Slashdot Mirror
DARPA Seeks Input On Securing Networks Against Attackers
hessian writes with an article in Wired about the problems facing the U.S. Government's networks in an increasingly hostile world. From the article: "The Pentagon's far-out research agency and its brand new military command for cyberspace have a confession to make. They don't really know how to keep U.S. military networks secure. And they want to know: Could you help them out? DARPA convened a 'cyber colloquium' at a swank northern Virginia hotel on Monday for what it called a 'frank discussion' about the persistent vulnerabilities within the Defense Department's data networks. The Pentagon can't defend those networks on its own, the agency admitted."
Then who can?
Air gap and superglue in the USB ports.
Oh, you want really secure? Turn it off and never use it.
Finally had enough. Come see us over at https://soylentnews.org/
OpenBSD.
Darpa convened a “cyber colloquium” at a swank northern Virginia hotel on Monday for what it called a “frank discussion” about the persistent vulnerabilities within the Defense Department’s data networks.
Well there's your problem! The ones at the forefront of breaking-into-electronic-systems-in-interesting-ways aren't the usual crowd the DoD are used to wooing (heads of industry, academic engineers, the conference-at-swanky-hotel crowd) but people working out of their basements fiddling with things for the fun of it.
If they want a real assessment, offer a honeypot network with some stand-in data, and set a prize for whoever can get it and tell them how.
end-to-end that shit. Things will be a little trickier to figure out in war-zones, but there is no need to have someone in the Pentagon routing out through an exposed network to exchange data with Ft. Meade or Langley.
I wonder what this says about their own confidence in SELinux.
* Create cs-class.org (cybersecurity) ala Stanford's ai-class.org
* Make most government IT professionals take it
* Create Khanacademystyle security Videos for non-IT Staff
* Recruit some government employees to do fake intrusion simulation: Create fake USB Devices that will not compromise the computers, but will issue a warning/prank to the users so that people now why they failed.
Start using systems that were designed to be secure in the first place. Stuff that works on a "deny by default" basis, that refuse to process any data that it doesn't understand, use OCSP as a white list on the CA side, defence in depth: use strict validation of input on multiple levels (when making web app: using default deny application firewal, then strict validation in form processing and finally use modular application design that validates data received from other modules) and so on.
This will require throwing away most, if not all, software in use. Including OSs, probably even Linux as I'm not sure if SELinux (or other such systems) go deep enough on the kernel side. Then making new software from scratch with primary design objective to be secure. As no politician or PHB can justify spending this amount of money on such nebulous concept as security, the whole idea will fail. Because this won't eliminate, just reduce the number of security related bugs, won't help the cause.
We have to start by teaching new programmers how to make secure systems first (and I repeat, systems, not just programs) and just then how to program.
Before you repond with the kneejerk responses, look at what you have in your toolkit as an admin. Superglue the USB ports. Great, how do you propose to large decent sized chunks of data from one airgapped network to another? My example -- moving declassified imagery from the intelligence network to email to the Red Cross and USAID in Haiti. How do you communicate with your vendors if you cut email and web traffic? Do you happen to have the extra billions of dollars to upgrade custom software to each new OS release? Yes, we're running a bunch of old Ultra60's because it's cheaper to maintain them while we port software to current generation software than it would have been to port it 4 times from then to now. Yes, when you're betting people's lives on the software, we take the certification and validation seriously. It's not like your cute linux science fair project where unknown bugs are tolerated. I'm a hater, but exchange is entrenched because the calendar works from crackberries to laptops on modems. As much as the military has fucked it up, and fucked it up well, Active Directory is the least fucked up way to maintain several million desktop users, who need roaming profiles over many continents. This is why those idiots are asking real professionals instead of the small time hacks. It's not a small problem. Imagine the cost of trying to train 2 million people to swtich from PC to mac or linux or VT320 or whatever your pet solution is, in a world where infrastructure is not assumed. Do you really want to pay for that?
DARPA and swank hotel in northern Virginia? Now last I checked, it was part of the NSA's mandate to protect our nation's communications and advise the nation on best practices which means to me they technically ought to be the lead here. Then there is the location right in the heart of defense contractor territory. This sounds like a luncheon for overpaid wonks that still can't get the FBI on electronic records to pitch their latest brain dead notions. If this was at a HoJo outside Vegas around Defcon like day before or after and was say Tweeted, then I might think that the government was getting it's money's worth.
Still in the spirt of helping our government not be idiots.... Physical access ie wired networking. Written operating procedures that are intelligible ie turn off ports not in use. And basic computer security practices ie secure the service ie end single signon ought to be the basics. Also we live in a democracy prepare to be audited by extremists every two years.
application whitelisting, host based ids systems that alert and block on any files that are not white listed. BLOCK SOCIAL NETWORKING SITES. Whitelisting websites, VMs while using email applications and surfing the web (users will always be dumb users....) Ubuntu, virtualbox, open office = free....
If you're not willing to make the hard calls when someone can't do something as simple as patching, you're doomed from the start.
Anyone helping them remove visibility should put the price tag at invisibility for all. It is a well know fact that the U.S. government supports more intrusive activities on internet users. If they want my help to secure them from prying eyes, I want the same in return. Anyone with any moral dignity should insist on the same. [cough]Mudge[/cough] The more intrusive they get, the more intrusion they deserve.
Securing the network on Windows is just about impossible. It was originally designed when computer security was nothing but a far-out concept and attempts to retrofit security into it without tossing out the basic design have been unsuccessful so far, actually securing it would require a silly level of hacked-up modification (try to prevent wifi dual-homing, I dare you). Toss out Windows, start with a custom Linux distro and go from there. Network-booting machines secured with in-house-administered TPM will be extremely hard to break into. Allow centralized control of all software so that any change to a computer's OS that wasn't signed off on by the IT department sets off the biggest red flag in the world.
It can be done but not while trying to pussyfoot around with commercial consumer-grade toys.
"When information is power, privacy is freedom" - Jah-Wren Ryel
I can't believe this silly disclaimer DARPA has on their site. Read it carefully. They're doing it wrong.
http://www.darpa.mil/external_Link.aspx?url=http://i.imgur.com/slZOR.jpg ;)
The latest Slashdot meme.
The core problem for the US government, and whichever of the many branches that is taking responsibility for this or that part of the government's cyber infrastructure, is a lack of pervasive talent among the staff. In order to attract talented staff, it is essential to have a very transparent mission and vision for an organization. Is the US government really committed to securing the infrastructure?
Well if you look at the Chinese attacks they are all based on spear phishing. So what you need to secure is prevent people from running code sent to them via emails. Its really easy to do - simply enforce whitelists - not blacklists, whitelists. For example, the OS should refuse to run unsigned exe files - not simply ask you if you're sure, but actually tell you that you can't, period. And by unsigned I mean anything not signed with the private keys of your organization. Also, make a whitelist of domain names so only approved websites can be visited. That cuts a large swath of infection vectors - now you can't enter into the computer network with the help of gullible employees because even if they want to run your exe or follow that link to your website and enter their password THEY CAN'T.
Frank discussion? That's the 1st problem.
Security seems to be extra vulnerable to fraud. Many times, I saw military customers wooed by vendors who are perfectly willing to give them a load of bull about how they can't explain why their devices, software, and ideas are secure, because that would compromise the security. Then the military goes a step further, and abuses their secret classification system to cover up security problems, keeping important information even from their own people. They base security decisions on politics. They are more interested in getting a system approved as secure, than in whether it is actually secure. and will lean on people to just rubberstamp systems. They play favorites. They like Windows, because they find it more user friendly, so they push to have it declared secure. Systems they don't like are held up to extremely difficult standards, the better to reject them. They engage in plenty of their own bull to pull that off. For instance, Linux is coded by foreigners, which they deem automatically makes it insecure. How can they know some foreign programmer won't put a back door into the Linux kernel? Never mind that Microsoft might employ Indians to work on Windows. And who's to say that US citizen programmers would never sell out?
They want COTS (Commercial Off The Shelf), to save money, but there is no COTS that meets their needs. They play a funny game with contractors too. Employ people as contractors and treat them with deep suspicion, but won't employ them as their own experts who just might possibly be a touch more committed and loyal.
No surprise that the military stinks up their security.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
Stop putting critical systems online.
"If any question why we died, Tell them because our fathers lied."
Two winning strategies:
Stop connecting computers to the Internet
and/or
Stop having secrets
out good tech people or force them to be mangers and then on to some other post.
Also alot of tech people are to old for the military others don't have the mine set to make it though a military boot camp. If some of it needs to be military maybe then it's needs a special rank systems so techs are not forced to start at private pay and officers should not be the same way as the rest of the military is.
Also have a special boot camp say maybe little to no exercise part, no forced gun trading, no other battle field skills (we want people to work on IT and not be a soldiers that can be sent any where) Maybe even have some kind of tech school but I don't know if they should come officers (As some of tech people make for poor managers) maybe have techs become team leaders.
Recent security breaches on Linux listed next:
---
KERNEL.ORG COMPROMISED:
http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised
---
Linux.com pwned in fresh round of cyber break-ins:
http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/
---
Mysql.com (runs Linux) Hacked, Made To Serve Malware:
http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware
---
Then, there's ANDROID, and it's showing us all that all the FUD on /. for years now that Linux is secure is just that, fud. ANDROID's being torn up in the hundreds with exploits and yes, ANDROID uses Linux kernel.
"Toss out Windows, start with a custom Linux distro and go from there" - by GameboyRMH (1153867) on Tuesday November 08, @09:04AM (#37984364)
Isn't ANDROID a "custom Linux"? Then, how come it's being TORN UP SO BADLY IN SECURITY & NEARLY DAILY YOU HEAR ABOUT EXPLOITS ON IT FOR YEARS NOW??
* That's all recent news of Linux security breaches there above, folks, and for all those years we all kept hearing "Linux = secure" around here, well... read 'em & weep above!
APK
P.S.=> By the way - You CAN secure Windows, & I've done so (remained uninfected since 1996 in fact on Windows NT-based OS by using what's in the link below):
http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Search&gbv=1&ei=2Em5TufwI-qe2AWdvY2dBw
And, yes, it actually WORKS...
However: Don't let ME just say it, I'll let others from the links above say it instead:
SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2
"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral
AND
"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral
AND
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3
"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to cal
Since 0.0.0.0 is smaller by 2 characters than 127.0.0.1 & it DOES make for a smaller file too, especially in LARGISH hosts files, where those 2 chars per line only 'compound bloat').
Put it THIS way, some "evidence thereof" to that very effect, quoted next below:
Even Microsoft's mgt. (Windows Client Performance Division head (who has a CSC degree mind you)) was FORCED to agree on that point, here (on slashdot no less):
http://slashdot.org/comments.pl?sid=1467692&cid=30384918
* "Read 'em & WEEP", naysayer...
APK
P.S.=> This? This was just "too, Too, TOO EASY - just '2EZ'"... as it usually is, vs. naysayers like yourself!
... apk
It's B1 in the old (stringent) rating scheme, and can be configured to provide a lot of protection against theft of data, via
- mandatory access controls (not changeable by the process or user)
- secure path (knowing it's really you at the keyboard)
- covert channel analysis (genuinely hard, this is often "ongoing")
- audit (which eventually runs you out of disk (;-))
There is some protection against attack, but more or less as a side-effect of protecting against spies leaving with data.
--dave
davecb@spamcop.net
Certainly isn't Windows - and? Looks like it is a Linux by using a Linux kernel, because lol, again: That's SURE NOT WINDOWS! It's a custom Linux, but one being destroyed out there security-wise, almost daily for years now in various exploits!
"And yes you can lock down Windows with an insane amount of work" - by GameboyRMH (1153867) on Tuesday November 08, @10:40AM (#37985600)
It's no "insane amount of work"... it's just regular patching, smarter surfing, & being aware of HOW Windows works to a decent extent (or really any OS & apps that run on it - mostly, it's user education awareness, along with configuration settings, not just "hacking" it...)
* INCIDENTALLY: Doing that guide? Takes about 1-2 hours of your time, but you can run for years in the distance safe & secure (as the testimonials showed, not including my own mind you) IF you follow that guide to the letter...
(It really comes down to what you said: USING A CUSTOMIZED 'SECURITY-HARDENED' SETUP, along with user awareness (I attempt to impart SOME of that to folks there too), & that's exactly what those guides give you!)
APK
P.S.=> It does work... and, as far as this from yourself?
"but why not put that work towards a more fundamental and long-term solution, instead of slapping armor onto a vulnerable black box that was never designed to do the job?" - by GameboyRMH (1153867) on Tuesday November 08, @10:40AM (#37985600)
I did, and it "holds its mud" well (put it this way - I ran Windows Server 2003 the day it came out, to the day I installed Win7 instead (2009) & am still on the SAME INSTALL of Win7, uptime solid & secure... all via principals in the guide, and using CIS Tool (yes, Win7 has a version of it as well, it does help, & make securing Windows actually "FUN" in a nerdy kind of way - like running a security benchmark test really!))...
... apk
Was anyone ever able to compromise a correctly configured VMS box? Has anyone broken strong well configured public key encryption? Security is not a big secret, not easy, but good, effective practices are not unknown. So is the question "how do we keep script kiddies off our sharepoint site installed by a neophyte sysadmin"? Really the only valid response is a well quoted "*sigh*".
There are too many items to list here.
* Non-networked systems
* Air-gaps
* No way for end users to bring in any programs or data. No USB, no optical media, no firewire, no eSATA. PS/2 keyboards and mice.
* All non-secure OS settings need to be removed. If an OS cannot be setup in that way, DO NOT USE IT.
* Avoid the so-called industry experts from any current contractors. They look for ways to make money as their primary goal, not secure the networks and systems. Boeing, GD, CDC, EDS, and similar contractor management all need to be thrown out.
* Personal responsibility for any breaches.
* End users do not need internet access by default. Having internet should be harder than getting a TS clearance with mandatory bi-annual training and constant testing.
* FLOSS should be used by default - commercial software should only be used as a last resort. The government can mandate this in contracts. It will make FLOSS better for the entire world and end the stranglehold that software vendors currently have. Start with mandatory open formats to achieve political wins in the short-term. This goes to servers as well. Source code provided and available for all. I'd like my government tax dollars helping not just the US government, but the entire planet.
* Without the source code, it is impossible to ensure the code is updated as security issues are found.
* I'm not anti-commercial vendors, just anti-closed source. Commercial vendors can change their software release models and retain support contracts, charge for new features, run the systems too. If their prices are out of line, another group of experts (often from former employees) will be able to take over.
Breached recently (past week or two now) that RUN LINUX:
http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
http://uptime.netcraft.com/up/graph?site=DigiCert.com
Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/ AND per this article on /. also -> http://it.slashdot.org/story/11/10/28/1954201/four-cas-have-been-compromised-since-june
APK
P.S.=> So, std./"OEM STOCK" Linux isn't the answer... @ least NOT a non-security hardened one (& I mean above + beyond just std. SeLinux even)
NOW... I noted CIS Tool for Windows 2000/XP/Server 2003 & yes, even Windows 7/Server 2008 have it, here in my other posting to GameBoyRMH -> http://yro.slashdot.org/comments.pl?sid=2514010&cid=37985822
THERE IS ALSO A BUILD OF CIS TOOL FOR LINUX VARIANTS AS WELL, look into it...
That is, IF you're after that "custom security hardened build" he notes should be used (which he's right about, because I've done pretty much the same thing for Windows really, & it's worked for myself since 1996, & that post shows others doing the same since 2008 onwards)...
... apk
Its all 3.
1. put a device that detects attacks between your WAN and your infrastructure is key, IE an IPS/IDP, Ideally you'd want this attached to all your switch ports as well. (These Devices go in both directions, so it will also be able to see what gets sent out as well as in)
2. Use Linux as the Core System on the workstations, disable all over the air type connections (Wireless is and never will be secure), Drop in a proper Firewall (IP_Tables is good, but you need a layer7 Policy software firewall here, not just Layer3/4 as you want to be able to read into your applications and packets at the layer7 level, then setup rules based on what you expect and don't expect)
3. sand box the Users OS between your Linux Core system and whatever OS they will be running (At this point, they could run windows, because anything they run on it could and would be filtered, detected, logged, and controlled at the Sandbox, the L7 Soft Firewall, the and the IPS between their Workstation and the Network)
All the above is already being used in many govt facilities, University campuses, and in the private sector.
Just not all the of above at the same time. and that IS the main problem.
You can say 'wow thats alot of software, and there will be overhead' all you want. But with the latest hardware (I7, AMD x8-Operton, 8gigs/16gigs of ram) this is 100% feasible now. And should be considered Standard Practice for secure facilities today.
For developer systems and the like, drop them off the shared network and build them into their own network that is isolated. If they need the extra horsepower with out the need of the above, then they do NOT need to be attached to the network.
To reconsider ur statement on Windows http://yro.slashdot.org/comments.pl?sid=2514010&cid=37985420 and http://yro.slashdot.org/comments.pl?sid=2514010&cid=37986120 because very recent history has shown Linux to be quite poor on the security front in practice.
Now - You note history: Did you know that as far back as Windows NT 3.x that Windows achieved the "Orange Book" C-2 security rating?
* Windows NT-based OS's HAVE been built with that in mind (witness ACL's which Linux only gained an analog of in MAC, via SeLinux which the NSA produced as an addon/bolt on for std. Linux mind you, clearly copying a good idea from Windows no less).
APK
P.S.=> The problem out there is two-fold, imo @ least:
1.) For everything & anything the coders or designers can think of, the hacker/cracker types will "unthink" & work-around (eventually that won't be the case & the cracks WILL get 'sealed' but takes time) - I've said this since my 1st security presentation back in 1984 @ LeMoyne College in fact, & it's held true ever since
2.) The end user, & programs they use that are insecure... in fact, want to know what's causing the MOST hassles on Windows (2 widely used programs), read here:
JAVA, & Adobe Products MOSTLY (99.8% in fact), per this:
http://net-security.org/malware_news.php?id=1863
& this:
http://www.net-security.org/secworld.php?id=11759
You MAY find those links, QUITE "enlightening" actually...
... apk
Any Internet connected system will be compromised at some point in it's design life. The only way to prevent this is to get really important things offline, and keep them off the Internet ( including all of those government networks like Intelink, Siprnet, Nipnet, etc, etc, etc, etc, etc, etc, etc. )
I've said it before and I'll say it again: Hire people you don't know. I realize that sounds bad at first, but it's better than what the DoD does now.
I read an interview in TIME a year ago with the guy (the name Montgomery or Mitchell or Marshall or something with an M sounds right) in charge of the Air Force's cyber command. He hit the nail on the head. They created the cyber command by picking out the most skilled computing personell who were already within the military, then transferring and promoting them as needed, The problem? The kind of people who joined the military before the cyber command was created are all shooters. They're gun people, not keyboard people. As a result, the cyber command started by filling its ranks with the best of the worst. Everyone there would list their knowledge of Linux command syntax (if they have it) secondary to their ability to hit a target at 300 yards. And that's the problem.
The guy in the interview knew it. At the time, he was lobbying congress to get special recruitment exemptions for geeks. Skipping the more physical aspects of basic training, skipping rifle training, etc. He was doing his dead level best to make the military a place geeks want to work. The result? A bunch of senators from the south (including the one I didn't vote for from my state of Alabama) telling him that "the military shouldn't be employing a bunch of namby-pamby whiners who can't make it through basic training." And to give the man (the commander, not the senator, he's a douche) his response was totally on target: "With all due respect sir, the equivalent of those namby-pamby whiners in China could shut down the US electrical grid in about 20 minutes. It seems more than prudent to ensure we have our own whiners to combat theirs, sir." That pretty much sums up the problem.
Secure against spam, all else is then trivial.
This kind of thing pisses me off, mixing fractions and percentages here in this way has no advantage.
Just say "0.3 percent" for fuck sake.... needlessly obscuring the wording and format of statistics are almost as useless as individually unrelatable statistics used by politicians. I've lost all respect for the writer and will not read the rest of the article.
Maybe if the US Constitution was restored.... and these fucking oath breakers removed, I might have more motivation.
But until then I offer the Common Sense Security Skeleton. (it's to be taken and improved as you become wiser)
1. Nothing is going to secure a network forever.
2. Keep secret technology in a vault with a logbook.
3. in the "rare situation" where sharing classified crap with the wild west, use a VM, large data can be carried by portable drive (non real time) to the VM for transmission
4. Real time video, get's a video converter which then dumps to a sacrificial VM to broadcast it. (A video camera on a tripod can work in a pinch)
5. All "Websites" get air gap, and are to be considered fair game if facing the web.
6. Parts Manufacturers for parts which Darpa uses, must be manufactured by Darpa or the process must be completely controlled 100% by Darpa with a logged chain of custody and oversight of the entire process. (it's not okay to order mil spec chips from a foreign country even if you have an unconstitutional fucking treaty with the scumbags)
7. Spies get portable aes 16384 keys and cb radios with funny channels, just kidding. They get ftp access and a daily list of proxies, okay okay just kidding. Spies are just bitchy little girls train them or shoot them.
8. "throw off" the oath breakers and bankster enablers soon, or nothing is going to matter.
9. If you can't secure it destroy or de-activate it.
10. Design a human chain of custody 100% through and through. One man who swore an oath can move 20 Yards of classified boxes a mile alone, as long as he is able to keep an eye on all boxes 100% of the time, and keeping everything isolated for the trip, pick up one box, set it down 50 yards, go back, rinse repeat. This is different from electronic voting where more than one interest in the data (you know paper ballots) not being tampered with.
11. Don't hire contractors who are connected to the ponzi banksters. Block their iframes
12. Security Clearance Audit 100% everyone, sit down, look at past activities, if there are "problems", then person is never to work for, hold office, contract, or access networks, information ever again.
13. Cleanse the NSA, CIA, PENTAGON of these horrible logan act violators, FIX the LOGAN ACT so it has big teeth. no more AIPAC, CFR, PNAC, EU BS.
14. At some point, when all the treasonous oath breakers have been removed from the picture, a trusted network (intranet) will be created, let people use whatever tools they want (granted they are not worms (reverse engineer them) and other unsafe shit) to get the job done on this network.
15. If you are worried about the electrical system. Fix the Solar and Hydrogen situation so the people can start to get off this (not so) smart grid bs. Cheap panels and a fucking set of plans to convert water into bottled hydrogen for joe home owner (who can't even light a fucking fire in the fireplace because of all the bs brainwashed state and federal green laws and carbon fraud, and meanwhile all the other nasty bullshit coming down in the air from fukushima fallout to aerial spraying to create the electronic battlefield. Turn that shit off, before everyone is too sick to work on your fucking networks)
AFAIK SELinux can protect you from attack only from user-space. It won't help for attack on kernel itself (it's important if we want secure networks). But then I'm not sure if any system in a monolithic kernel would be able to do this. On the other hand, monolithic kernels are the only OS kernels that actually work outside academics. This would suggest that the highest security rating a general purpose OS can have is B1...
The US Government has screwed up for a long time in this area, and they are not about to change. They laughed at the French when the Germans marched around the Maginot line, yelping out "hey silly, they aren't going that way, they are going this way over here, ha ha! But they don't learn from the French mistake. Smart people learn from other peoples mistakes, stupid people learn from their own. Here the US government is doing exactly what the French did, but over and over. A terrorist delivers a bomb via an airplane, so all airports are home to mountains of security, "Because thats the way they always do it". Its like there is a rule or something (some might even call it a rule). But there is no rule. The next time, they probably do something else. In cyber security, they see a vulnerability, and play whack-a-mole. They fix one hole in the colander, and the next time the water goes through the next. Then they fix that hole, and the exploit goes through the next. Rinse, repeat. Would it be that hard to build a 'hardware entrance' to a network that is well designed and only allows registered people in, and only allows certain IP addresses from certain routes in, with proper credentials? You can add optical fiber and Heisenberg encryption (so if there is someone performing a man-in-the-middle snoop, everything gets muddled). But they don't, and won't. Ha, ha, the Germans went around the line and came from the north through Belgium! Fighting the last battle over and over is never a good strategy. Thats the thing to learn.
0) Only allow physical access to cleared personnel.
1) Don't use what everybody else is using (so, no windows). Do not advocate what you are using for which system.
2) Don't trust your users and don't trust your apps (paranoid access control lists).
3) Consider everything which has internet access to be already hacked. Any communication with a system outside the DMZ should be checked and double checked.
4) Don't allow confidential information to leave the site. This means no USB sticks or laptops which go home, unless strictly needed and then severely regulated to the point that the data taken home can only be used on known secure systems (systems provided by the user's work).
5) Don't use wifi when you can avoid it and when you have to use it, make sure it is heavily encrypted and the applications using it encrypt their own data. On top of that those networks shouldn't advocate their presence (when possible, of course).
6) Log everything.
7) Blacklist untrusted IP and MAC addresses.
8) The weakest link defines the security of a network.
9) Don't allow politicians to select the software they use.
The problem is that they have government contractors reviewing potential solutions. The same people who are incapable of coming up with workable solutions themselves. So what makes anyone think they would know a good solution, even if it bit them in the ass?
DARPA announced a grant program for this last August at Black Hat. We spent a month crafting an RA for developing a solution based upon formal methods that would change the advantage from the attacker to the defender. Even if we were full of shit, you'd think DARPA would want to know more, in case we weren't. We got a form letter rejection for "Mudge". Am I bitter I spent a month trying to help out the DoD? you bet. I have better things to do.
It reminds me of when the Web was first emerging and I was getting my MBA - Anderson Consulting came to our school with a "contest" to see who could come up with the best business model for the web. Anyone know where AC is now? The DoD needs a good shot of Darwin.
To reconsider ur statement on Windows http://yro.slashdot.org/comments.pl?sid=2514010&cid=37985420 and http://yro.slashdot.org/comments.pl?sid=2514010&cid=37986120 because very recent history has shown Linux to be quite poor on the security front in practice (especially on CA's for SSL, if not KERNEL.ORG the repository for Linux's sourcecode also).
I assume you're talking of enlisted people in the military. Military IT types are rarely more than basic operators. Any of the engineering level decisions or support is handled by contractors or government civilians.
... is the one that does not exits.
A mathematical theorem if you dissagree.
++
How to make a network secure, well lets see, enable OpenVPN configure IPSec, make sure everything inter-departmental is using a PKI token and ensure everyone has PGP. Separate various parts of the network after the employees have better things to be doing than browsing facebook or youtube updating their twitter status and reading there hotmail from a government system. Throw out all those copies of Windows (tm) software their really not doing you any good in a virtual environment or other, is everyone using the latest version of a secure and trusted OS like OpenBSD or Linux on their desktop?