Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Move to Secure Net

Posted by CmdrTaco on from the can-i-have-a-static-ip? dept.

An anonymous reader writes "eWeek reports:The Cyber Warning Information Network, a key part of the Bush administration's National Strategy to Secure Cyberspace, will use a secure, private IP network separate from the public Internet, according to officials. The government currently has seven nodes running, said Marcus Sachs, director of communications infrastructure protection at the Office of Cyberspace Security, in Washington."

8 of 137 comments (clear)

  1. SIPRNET / NIPRNET , jerky... by fire-eyes · · Score: 4, Insightful

    Uh, look up what SIPRNET and NIPRNET are... been around for a long long time...

    --
    -- Note: If you don't agree with me, don't bother replying. I won't read it.
  2. "Security" by gmuslera · · Score: 2, Insightful
    This will be a VPN or simply a private network with their own separate communication channels between the nodes?

    And the nodes will be also connected to internet? If this is true, a worm that goes thru internet (i.e.if in some moment comes a sendmail worm and a company have a postfix in the dmz that receives and forward the main to the internal sendmail would be vulnerable also) could pass between the two networks, I remember how much damage do CodeRed2 and Nimda in not properly secured internal networks. In this case, if the networks are connected to the two networks, a worm could enter from one point and try to infect the other (at least email will be the common point between them.

    But, if they are only connected between them and NOT connected to internet (neither by mail), they are not solving the problem with this, only isolating some critical (?) part of the network so worms like this one will not infect their window shares and things like that (at least, until a worm that combines several ways to spread enter there)

  3. Re:You mean... by 6hill · · Score: 4, Insightful

    One would assume the actual hardware would be under lock and key and behind a pair of burly Marines, to discourage any stray installers of WiFi cards etc. One would also assume there are software safety measures that would prevent the stray installer from importing dangerous data or viruses via sneakernet. And finally, one would assume that deviating from the strict rules of conduct will result in reprimands/jail time/caning (delete as applicable) depending on how dangerous or stupid the said stray installer acted.

    As for patching, that's fine for security levels up to a certain degree, but there are unpatched and undiscovered bugs around any given time, as the submissions history on /. will tell you.

  4. Re:So how will they get data in/out ? by _Eric · · Score: 2, Insightful

    Yes my experience is the same in many cases. In one defense company, the only internet-connected machine of a 1000 people sized site was a few machines in the library.

    And anyway in a major computer manufacturer's network, you didn't see much of internet except through the web proxy and soxyfied telnets. That's of course the way to go.

    If you want real security, you are likely not to want a machine connected to the main power lines as well (tempest protection). I guess an off line UPS does the job.

  5. Re: hey easy with the terrorist word by Anonymous Coward · · Score: 1, Insightful

    Go easy on the terrorist word,
    if you keep tossing that word around
    freely applying it to everyone, pretty
    soon domestic protests will be labeled
    terrorist gatherings and other bad
    stuff might result. I don't condone
    releasing worms but its not terrorism.
    I'm not terrorized when my web logs file
    up with code red, just irritated.

  6. Re:bastards by 6169 · · Score: 2, Insightful

    You are right in that most colleges are assigned more address space than they use. My school of 1600 has a handful of class C nets, and maybe 30 systems that actually need to be routable.

    I disagree that forcing them to squeeze into less space is going to buy much of an extension to ipv4, however. In fact I think it's the wrong idea entirely. Any system where saving address space is such a high priority needs to be changed, especially since an alternative already exists in ipv6.

    Even forcing all the schools to use a Class C network would buy only a few hundred million addresses, which is a drop in the pond at the rate that the net is growing worldwide, what with phones, PDAs, and toasters needing their own network connections these days.

  7. Re:So how will they get data in/out ? by Realistic_Dragon · · Score: 2, Insightful

    Less paranoid? The company I work for has a restricted network (with internet access in one direction only) plus 4 or more (its possible there are some I don't know about) secret or better networks for various projects. File tarnsfer in is vetted, and file transfer out is by physical media only, after the completion of several forms. But, with two or more PCs on most desks, at least everyone gets net access anyway :o)

    --
    Beep beep.
  8. How is that supposed to work? by reinard · · Score: 2, Insightful
    And I quote:


    "The Cyber Warning Information Network, a key part of the Bush administration's National Strategy to Secure Cyberspace, will use a secure, private IP network separate from the public Internet, according to officials.


    umm.. if it's a completely separate network from the internet.. how is it going to have ANY effect whatsoever? I mean they won't even be able to look at what's out there! Am i missing something here?
    --
    Reinard