Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOD Overhauls Network to Thwart Crackers

Posted by ryuzaki0 on from the take-that dept.

Toddius Maximus wrote in to send us a CNN story about the Departent of Defense Overhauling their network to prevent cracker attacks. How's that for a feeling of warm fuzzies?

28 comments

  1. Re:Grrrrr.. by Anonymous Coward · · Score: 0

    Hacker... Cracker... whatever. There's malicious groping going on in the DOD and it must stop!



    (chuckle)

  2. Re:Won't help by Anonymous Coward · · Score: 0

    From someone behind that network, its a far bit more then a few more firewalls.

    New regulations as to which protocols are allowed, and not allowed, who is able to connect to the network, and who is not. At current a audit is being conducted to determine what violations are out there. Networks that are non-compilant risk loosing their uplink.

    Allready everything is having to be kerborized.
    Lord save us, we may be even going to IpSec.

  3. Re:Makes me wonder how vulnerable it was BEFORE by Anonymous Coward · · Score: 0

    The problem for them has not been the protocols, per se, but the clear text logins.

    It is quite easy to secure one area, however try securing a client's network to which you have no
    administrative control, and within that client's
    network there are multiple network of clients of theirs who they have no administrative controll. At the bootm of this, add univeristy networks connecting in to these networks, or other goverment agencies who are also connected to the internet proper. YOU can't secure those nets. What can you do.. Cut them off? But someone tells you you can't.

    Its not a technical problem. Its a Political one.

  4. Security is impossible. Just takes 1 clueless user by Anonymous Coward · · Score: 0

    ...to leave a machine on running Carbon Copy or some such and blammo, what was previously thought to be an already secured location with free access to everything is not a jump off point for 37337 K1DDi3Z.

  5. actually... by Anonymous Coward · · Score: 0

    the niprnet redesign referenced is a mass upgrade
    of select cisco routers on the niprnet backbone.

    i suppose the filtering is somethin to do with some new version of cisco ios. *shrug*

  6. OPSEC by Anonymous Coward · · Score: 0

    Simple, see there's this thing called OPSEC...

    Basically it states that an enemy can find out classified information by examining unclassified info and adding one and one together. If the rosters are saying that a lot of people are going on temporary duty, and the trans office systems have info for moving luggage and gear to some particular place, then that's a pretty good indication that something is going on.

    A lot of this information is sent via niprnet because the secure network is used only for secure stuff, for obvious reasons. So this information can only be on the unsecured network.

    Personally, I think it would really suck if we disconnected from the internet, since it's the only connection I have with the states, but it would stop the crackers. And keep in mind, not all of these people are teenagers... some are hired for that type of work. From other countries. That don't like us. Get the idea?






  7. POLITICIANS ARE RESPONSIBLE FOR DEFENSE! by Anonymous Coward · · Score: 1

    If the technical people and the professional soldiers made the decisions in life we would be a LOT safer and be involved in a lot fewer military conflicts. Technical people of course will say "Put in a firewall, close access to this, secure that.. we need to get this this and that and we can be 99% secure." The politicians on the other hand will say "How does this effect our ISO9000 policy? We'll need to form a commission and evaluate the differing products before we can choose one based on cost, efficiency, robustness, etc." Then 2 years later they finally implement it only to find it's such outdated technology they need to start all over again. Doing anything in the government is like trying to turn an oceanliner with a rowboat.

  8. Makes me wonder how vulnerable it was BEFORE by Anonymous Coward · · Score: 2

    these changes.

    "DISA's plans include the filtering of what DISA called "notorious" protocols routinely exploited by hackers... The protocols include the PostOffice Protocol (POP), which allows remote users to read e-mail stored on a central server; remote-access protocols, which allow users to read their e-mail from another system; and Packet Internet Groper (Ping).... The inability of NIPRNET to handle the loads imposed by Web traffic without lags or delays had resulted in numerous military commands installing Internet "backdoors" on their systems."

    Unless they're not telling us the important stuff, what they're doing is pretty darn basic -- I'd do this kind of thing for a small business. It doesn't really surprise me that their security was so bad, but they ARE the DOD.

    1. Re:Makes me wonder how vulnerable it was BEFORE by gavinhall · · Score: 1

      Posted by RolandL:

      Would someone PLEASE send them a firewall? Or just configure their router? Maybe they haven't heard about the "established connection" feature.

      Christ, these guys are responsible for our defense?

  9. "...Packet Internet Groper" by gavinhall · · Score: 0

    Posted by bSMfh (bastard ScoutMaster fro:

    Doh!
    someone groped my wife's packets!
    ping origins

  10. The colors are red and black by bluGill · · Score: 1

    The military uses red and black, not red and green. Same principal. (I had help designing a firewall for them once, and have a interface labled red, and the other black was in the requirements. I don't remember which is which off hand.

    BTW, this isn't ment to imply that all networks are connected, there are networks that are unconnected. The semi-secure but internet connected network is firewalled by this box, not the most highest security level networks, which not physical connection is allowed.

    1. Re:The colors are red and black by flanagan · · Score: 1

      Red is the "secure" network, and black is the "unsecure" network. This is pretty standard jargon in the crypto field.

      --
      If you want to get rid of the bathwater, you've got to throw out a few babies.
  11. Let me summarize the article for you... by Kurt+Gray · · Score: 5

    Translation:

    A DOD spokesman has publicly stated that as soon as
    their sys admins are tired of playing Quake, they
    fully intend to install tcp_wrapper on most of
    their systems, just as soon as they're done
    sorting their bookmarks and reading Slashdot
    they promised they would get right on it and
    install that wrapper any day now, and if they
    can have Friday off, they may even upgrade and patch
    the old buggy daemons they left running, but
    as one DOD sys admin stated "Phf! That's not my job!"
    then he quickly returned his attentions to a
    heated Phantom Menace debate on "Ain't It Coll News."

    1. Re:Let me summarize the article for you... by A+Big+Gnu+Thrush · · Score: 2

      Thanks for the summary. Don't you wish CNN writer's had the same kind of BS filters in their head? No offense to CmdrTaco, but anything with "hacker" in the article gets treated like gospel in the media. /. links it, everyone reads it.

      The words "hacker" and "Y2K" on the internet are the equivalent of "fire" in a crowded theater.

      Who cares if the DOD website is brought down 4 times a day or cracked 250,000 times a year? (Where does that number come from? Is a port scan a crack?) It's non-classified, the admins are upgrading the routers and applying patches.

      CNN filler. They ran out of Microsoft pr announcements to post as news.

  12. Won't help by Signal+11 · · Score: 1

    Read this.

    It's basically the conscensus in the community that they're just adding a few firewalls. I think the DOD has more to worry about from internal threats than anything a bunch of adolescent l335 script kiddies could do.



    --

    1. Re:Won't help by Signal+11 · · Score: 1

      .. And run your red wires through conduit presurized with gass to protect against any tampering. (Drop in pressure = Breach of Containment.)

      Doesn't work. There have been demonstrations of how quickly one can crack that system. It's really simple - put a rubber sleeve (tightly) around the tubing, puncture the tube, and take a pressure reading. Equalize the pressure, hack hack hack.

      --

    2. Re:Won't help by N3MCB · · Score: 2

      I took notice of the part that says they are eliminating the back door connections - that may be where the improovement is seen. From what I have read now there are some sites that have independent connections and varring levels of security on the connections. This seems to me like DISA is telling everyone to "close the back doors we'll make the front door bigger and add an extra rent-a-cop" I would also assume that the truly sensitive data would be on a stand alone network anyway. Use red wires for one network and green for the other and never connect anything red to anything green.

  13. Re:Grrrrr.. by smileyy · · Score: 1

    I'd like to be able to grope via packets over the internet. Alas.

    And Ping doesn't stand for anything. It's just Ping. Like the submarines do.

    --
    pooptruck
  14. hacker != cracker by Zebulun · · Score: 2

    again the terms are confused...

    a hacker is someone who hacks hardware and OSes
    whereas a cracker is traditionally one who cracks
    software copyright and helps in the distribution
    of such warez.

    see Hacker V Cracker on manos.com,

    Cracker
    The definition of a cracker is one who attempts to break into a system using techniques that he does not fully understand. Most of the crackers are young teenage punks who are very malicious and seek to get their kicks from destroying or alternating data on a system.

    Hacker

    The hacker on the other hand is an individual who yearns for knowledge. The hackers are very knowledgeable individuals. They often times know several programming languages, work extensively with the inwards and outwards of UNIX, have a firm understanding of all the TCP/IP implementations and protocols. They keep abreast on all the security related issues involving computers. Breaking into a system for a hacker is a thrill, it is a challenge that they take on. The hacker takes much delight in exploring the system from the outside/inside searching vigorously for misconfigurations, bugs, and holes in the operating system that would allow them to break into a machine. Once in the system the challenge has been completed and they have succeeded in breaking in. It is against hacker ethics to alter any data aside from the logs that are needed to clean their tracks. They have no need or desire to destroy data as the malicious crackers. They are there to explore the system and learn more. The hacker has a constant yearning and thirst for knowledge that increases in intensity as their journey progresses.

    --
    I'm afraid. I'm afraid, Dave. Dave, my mind is going. I can feel it. I can feel it. My mind is going.
    1. Re:hacker != cracker by arcade · · Score: 1

      Oh, I forgot the URL

      http://www.netmeg.net/jargon/terms/c.html#cracke r

      --
      "Rune Kristian Viken" - http://www.nwo.no - arca
    2. Re:hacker != cracker by arcade · · Score: 2

      Yes, you are a bit confused. ;)

      From the jargon dictionary:
      --
      cracker /n./ One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker (q.v., sense 8). An earlier attempt to establish `worm' in this sense around
      1981--82 on Usenet was largely a failure.

      Use of both these neologisms reflects a strong revulsion against the theft and vandalism perpetrated by cracking rings. While it is expected that any real hacker will have done some playful cracking and
      knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate, benign, practical reasons (for example, if it's necessary to get around
      some security in order to get some work done).

      Thus, there is far less overlap between hackerdom and crackerdom than the mundane reader misled by sensationalistic journalism might expect. Crackers tend to gather in small, tight-knit, very secretive
      groups that have little overlap with the huge, open poly-culture this lexicon describes; though crackers often like to describe *themselves* as hackers, most true hackers consider them a separate and
      lower form of life.

      Ethical considerations aside, hackers figure that anyone who can't imagine a more interesting way to play with their computers than breaking into someone else's has to be pretty losing. Some other
      reasons crackers are looked down on are discussed in the entries on cracking and phreaking. See also samurai, dark-side hacker, and hacker ethic. For a portrait of the typical teenage cracker, see warez
      d00dz.

      --
      "Rune Kristian Viken" - http://www.nwo.no - arca
  15. Um, this is news? by MikeTurk · · Score: 3

    So, starting sometime in July, they're going to filter some protocols, maybe POP, maybe telnet, but they haven't decided what to filter yet. Hmm...the first thing I did on my Linux boxen was to turn off any protocols that I didn't use and to set up ipchains to filter the rest. I also set Samba not to listen to the outside world, but only to my 192.168.0.* C network. And I'm new at this.

    Typical government: A network that is several years old finally gets the consultant once-over and the committee decides to form a committee to look into what to do.


    Mike
    --

    --

    Mike
    --
    "Wi nøt trei a høliday in Sweden this yër?"

  16. And theft is a 'good thing' by Robert+S+Gormley · · Score: 1
    Oh yes. Stealing software on your behalf. Or rather, facilitating it for you.

    A 'good thing' if ever I saw it.

    *COUGH*

    --

    Open Source. Closed Minds. We are Slashdot.

  17. And finger... by DonkPunch · · Score: 1

    ...stands for Fondle INternet Group Expecting Response.

    /* We could keep this thread going all day with these :) */

    --

    Save the whales. Feed the hungry. Free the mallocs.
  18. DOD, dude by haledon · · Score: 0
    we are in the beginning of a golden era for technology. i think of all the exciting developments that are taking place in the software area, and i feel like the technology era we are now in shares some powerful parallelisms with the hardware era of the 1970s. we are at a point where we no longer need high-cost, powerful hardware to take care of specialized needs. slap linux onto any piece of hardware, and you can get very easy and cheap alternative to finding someone to build a custom piece of hardware that can only take on one task. but i digress. the point is that we are on the verge of a new era. this may sound a bit over the top, but i honestly think it's conservative, if anything. the explosion of the Internet is paramount to the wide-spread use of the printing press. the major difference here is that most people have equal access to their own "printing press", and distribution is a dream come true. what makes this comment relavent to the article posted is the fact that years from now we're going to look back on this sort of thing and just laugh. and i don't know (yet) whether it'll be a happy or sad laugh. look at how many people industrial waste killed before we realized that it was toxic. think of how many people needlessly died from operations just becuase no one ever thought to wash their hands before operating! then again, think of the fact that the reason we have so many other wonderful things (like penecillin (sp?)) is becuase of simple mistakes we've made. i dunno, i know i'm rambling and not really articulating what i'm TRYING to say, but the gist of it is that comprehension comes at a much slower pace than technological advance, and articles such as the one above make me think.

    ok. done. not bad for only 2 hrs. of sleep. now i gotta bang out this last project....

    --
    i want to live life, not just go through the motions
  19. Re:Grrrrr.. by NullGrey · · Score: 1

    Groping going on in the US government? Naaaah. Can't be. -NG


    +--
    Given infinite time, 100 monkeys could type out the complete works of Shakespeare.

    --
    +-- (Score:-1, Moderator on Power Trip)
  20. Grrrrr.. by zantispam · · Score: 0

    "and Packet Internet Groper (Ping), which hackers use to disable networks by overloading them with a
    command."

    'hackers'

    When will they learn...sigh

    --

    censorship is a form of noise, which actively seeks to drown out content with silence - Crash Culligan
  21. 1 clueless user by sideshow · · Score: 1

    Or even better, somebody working from home can dial in on a idsn and have their Linux box just part on the LAN over there. Then maybe they make their root passwd something like: root, blank, their name, etc. and then the 3LiTe Haqrz!! can come in through the hole.

    --

    Hollow words will burn and hollow men will burn.