Building Secure Computers?

maotx asks: "Growing into the job of a system administrator, I've been tasked with something I'm not quite prepared for: purchase or build a computer that meets DoD compliance for classified 'Secret' information. Several vendors, including Dell our primary supplier, offers computers that will work, but being new to the criteria I want to make sure the right computer is purchased. The computer will be used to create secure CAD drawings (Solidworks, OrCAD, etc) and must have, from what I can tell, a removable hard drive and security stickers to prevent tampering. What is you're experience in setting up a secure computer and is it better to have a vendor do it, or yourself?"

Don't ask Slashdot

[kevlar]

Ask the Dept of Defense. Asking Slashdot about DoD guidelines is like asking an elementary school for details about the space shuttle. No offense to /. community.

Re:Don't ask Slashdot

[nzkbuk]

You give that version of windows too much credit.
it wasn't "Windows NT" that got the rating (as much as M$ hyped it, and I don't remeber the exact spec, but the spec gave the EXACT make and model of computer (and hence hardware spec (that didn't include a network card)) as well as the exact patch level of NT and it specified the applications installed.

In short it wasn't generically Windows NT, or even Windows NT4 sp2. it was much better defined than that, but that being said, yes M$ has achieved a security rating, and I'd have to agree (unlike a bunch of the posts on this topic I've seen), the security model has to fit with the company. if they are asking as a DoD contractor, the question is in the wrong place. If the question is from a company that management feels they need to secure their computing enviroment, then it's all good.

Re:Don't ask Slashdot

[jcr]

the spec gave the EXACT make and model of computer (and hence hardware spec (that didn't include a network card)) as well as the exact patch level of NT and it specified the applications installed.

It also required that the entire IP stack be deleted. It was quite a joke in the computer security business at the time.

-jcr

Re:Don't ask Slashdot

Finally someone who knows what they are talking about!

Ideally, if you need to build something that is processing DOD classified materials, DOD should be providing you with the proper requirements. Fact is that to get it approved will mean a security audit will be done against it to ensure it meets requirements. If you don't know what DOD is looking for requirement-wise you will never pass it on the first try.

Classified is what the computer is running but what is much more important what policies and procedures to take with hardware that processes the information. This can involve things like how the room it is located in is built to block emi leakage as well as control access.

If it is hooked up to a classified network, from my experience it will be using fibre for the network. Unlike some people who think that MS would never be used in a classified network, they are wrong and the amount of it isn't shrinking. Well most of it is workstation based. Servers are a little slower and it is more likely to see a Sun server than anything else.

If the workstation is not going to be located behind a shield then you may want to investigate Tempest approved machines. They are pretty pricey though but there are situations where this is required.

You cannot do it most likely

[gtrubetskoy]

Though I have never worked for DoD, here is a guess on how this works:

If you are building this system for DoD at a request from DoD, then you have what is called a "need to know", which qualifies you for getting a security clearance sufficient for you to receive the exact requirements for such a system after that it is simple just meet the requirements. Of course, once (if!) you get the clearance (and this is an expensive, tedious and long long process involving the polygraph in some cases) and are given those documents, you will be forbidden from sharing this information with anyone else without breaking the law and risking a severe penalty.

If youre not building it for DoD, (or for them but not at their request - e.g. in hopes they'll buy your product), then you have no "need to know" and cannot apply for clearance and be revealed the requirements.

Im guessing its the latter (or you wouldnt be posting to /.), so the answer is you simply cannot build such a system because you cannot know the requirements.

Re:You cannot do it most likely

[DaEMoN128]

No network is not a DoD requirement. Not being connected to an unencrypted netowk is. If you have an accredidted Secure Network.... you can network these. It is worth the extra money... trust me. I have been in your shoes. Contract writers like warrenties.

You've already violated protocol...

[TripMaster+Monkey]

Wow...where to begin...

First of all, soliciting advice on the construction of a computer that meets DoD compliance on Slashdot , of all places, is probably not the brightest of ideas...you might want to keep this from your employers if you are interested in keeping your job.

Second, security stickers on their own simply aren't adequate to the task at hand. Remember, you're looking for tamper-proof, not merely tamper-evident...

Re:Removable disk secure ?

Yes...Removable hdd's. this is so that when the operator leaves the room to go take a leak or whatever, he/she can take the sensitive data with them. And at the end of the day the data can be placed in a secure safe. This is a requirement of all DoD computers that contain sensitive materials. It was very entertaining watching the Munitions guy walk around with a hdd at night when he needed to go take a leak. Very amusing.

Former Jar head with Secret Clerance

[RingDev]

First off, sercret clerance... isn't.

There are 3 basic levels of security in the DOD:

• Sensetive: lists of SSNs, peoples phone numbers, etc. shred the paper, password protection, light building security
• Secret: Reporting information, non-combat comunication centers, etc. shred paper, lock down computers and network but have external connection, no unauthorized location access.
• Top-Secret: Detailed reporting, strategic info, etc. Don't print if you don't need to, locked down PCs, locked down network, likely no external access/email/etc.

For secret info, I never saw anything to hard core. We had some great network techs in Quantico (just prior to the NMCI 4066/4067 consultant replacment), they had a well locked down network, but still allowed internet access and email. But they could, and did, track all of your online activities, read your emails, mirror your hard drive, and shut you down from across the globe. Any specific secret locations like com-vaults had key code or rfid doors.

(Anecdotal network security story from the military, optional reading:)
I had a network support budy in Okinowa who used an external (geocities) site to hold links to internal files for updates and software. Worked good for his updating work at off site locations. One day his user account was locked, 3 gents from the MITNOC showed up with a copy of his hard drive and a log of his internet/email activity over the last 3 months. Turned out some script kiddies found his site and started hammering the firewalls trying to get the software. -Rick

Re:stickers don't prevent tampering

[Dorothy+86]

I locked mine while Moving it from my house to my dorm room, and Couldn't find the key immediately when I got it hooked back up. I used the Pointed part of one of those click pens (The cone shape, where the pen head comes out). It fit where it needed to, and I proceded to turn the lock with it.

PC case locks are, by and large, pretty shitty.

How about this novel approach?

[Kulaid982]

For as expensive as any of the security implementations are going to be for anything that ANYONE has replied to for this question... If your boss trusts you enough to design, buy, and implement the system, why not just ask for a substantial raise (say twice your current salary to whatever the most expensive of these recommendations would run, whatever suits you) to cover the cost of you personally babysitting the machine while people use it? OK, your company would have to spend a small sum to make sure that the room the machine's in is inaccessible when you're not there. But otherwise, when you're on the clock, you're watching the thing like a hawk. Somebody tries something fishy, you ask them what the hell they're doing right then and there, and there's no risk. Think about it.

Re:ATTN: Mods, this guy is a dimwit please mod dow

[CHESTER+COPPERPOT]

"this does not state his experience and knowledge (or lack of) in his field."

The post was in relation to the timeline. Thanks for the slippery slope argument however. The poster has just popped out of no where. He stated on a another post "I've spent a number of years now building/accrediting/auditing intelligence processing systems (READ: secure computers) and you silly little Slashdot geeks have NO idea what you're talking about when it comes to DoD red-tape."

So he's spent a number of years building these systems at the age of 19? Not only that but he would of got his first TS clearance in his mid-teens. Ridiculous. I personally think he's either:

1. A troll or;

2. An actual serving member who's getting a bit too big for his britches.

3. Some guy social engineering people.

That's my opinion, so feel free to believe whatever you like.

Re:Seriously, talk to your DOD security officer

WTF? Why not remove the CD drive and sound card?

Answering as a professional paranoid lacking security clearance: to remind the user not to install such devices. Of course, it shouldn't be the microphone that's plugged with epoxy, but rather the speaker output line. As I understand it, incoming data is fine; but anything outgoing becomes classified.

More anecdotal data: a neighboring department has one such user. (And we're all relieved we only have one such PITA system around to deal with.) She's using a Dell laptop with internal hard drive removed, modular bay bootable hard drive (ergo, no floppy or RW-optical), no built-in wireless or modem, ethernet and USB disabled in BIOS, and separate boot and admin BIOS passwords. When not in use, the hard drive is kept in a safe — top drawer of a WWII-era fireproof combination lock four-drawer file cabinet, actually, that we had left over from a portion of the Manhattan project that was based here.

All output is dead-tree, via a parallel port printer; they ordered an odd-colored paper with a "CLASSIFIED" letterhead on it, which fills up the bottom drawer of the cabinet. I don't know if that was required, or just to make it easy to scan the office to make sure it was all locked up at the end. One of the middle cabinet drawers stores what's been printed; the last drawer stores the remains of any printout she's had to shred, for formal DOD disposal.

Bear in mind: all of what I'm reporting is what I remember of my opposite number in that department grumbling about at a general security meeting. My recall may be wrong, and he may have been deliberately lying.