Slashdot Mirror

← Back to Stories (view on slashdot.org)

Building Secure Computers?

Posted by Cliff on from the even-keyboard-adccess-won't-make-it-easy dept.

maotx asks: "Growing into the job of a system administrator, I've been tasked with something I'm not quite prepared for: purchase or build a computer that meets DoD compliance for classified 'Secret' information. Several vendors, including Dell our primary supplier, offers computers that will work, but being new to the criteria I want to make sure the right computer is purchased. The computer will be used to create secure CAD drawings (Solidworks, OrCAD, etc) and must have, from what I can tell, a removable hard drive and security stickers to prevent tampering. What is you're experience in setting up a secure computer and is it better to have a vendor do it, or yourself?"

4 of 628 comments (clear)

  1. Re:Don't ask Slashdot by maotx · · Score: 4, Insightful

    Our facility security officer has a stack of papers that I have been reading over but it is pretty slim in details when it comes to the specifics. Network is a definate no, floppies and CDs are ok, but what about USB harddrives? Etc.

    The only reason I asked Slashdot was for a jump start. My manager says we need to have something, at least a plan, by next week.

    --
    I'm a virgo and on Slashdot. Coincidence? Yes.
  2. Too strong a word. by Dan+East · · Score: 4, Insightful

    Editor is too strong a word for what is done by Slashdot staff. Person who clicks button to approve story is far more accurate, although lacking a certain panache.

    Dan East

    --
    Better known as 318230.
  3. Drop the Bomb by Doc+Ruby · · Score: 4, Insightful

    First, get your boss to sign a memo acknowledging that you're not qualified to certify computer systems as "DoD secure". Then, hire a security consultant from an insured firm which does sign a contract saying they are so qualified. Then do your best. Also, don't rely on Slashdotters' advice on how to tell if a system is "DoD secure". We're a bunch of kibbitzers on a huge website full of jokers, posers and saboteurs - indistinguishable from those with a clue.

    If you think that advice means you'll get fired, resign. Better now, than after they blame you for the inevitable security breaches. That's probably their plan anyway, in whichever management layer thought that military security is just a buzzword to get an underqualified admin to comply with.

    --

    --
    make install -not war

  4. Re:Don't ask Slashdot, ask an SSO/SSR/IAM/ISSO/IAS by syousef · · Score: 4, Insightful

    I love that. Don't go to /. on military security, EMAIL me. He doesn't even KNOW you, so how are you going to become a trusted source.

    This guys is a bonehead asking for advice on /. "Dear /., I want to make a secure boxen to do top secret security stuff on. How do I do it?" How about "don't tell the world you're setting up a secure box, and don't take advice from strangers. Talk to the DoD yourself!

    And to you. Shame on you for replying on /. Personally if I were you I'd steer well clear so he doesn't take me down with him.

    --
    These posts express my own personal views, not those of my employer