Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Considers Its Networks Compromised

Posted by Soulskill on from the nowhere-to-go-but-up dept.

Orome1 writes "Debora Plunkett, head of the NSA's Information Assurance Directorate, has confirmed what many security experts suspected to be true: no computer network can be considered completely and utterly impenetrable — not even that of the NSA. 'There's no such thing as "secure" any more,' she said to the attendees of a cyber security forum sponsored by the Atlantic and Government Executive media organizations, and confirmed that the NSA works under the assumption that various parts of their systems have already been compromised, and is adjusting its actions accordingly."

6 of 239 comments (clear)

  1. Re:Which is the sane thing to assume by B'Trey · · Score: 5, Insightful

    What I can't fathom is that there is still people out there believing that a firewall is all the protection they need. Or that it is a protection they need, even.

    A firewall is reasonable protection for most people, just as a dead bolt on the front door is reasonable protection for most homes. If you're the online equivalent of a jewelry store - that is, a high profile target - then obviously you need much more than that.

    --

    "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.

  2. Re:Open source government? by mangu · · Score: 5, Insightful

    So to me this raises a fundamental philosophical question: why keep secrets at all, as a government?

    Because we need the military to protect us. You wouldn't want an enemy country to know all about the military operations in your country. And before you propose to completely eliminate the military, remember 1939.
     

  3. What? by natehoy · · Score: 5, Insightful

    What? You mean there's another option?

    Any network administrator worth half their income should always consider their LAN to be compromised. That's why you use secure transfer protocols to transfer any data containing any sensitive information between company systems. That's why you have active network monitors that turn off network ports when they encounter an unknown MAC address. That's why you don't allow anonymous logins to your active directory, and you strictly control access to everything by at least department.

    Security is done in layers. Firewalls can and will be breached. If it is, your goal is to slow the attacker down until you can detect the breach and close it. Honeypot servers, data encryption, network segmentation, network resource security, all of these things are vital.

    --
    "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
  4. Re:Which is the sane thing to assume by JackOfAllGeeks · · Score: 5, Insightful

    Of course, that's not really all that a modern firewall does.

    And this is why the original poster is wrong.

    If you're just relying on a Firewall to block access to ports you shouldn't have open anyways, then yeah, you don't need the firewall: just close the ports. But in that scenario, it's really just a misapplication of an otherwise useful security device.

    A Firewall can be useful, as you said, to proxy various protocols or block certain outgoing (or unsolicited incoming) traffic. It can also be used if potentially-harmful traffic belongs on the network, but not going to or from certain hosts (ie, remote administration of servers might be desirable, but only from certain hosts).

    The point is, yes a Firewall isn't The Solution to all security problems, and it can be misapplied, but that doesn't mean it's not a useful device in the right situation.

  5. Re:Open source government? by DrgnDancer · · Score: 5, Insightful

    Well you see it's like this... As a former soldier I'd have been a bit miffed to be say, escorting a convoy, only to discover that bad people with guns knew my route, numbers of troops, and level of armament. It really ruins your day when bad people show up in precisely the right place with way more troops and guns than you have. Especially if they set up explosives. That takes things to whole new level of "ruined day". And before you comment on my simplistic view of "bad people", please understand that my overall opinion of you shifts dramatically toward "bad" when you start shooting at me. As far as I am concerned anyone who shoots at me is by definition a "bad person", no matter what their initial motivation may have been.

    --
    I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
  6. Manufacturing is key by J4 · · Score: 5, Insightful

    The fact that we outsource chip fabrication ought to be a clue as to why they can't pretend any more.
    OT: It's even money that every piece of military hardware with computers has an illicit kill switch embedded in it.

    Game over USA.