Slashdot Mirror

← Back to Stories (view on slashdot.org)

How The NSA Secures Computers

Posted by Zonk on from the wooo-party dept.

An Anonymous Reader wrote to mention an NSA site covering secure configuration guidelines for a number of operating systems. From the site: "NSA initiatives in enhancing software security cover both proprietary and open source software, and we have successfully used both proprietary and open source models in our research activities. NSA's work to enhance the security of software is motivated by one simple consideration: use our resources as efficiently as possible to give NSA's customers the best possible security options in the most widely employed products."

15 of 209 comments (clear)

  1. Great Idea.. by digitallystoned · · Score: 3, Insightful

    Leave it to the government to tell us how to secure our computers so they can tap into our data later through some backdoor. Good read, except all they really had to say was 'disconnect your computer from the fucking internet'..

    1. Re:Great Idea.. by aussie_a · · Score: 3, Insightful

      Good read, except all they really had to say was 'disconnect your computer from the fucking internet'..

      Uh-huh. And there comes a point where security impinges on usability to an unsatisfactory degree. Sure, not having your computer hooked onto the net will make it incredibly secure compared to if it were hooked to the net. But if you need to use the internet, then this level of security makes it unusable.

    2. Re:Great Idea.. by LnxAddct · · Score: 2, Insightful

      Except that if you RTFA and looked at the history of the NSA, they've been pretty up front about security. They don't tell us everything they know, but what they do tell us has always been credible and useful (i.e. making SHA more secure without actually telling us how it worked). This guide is for everyone, including securing government systems, those same systems that may need to securely exchange data with the NSA, Pentagon, White House, etc... The NSA has every reason to make this guide as accurate as possible. The NSA's job is not only collecting data, but also securing the nation's data and this fits perfectly within that realm.
      Regards,
      Steve

  2. Missing guide? by Anonymous Coward · · Score: 0, Insightful

    Where is the guide for linux?

  3. Re:Crushing defeat. by cperciva · · Score: 5, Insightful

    Why do they treat our tax money so callously?

    It's cheaper to replace a 3 year old disk array than it is to do all the paperwork necessary to prove that it was never used.

    --
    Tarsnap: Online backups for the truly paranoid
  4. Because the data they protect is very sensitive by Sycraft-fu · · Score: 5, Insightful

    The problem is that if you start to allow some things to be sold without being destroyed, the possibility that something is classified incorrectly, and thus has data on it increases. When you are dealing with TS/SCI shit, you just don't take the risk.

    When it comes to spy games, there's no such thing as "parinoid enough".

  5. Why do we get this from the NSA? by Anonymous Coward · · Score: 2, Insightful

    Why do we have to go hunting round 3rd parties to learn how to secure our O/S? Surely this information (in the form of clear and easy Howtos) should be given as part of the O/S package, as purchased from the vendor.

    1. Re:Why do we get this from the NSA? by Decker-Mage · · Score: 1, Insightful
      Actually Microsoft has had guides like these for quite a while and I've been using their guides and the ones from the NSA for years now as baselines for the networks and computer systems that I've been locking down for clients. So, I'm a bit puzzled about why you can't go to a website (Microsoft Downloads) and download them. It's not like they are hard to find. There's also a heck of a lot of this information built into the help files that come with XP, for instance, and the other MS operating systems under the best practices entries you'll find all over the place in there. Then again, so far as I can tell, no one except yours truly bothers to read the help files (I do it during betas to catch mistakes). Perhaps it's for the same reason most men seem incapable of asking directions, although one must ask why women are also affected? Whatever.

      What really puzzles me is why this article came along. Slow /. news day or something? As I said above I've been using the NSA guides for years now so what changed?

      --
      "[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
  6. Slashdot and national security by HungSquirrel · · Score: 3, Insightful

    If Slashdot takes down a government website so quickly, is it a threat to our national security?

    --
    $ whatis themeaningoflife
    themeaningoflife: not found
  7. Re:Crushing defeat. by Crouty · · Score: 5, Insightful

    As your posting clearly shows even the fact that the disks were not used is an information worth keeping secret.

    --
    On se Internetz nobody noes your German.
  8. ^BumP^ by TubeSteak · · Score: 5, Insightful
    Lol, this probably isn't as far from the truth as we think.

    Part of it is that they pretty much have to spend their budget, or it'll get reduced during the next cycle.

    The other thing is, lets say that they rip out all the HD's and RAM in order to auction off the hardware... well, someone has to do that, someone has to file a bunch of paperwork (in triplicate, everything is in triplicate), someone else is going to file the paperwork that's just been generated, someone else has to make sure the HD's & RAM get destroyed, more paperwork...

    The costs can snowball very quickly. It may seriously be cheaper to de-mill the stuff and buy it again.

    --
    [Fuck Beta]
    o0t!
  9. Eheh by SmallFurryCreature · · Score: 3, Insightful
    I use parts of SElinux and am right now running a linux tool called foremost wich seems to be written by some part of the US airforce.

    American tax dollars hard at work to keep my socialist PC running nicely. Got to love the modern world.

    Afraid that the US goverment (the one that makes speeches) might be firmly up MS backside but the parts of the US goverment that actually do stuff seem to like linux.

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

  10. Re:Crushing defeat. by Decker-Mage · · Score: 5, Insightful

    The problem here, familiar to anyone that has dealt with the classified security system regulations, is that as soon as that equipment went in the door it became classified equipment of some certain level. Forever after that equipment, whether it had data on it or not, is set at the level of classification, period. You can never use it with equipment of a lesser classification nor can you declassify it (which in the eyes of the requlations is using it with unclassified equipment). If you can't deal with it, sorry, but that's the way the system works and it isn't going to change as one mistake can cost not just the country but real lives.

    --
    "[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
  11. Beware bad players by coyote-san · · Score: 3, Insightful

    You don't just have to worry about something being classified incorrectly, you have to worry about bad players who deliberately make "mistakes" when declassifying hardware. That's not acceptable so you need to second- and triple-check everything, and that drives the cost way up since everyone must have the appropriate clearances, all of the paperwork is classified, etc.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  12. Re:Nonsense by (negative+video) · · Score: 2, Insightful
    If I own your machine, is it hard for me to install drivers back? Is it hard for me to hide the fact of installation? Is it hard for me to access hardware directly if I'm really after you? This is a good example of advice giving false sense of security.
    Don't be silly. There are no certainties in security, just probabilities. Every obstacle you add filters out a few more bad guys who don't have sufficient time and skill to overcome that obstacle, thus reducing the probability of compromise.