of the people who get those jobs, as well as the other people who benefit from those jobs as the money trickles outward.

Is this network needed, or even likely to work? I do not really know, and anyone who had nothing better to do than post to Slashdot about it really does either. But that does not matter, because right now America's economy needs to get going, the world needs our economy to get going, and the people making decisions in the White House realize that this is a good way to give a long term boost to the economy and their careers, without really earning much scorn, and they would be fools not to.

Re:The real reason for this network.

[underpaidISPtech]

Exactly, I'm surprised no one else saw it as well.

Government handouts and subsidies happen all the time in flagging industries, why not be happy that the govt wants to give a shot in the arm to the TelComm sector? More jobs, more money. Sounds good. Of course it won't work, but that's not the point is it? It's all about a boost.

Better get it while the gettin' is good, because I'm sure the money could easily go to something else like, oh... I dunno, the nosediving (pun intended) airline sector, or some new "initiatives" to protect IP and copyright.

A bold challenge

I think people are misunderstanding what is being requested. Yeah people may say a UnHackable Network is impossible. Why? because you can't think about how to do it? Because it doesn't seem possible to you? I seem to remember a similar request from a previous president, I believe his name was John F. Kennedy. This president requested that we place a man on the moon. Which seemed ridiculous at a time, many people said it was impossible and laughed probably saying things similar to what you are saying now. But what I see is a man making a bold request for new technology, so instead of being pessimistic lets reasonably see if something could be created that would be "Virtually UnHackable".

You mean:

"Jedem das Seine", don't you?

This is not flamebait

Just terse and correct.

IPv6 is way too baroque for the few problems it actually solves. It's a classic case of the second-system effect. I can't imagine it ever being widely implemented as it stands.

hmmm creating more jobs?

[sewagemaster]

let's see if the stocks for the telecom sector starts going up a little bit more... things like this gives us the faintest hope that new grads like us will actually be able to find jobs....

Lower sense of security

[Jeffv323]

If they did this, you would think that if somebody obtained access to the network they would have an easier time getting around due to the false sense of security a private network brings.

Wouldn't we all?

[Magneto48]

The way I see it, an unhackable internet is completely impossible due to two factors: human nature and human ingenuity. The Nazis thought Enigma was unbreakable, yet it was quickly broken. Bush's plan reeks of a PR stunt for the technologically illiterate citizens of the nation. I'm sure that average-joe republican will buy this as feasible, but the fact of the matter is that this is just a piece of bravado.

And Another Thing!!

[Mudhiker]

Well, over a hundred posts and nobody has said this;
How is such a super duper secure network going to be used? Is there going to be a secret special terminal at your local federal building where the agents email their counterpart in the next state?
I work daily with military computer systems and it is hard enough just keeping the spam and porn and cnn streaming video off our networks. The worst offenders are often those in charge and those who should know better, those whose job it is to enforce security. As long as we have people using the system it will be inherently insecure. Maybe Dubya will be calling up about 2.8 million more security people to stand in every government office and look over shoulders.
Those people in the government who have a need to know secret things already have secure (physically) means to do so. This new GOVNET is a PR scam that has no purpose other than to stir up the public even more.
(Though I think the public are more excited about the 0% interest on new cars and the cheap gasoline than they are about not seeing photos of the 5000 people recently murdered.)
*sigh* My sig is becoming more and more true...

God DAMN IT!

[jcr]

We could have had an uncrackable PUBLIC network by now, if the government hadn't put so much effort into harassing people who tried to publish crypto code.

-jcr

MS Servers are havens for "terrorists"

[SgtChaireBourne]

Given the ongoing security problems with the various Microsoft product being peddled for the server room, wouldn't a company or institution that knowingly and willfully installs such software be knowingly aiding and/or sheltering terrorists/anarchists/criminals?

All it will take is one lawsuit or police raid and suddenly certain "IT-Solutions" will not seem as attractive as the normal Solaris/BSD/Linux/etc based ones.

MS

[underpaidISPtech]

When MS starts .NET on it's own fiber, we can call it ABOVE_the_GOVNET.

The good old story repeats itself

Don't you get it?
They want the us to be secure and keep the rest of the world vulnerable. So they can (try to) f**k around with it.

Is obl our buddy?

Hard to disrupt

[underpaidISPtech]

Isn't hard-to-disrupt communication the reason that DARPA got involved in this "Internet" business anyhow?

Good point, although I don't think at the time that DOD believed that others ( non-US govt) would have widespread access. I think they were trying to imagine a way to avoid the single point of failure, which the Internet still fulfills quite well. The DOD was probably more concerned with bombed-out Comm stations and cut fiber/wire under devastated city roads, than DOS attacks. DOS attacks are new and would've been difficult to foresee in the early Internet.

Personally I think that a fragmented Internet is inevitable. The free-market, ( some may argue not-so-free) coupled with the immense size of the Net will cause the net to fragment into different carriers. Each carrier will offer similiar services, prices and the like, just like the Telco's. Hell, most of the fiber is owned by the Telco's anyway, it just allows them to get a return on their investment for all that dark fiber.

Coming Soon: AOLNET, MSNET, GOVNET, DisneyNET, EuroNET, etc.

can't be done.

[Cynikal]

my philosophy has always been that if it can be made by humans, it can be hacked by humans. someone somewhere will figure it out.

People are the biggest security hole

[TeeWee]

When will the men in charge realise that human factors are the single biggest cause of security breaches. You can have a super secure network, but it takes only one dumb employee who uses a dial-up connection to bring it down. Or hang his home laptop into the network. Or bring a floppy disk with his home work into the office. Or telling his coworkers his passwords for easier cooperation.

The list is endless, and all the network security in the world is not going to change it if you don't educate the people working with it.

and i want

"Bush Wants an Unhackable Private Network"

and i want a classic series 3 Jag. Methinks we are both gonna be disapointed come christmass.

Re:Already exist, doubt it'll work

[budgenator]

Remeber JINTACCS? I doubt it, it was a messageing system, actualy kinda like XML. It allow an Army soldier to do things like call it Naval gunfire. On the lowest level it was a fill in the blank paper, then read over voice radios, at the higher levels a computerized intercomunications protocol.

Actualy it was a good system, not perfect but good, but it was murdered. They did this by teaching it. They didn't start with the easiest and work to the hardest, they tought the hardest first so the average pvt Joe Snuffy got hopelessly lost. They actualy tought me how to report the laying of a naval mine field, I was in an light infantry organisation at the time, that report was for Naval ships Captains. This happened because the middle management types realy didn't want to lose their turf. I think the same thing is going to happen here.

To us its easy, blow some fiber, install some routers between facilities, gateway to some secure sattalites and maybe change the networking code enough to make the civilian stuff incompatable. Add in an armor plated authetication, distr the software to authorized users and your done right? Well the Army won't like working with the Marines, DOD won't like working with DOJ, and Intell won't even like working with themselves.

The only good thing I see from this is sonner or later some of the reasearch is going to trickle down to us and be usefull.

Whois the REAL .commIEs?

We're with you on that one geeorgee (first time ever). We're always working to keep ourselves from being phracked into cyber oblivion. As always, we recommend: If you don't want IT seen/pilfered, don't store it on a 'public' server. Anybody tales you different, is feeding you FUDge. That will change (for better, or worse) as time goes buy.

Meanwhile, check out our web address giveaway. Includes a year's free hosting. In case you need somewhere to hang your hack as the GNU millennium kicks in.

Whois using your m$ewallet?

This baby needs a backdoor

For National Security purposes, there should be a built-in back door.....have we heard this crap before? A clipper chip emulator. Parental controls, these douche bags. Bush? Yeah, right.

No such thing as a private and secure net...

[mikethegeek]

Our govenrment again shows it's ignorance of technology.

There is not, and never WILL be such a thing as a network that is absolutely private and secure, particularly when the government (which can't even deliver mail across town on time) is running it. No amount of billions or trillions of dollars spent on it can change that fact.

A "secure" network works like a secret. So long as only one person knows the secret, it's secure. But the instant a second knows it, it's not, and becomes less secure the more people (computers) are "connected" to the network.

What scares me is the draconian police-state laws that will have to be passed to even make this at all workable. Soon as some hacker breaks the "perfect secure private network" (which will happen within days if not minutes of it being established), some group of mornons (Congress) will propose and pass such legislation.

Also, doesn't anyone find it interesting that the govenrment now wants to secure public information systems, yet deny strong crypto to private industry?

Re:No such thing as a private and secure net...

[PinkFloyd]

"...particularly when the government (which can't even deliver mail across town on time)..."

The US Postal Service is not an official government agency. That's why they don't get tax money, and you have to buy stamps. However, they are regulated by the government, which is why it takes an act of congress to approve a stamp rate hike.

I'm a great believer in luck and I find the harder I work, the more I have of it. -Thomas Jefferson

Re:No such thing as a private and secure net...

[mikethegeek]

Not true. The USPS has been made to "try" to live within it's own revenue, but it's still very much a federal agency, with the same hired-for-life government employees who can't be fired even for the most gross incompetence.

Which is why I can't EVER see any large government network even meeting the average standards for "hackerproof" and "security" that exist in the private world.

and i want a car that runs on water.

[Rai]

life's tough sometimes. deal with it.

excellent idea ! leave us alone!

[guest12]

bush invents us govt network.
thanks, now develop it quickly
AND LEAVE THE REST OF US ALONE!!!

now why didnt al gore think of this, I wonder..

Slap me and call me stupid,...

...But doesn't the US flag start with a red bar instead of a white one?

Just a thought :)

--Bel.

Re:Slap me and call me stupid,...

Google [Google.com] seems to think so :)

Unless you go with the purple version, that is ;-)

--Bel.

am i the only one who noticed...

[Rai]

how well 'bush' and 'douche bag' go together?

Gore

I hope baby Bush consults Al before he goes forward on this proposal because it'll be prudent to consult with the man who invented the internet...

do you really know? or are you just wrong?

'easily read my anyone with a reciever?'

Just goes to show that people who
don't know anything still have something to say.

Why? How would you know the framing and
formating of a wireless connection?
how would you know the data-rates?

How would you know in what direction the bits
should be read or the word size?

Yes, wireless can be secure and anyone with
a reciever can't easily get at wireless data
streams unless they are put in a simple stupid
format.

The US government is many things, but not
simple and stupid.

Ethernet protocol is only ONE of many.
Wireless protocols are fads and an open book.

These are just two types of an infinity of
formats that is theoretical.

datacomm doesn't need to be an open book.
Networks can be secured.
The government should be doing this.

What the hell were they thinking putting everything on internet. There ought to be
at least two public networks to secure communications.

There are so many ways to pass data and verify data. The internet and TCP/IP provides an open book for the data. So a different network can use some other protocol.

OH, I know, many think that TCP/IP is the only thing with the only other option being UDP.

Why don't those people go back to school and shut up until they learn about data comm.

Oh, I know why, because in America data comm products are designed by marketting departments.
People who work on data comm aren't even engineers typically.

And that is why that whole sector of the economy is tanked.

Everyone is missing the point.

[Zeinfeld]

This is not a classified network, it is not a military network, it is a network for the civilian infrastructure managed by the government. The military are not about to share their classified networks.

The main idea is to protect against denial of service attacks, hacking is less of a concern than a bomb planted at MAE West.

As such there are two ways to address the problem, one cheap but pointless and one expensive and equally pointless,

The cheap way is to patch together a private network using leased lines, the old private network approach. The problem here is that it does not actually add any security, it simply means that you are vulnerable to attack at the SS7 level rather than the IP level. 'fixed' lines are these days routable, albeit using different technology etc. to IP.

So pointless approach number 2 is you go and dig your own trenches, fill them with wire etc. This would cost of the order of a billion dollars and would actually increase the vulnerability of the network since the private net would never be as dense and redundant as the public network.

All in all this is an indication that the administration don't understand what they are doing. They are recapitulating the pre-Internet mindset, they are not moving beyond it.

Re:But what about private corporations?

[KjetilK]

Doing that does not change the poster's point. His point is the most insightful in this thread: Indeed, it is the society as a whole that needs security, not just the government. You can make a lot of damage to the society without hitting the government at all. We all know that it wouldn't be hard to take out a huge fraction of all Windoze computers for some time, if a trojan was designed for that purpose, rather than designed for making a lot of fuzz. That would be damaging to the economy. It is not difficult to think of other examples.

And that is exactly why it is so incredibly stupid to restrict the use of encryption to combat terrorism.

That requires some intelligent foresight...

[mrBoB]

Something Washington is lacking. I'm sure that GW is already well aware that the military (and select contractors) have the SIPR Net (secure net) in addition to NIPR Net (unsecure). GW prolly wants to model a "new" network (that will cost us more tax-paying dollars) on SIPR. It has always boggled my mind that gov't services (military and otherwise) choose to have some (critical) things connected to the internet in the first place. In addition, the media needs a little more intelligence too... Reporting that the FBI, CIA, NSA, etc.. website(s) were hacked has no bearing on the fact that those organizations have _SECURE_ systems to which _NO_OUTSIDER_ has access. It is on these _DIS_CONNECTED_ systems where the truly important work in resarch, command and control, etc gets done. But like I said, it takes an apparently more enlightened reader/reporter/President to understand these things and act appropriately.

my .02
-Bob

Re:But what about private corporations?

[sterno]

Oh yeah, the pentagon got attacked too, I almost forgot. And so has most of the press. And so has most of the public. My point is made :)

a new internet?

a new internet?, I guess its back to the drawing board for Al Gore!

Misleading statistic

[diablovision]

Sure, it could lose 99% of its routing nodes, if all those were the internal routers inside of autonomous systems. Lose those 1% of nodes that speak a border gateway protocol (i.e. exchange routing information among autonomous systems), and suddenly you have a much larger problem.

Bush to also fund a GovWay in addition to "GovNet"

In addition to pushing for funding for a private Goverment-Net which would continue to use the same flawed non-security based protocols such as BGP but entrust "limited access" to accomplish security, Bush advisors are also pushing forwarded in getting congress to approve Goverment-Ways. Similar to Highways, GovWays ensure the ablity to move goverment officals and equipment more rapidily than highways by declairing GovWays to only be usable by authoritied goverment departments.

"Even if we 100% of our highway growth funding on public highways, there will still continue to be drunk drivers, cell phone drivers, accidents and traffic jams that will get in the way of Goverment traffic," said advisor John Smith. "By re-allocating 80% of those funds towards building Gov-Ways, we are creating a more efficent Goverment."

While quick to admit that the majority of Americans would not get the direct benfits that funding goverment funding of the Internet and Highways would provide, he is just as quick to promote Gov-Net and Gov-Way by stating, "a more efficent federal goverment will always be indirectly good for all Americans. For example, I have been informed by a postal offical that if given access to the purposed Gov-Way system, the average delivery time of mass mailing such as bills and junk mail should be shorten by two hours! That alone should convince most people that discountinuing public highway funding in favor of goverment private highways is the American thing to do."

Jane Doe, another Bush administration advisor also signing the prases of the new GovNet/GovWay purposals stating, "When federal goverment spending becomes more self-serving and less about funding public works, it is then we will have a more efficient and reliable federal goverment for everyone! What could be more American than that?"

Some local goverment offices have already announced similar plans. Several cities have announced plans to reduce funding of public water works in favor of city offical water works. "After all, with scares like anthrax, it is important that we have a closed water system for city officals which isn't exposed to the tampering that a public water system is," said a major city mayor that requested to remain anonymous. "While some say we could try to improve the security of detecting unfriendly agents in the water, it is clear that our limited resources would be better spent on a private secure and reliable water system for myself, my family and staff."

twitch your nose, or nod your head, *poof* magic!

[Esoteric+Moniker]

>3) Demand that every OS Developer, from Microsoft to RedHat make their OS absolutely air-tight and unable to be used for such purposes,

Ok, then we need to add #6

6) Demand that every human being is required to perform their job flawlessly, any deviation from this standard will result in life imprisonment, forfiture of all assest and or death by exposure to rabid lawyers.

Do you honestly think any OS developer really wants to let bugs slip into their products? (Ok, well maybe MS.) C'mon, if it were so easy to just *snap* oh look, no more bugs in our 400,000+ lines of code it would have already been done. (Even by MS)

I agree that there should be consequences for DoS attacks and the "free speech" excuse gets thrown out in defense of too many things but what you're suggesting here is not only unresonable, it is not humanly possible.