US Government to Have Only 50 Gateways
Narrative Fallacy brings us a story about the US government's plan to reduce the roughly 4,000 active internet connections used by its civilian agencies to a mere 50 highly secure gateways. This comes as part of the government's response to a rise in attacks on its networks.
"Most security professionals agreed that the TIC security improvements and similar measures are long overdue. 'We should have done this five years ago, but there wasn't the heart or the will then like there is now,' said Howard Schmidt, a former White House cyber security adviser. 'The timetable is aggressive,' he said, but now there is a sense of urgency behind the program. Small agencies that won't qualify for their own connections under TIC must subcontract their Internet services to larger agencies."
Wouldn't this make DoS easier, not harder?
BRENT ROCKWOOD, EST'd 1975
Hmm...TFA says it's obviously only for the government networks but quite honestly what's going to stop them form going farther?
After they do a project this large for their own network they'll have the experience necessary to do this across the board.
If they do that at the major trunks running in/out of the US that pretty much would be the end of unmonitored access for anybody on the 'net in the US. (Not like ISPs in a lot cases aren't logging stuff now but there's a big difference between that and a government run filter.)
Regardless it certainly bears keeping an eye on this to make sure it doesn't show signs of creep or expansion beyond government use.
"Bah!" - Dogbert
No this really helps. This will *really* help a lot with dumb bad guys on the outside (like, say the storm botnet).
... good move !
If the connections between different departments are also forced to go through only these 50 departments, that would ensure a further layer of protection.
It is *much* easier to defend a centralized infrastructure (like this) then to defend something random.
This is the same like in real life. Defending a castle is much simpler than defending the village. Yes castle failures are more spectacular and do more damage, but they occur so much less that it's worth to build them anyway. Breaches in the security of a "village" are constant, unfollowable and you cannot prevent them.
So from security standpoint
We don't log our dhcp services. We allow tor. We host tons of medical, legal, and financial information on you and other americans. The federal IT director doesn't want to change it due to 'budget constraints'. Your government at work, people.