I've been around for quite a while (see other posts in this topic) and even survived the Ronald Reagan bread-and-circuses administration of California, but wasn't around for the orignial Dark Ages (fall of Rome to Italian Renaissance), in spite of what my son says about me having invented dirt.:)
Did live in the Current Middle Ages for a while, but that's another story.
"I long for the day when teaching religion to children in public schools is classified as child abuse."
If I should choose (a nice American privilege, still extant, thank the Goddess!) to pay a private school, religion-affiliated, to educate my child, that's my business, not some goverement's. And if you don't believe that every parent teaches her/his offspring religion, you don't have children. (FWIW: Atheism, agnosticism, and skepticism are all religions, they just don't have all the spiritual trappings of other religions. (But consider, for example, the near canonization of Ayn Rand among Objectivists.))
The current administration may be (hah! IS) eroding our [American] civil liberties, but a few still remain.
This is hardly a new issue. Back around 1970 I took a course at UCB in the history of science. The text for the course was A History of the warfare of Science with Theology in Christendom (http://www.cscs.umich.edu/~crshalizi/White/), by Andrew Dickson White, first published in 1896. Little has changed since then (either 1896 or 1970, your choice).
The salient and interesting point of White's work is captured in the title. The warfare is between Science and Theology, not between Science and Religion. White's position, strongly defended, was that science and religion, characterized as faith or belief in powers and existence outside the immediate corporeal world, were not at odds, but that theology, as put forth by religious scholastics with a vested interest in convincing the general populace of the value of unquestioned dogma, was completely at odds with science.
It's a tough go, but worth the effort. After thirty-five+ years, I can still cite that book, although I cannot remember the names of more that a handful of the professors I endured or, in a very few cases, was privileged to study with (requiescat in pace, Dr. Pimentel).
[Calvera has just captured the Seven] Calvera: What I don't understand is why a man like you took the job in the first place, hum? Why, heh? Chris: I wonder myself. Calvera: No, come on, tell me why. Vin: It's like this fellow I knew in El Paso. One day, he just took all his clothes off and jumped in a mess of cactus. I asked him that same question, "Why?" Calvera: And? Vin: He said, "It seemed like a good idea at the time."
Incredible that no one has mentioned CC, PPs, and EALs yet.
Not really. The original poster has to address his NISPOM issues before he needs to consider whether he even needs an evaluated computing platform for his processing.
In my opinion, the big step from the Rainbow Series evaluations (TCSEC) to Common Criteria Evaluations (CC) was separating security functionality from system assurance. The evaluated assurance levels you note refer only to the assurance that the system was developed (and is operated) in a particular way. You can produce an EAL7 light switch if you want - it won't have much security functionality, but you can be assured that it does whatever it does with extreme reliability.:)
The link you refer to points to material that is up to two decades old. The assurance levels you refer to (A, B, and C) are from the Orange Book, the seminal work of the Rainbow Series of security development manuals produced for the U.S. DoD.
The Rainbow Series was superceded in 1996 by the Common Criteria, an international agreement about security functional requirements, assurance requirements, and the processes needed to evaluate the security characteristics of IT products. Products that have met the requirements and undergone the process are listed in an Evaluated Products List. Among operating systems that have met the Common Criteria requirements are Mac OS X, Red Hat Enterprise Linux AS/WS 3, Solaris 9, SuSE Linux Enteprise Server V8, and Windows 2000 Server. All of these must be run on specific hardware configurations and with specific software configurations to retain their certified status in an operational environment. A recent project I was working on needed an HTML-based interface - imagine creating that on a Linux box that could not run X or even activate the frame buffer!
Secure systems are not just platforms that resist the latest script kiddie 'sploit. A system includes people, processes, hardware, software, development methodologies, and the operational environment. This is what makes a secure, assured SYSTEM, not just an expensive doorstop.
If you have a DoD-certified FSO/SSO, he or she has an opposite number or point-of-contact in the DoD who can help answer a lot of your questions.
Definitely call in an outside, licensed, professional consultant who specializes in DoD and NISPOM security issues to help you with this. Even with a facility already certified for handling classified material, you will need to have more policies, procedures, and physical tools in place to handle the additional requirements for IT security.
Rubbish. Those are useful tips for securing the public computers in the local public library, not for building a system for use in a classified processing environment.
Classified processing is more than just securing a box against the latest IE sploit. It's processes, policies, procedures, training, and a particular mindset, not the too-casually toss-about 'paranoia'.
You cannot use the machine in both a classified and a non-classified environment. You will get the machine certified for a specific level of classified processing and lock it into a room that is effectively a people-sized safe. Access to the room will be controlled and only cleared and authorized people will be permitted in. They will log their entrances and exits. Each project hard drive and associated backup media will be stored in a separate, individually lockable and differently keyed drawer of a safe certified for classified processing. Users will log every item in each safe drawer and will log every time they open or close any drawer of the safe. EVERY scrap of out put from the system (optical media, magnetic media, or hardcopy) will have to be logged and controlled at both creation and destruction - destruction requires special handling and facilities.
Issues of bootable CD-ROMS, USB data sticks, and product licensing are trivial housekeeping compared to the work you are going to have to undertake to create and maintain a secure processing facility. By the way, printers have memory and printer ribbons retain images - you have to address those items, too. Certified print required.
If you already have a secure processing facility, you also have a certified site security officer (SSO) who has been trained in the use and requirements of the NISPOM. You should be talking to this person, not us.
This is the best advice I've seen here. I've been around military and industrial computer security for most of my working career (~30 years) and everything that jinx90277 posted is spot on.
The original poster needs to get a fast course in the nuances of the NISPOM. His site needs an accredited Security Officer, a certified facility, special-purpose safes, training programs for the system users, policies and procedures, security clearances, and, finally, a machine for doing the actual classified processing. The last is ABSOLUTELY the cheapest and easiest part of the process.
The original poster needs to check out jinx' references ASAP.
As for all you folk hassling him for asking about his problem here, you need to take a chill pill. Asking for help is the only way to learn and the NISPOM is a beast that no one should face unprepared and alone.
A very interesting topic and one that reveals how much mythology and folklore there is about US Constitutional Rights, police procedures, and technical/professional ethics.
IANAL, however...
I did RTFA and from what was presented there, the police blew it on this one. Gateway's privacy policy and the tech's morals/ethics may have required them/him to notify the police. Police procedures and legal guidelines SHOULD have mandated a warrant, once the "probable cause" evidence was shown them by the tech and before they so much as touched the machine to adjust the viewing angle. That's the way it's SUPPOSED to work (in most U.S. jurisdictions, YMMV).
Computer forensics 'sperts come in like the CSIs from the TV shows, with all sorts of techie gizmos and gimmicks. They can, and do, create a bitwise, forensic clone of the hard drive, take photos, make notes, and maintain a chain of evidence. For them, it's routine. Some of the toys they have are enough to make you drool with envy. It doesn't sound like any of that happend here - instead the locals came in like the guy in the Swiffer commercial.
Computer forensics cuts both ways. A good defense expert CAN show that the bomb-making instructions ended up on the computer without your consent or knowledge, just as a good prosecution expert can demonstrate that you really did keep two sets of Quicken books for your money-laundering home business.
But as has been noted here before, when it comes to drugs, taxes, terrorism, or kiddie porn, it's guilty until proven innocent. A computer forensics consultant I know had to obtain "Get Out of Jail Free" cards from the State DAs in two states to carry evidence back and forth across a state line for one case he was involved with. Had he been stopped, and his evidence bag examined, without them, he could have ended up incarderated for "possession" of kiddie porn. Talk about mindless, knee-jerk situations.
Oh, well, if you want to experience a wild life of techno-crime, consider a career in computer criminal forensics. The pay is great, you get to play with neat toys, and if you are really unlucky you'll get to meet a lot of VERY interesting people.
> The Patriot Act has made it possible to do end-runs around the Judicial system, one of the core parts of our country's checks-and-balances system, a system that has been in place for 4 centuries.
> I'd hope that if my system were compromised by a remote root exploit, having it fixed would not result in child pornography charges against me.
And your hope would likely be in vain, unless you have a very savvy defense attorney, a competent and ethical computer forensics defense analyst, and a bumbling DA. Take an introductory course in Computer Forensics (criminal justice, not IT service tech) to learn more, but be prepared to experience a chilling attitude from both your fellow students and the texts you work from.
When it comes to drugs, taxes, terrorism, or kiddie porn, it's "Guilty, even if proven innocent - kill them all, God will know his own."
By strict logic, that statement is true (LotR was one book, broken into three by the publisher), but in fact HHG was originally a radio PLAY. Since Adams already wrote all the dialogue, it's sort of "right" for a play or other visual performance...
There is something about a BBC radio play, performed in the orignal language, that never translates well to the American screen.
I'm taking a course in computer forensics. I picked up "Forensic Discovery" by Farmer & Venema (ISBN 0-201-63497-X) for a bit more rigorous look at the subject than the course textbook was providing. On page 147, there's a wonderful picture of "Residuals of overwritten information on the sides of magnetic disk tracks" (supporting a discussion on p.146 of the characteristics of analog recording of digital information). The image, and others like it, can be found on the Veeco website at:
This not only presents the image of the residual data dramatically, it also makes the point that the technology to recover residual data is real and commercial, not just theoretical or restricted to three-letter agencies.
If you meant "US Department of Defense 5220.22 M", try ( http://www.dss.mil/isec/nispom_0195.htm ). That's the home page for the National Industrial Security Program Operating Manual (NISPOM).
BTW: DoD 2250 isn't enough info. There are standards, regulations, publications, et cetera ad nauseum. There are also MIL, Army, AF, Navy, JCS, and TLA (three-letter agency) documents in heaps. The GPO goes through several deciduous forests every year, just printing indexes to the govt pubs.
What you need to do is to never store plaintext data on the hard drive in the first place. I believe Asus makes a system case with built-in encryption and a company in Norway, High Density Devices ( http://www.hdd.no/ ), builds an after-market device that sits between the mainboard IDE controller and the drive. Keying material is physically and logically NEVER part of the CPU or main memory. The advantage to both of these is that the encryption is spindle-to-rim; even the MBR is encrypted. 256-bit AES is good enough for the U.S. military right now - the CNO has even allowed it for classified data.
With these solutions, when the drive crashes, just send it to the recycler - no keying material means that the drive contents are digital kibble.
Interesting that the primer-writer at MS noted: "Non-alphabet characters can be used to replace the letters they resemble. For example, '5' or even '$' can replace the letter S."
Slashdot Mirror
I've been around for quite a while (see other posts in this topic) and even survived the Ronald Reagan bread-and-circuses administration of California, but wasn't around for the orignial Dark Ages (fall of Rome to Italian Renaissance), in spite of what my son says about me having invented dirt. :)
Did live in the Current Middle Ages for a while, but that's another story.
Well said.
I've already been commenting in this topic, so I can't mod you up, but if I could, it would be +1 Insightful.
Thanks for a good post.
I would argue that your comment should read:
"I long for the day when teaching religion to children in public schools is classified as child abuse."
If I should choose (a nice American privilege, still extant, thank the Goddess!) to pay a private school, religion-affiliated, to educate my child, that's my business, not some goverement's. And if you don't believe that every parent teaches her/his offspring religion, you don't have children. (FWIW: Atheism, agnosticism, and skepticism are all religions, they just don't have all the spiritual trappings of other religions. (But consider, for example, the near canonization of Ayn Rand among Objectivists.))
The current administration may be (hah! IS) eroding our [American] civil liberties, but a few still remain.
This is hardly a new issue. Back around 1970 I took a course at UCB in the history of science. The text for the course was A History of the warfare of Science with Theology in Christendom (http://www.cscs.umich.edu/~crshalizi/White/), by Andrew Dickson White, first published in 1896. Little has changed since then (either 1896 or 1970, your choice).
The salient and interesting point of White's work is captured in the title. The warfare is between Science and Theology, not between Science and Religion. White's position, strongly defended, was that science and religion, characterized as faith or belief in powers and existence outside the immediate corporeal world, were not at odds, but that theology, as put forth by religious scholastics with a vested interest in convincing the general populace of the value of unquestioned dogma, was completely at odds with science.
It's a tough go, but worth the effort. After thirty-five+ years, I can still cite that book, although I cannot remember the names of more that a handful of the professors I endured or, in a very few cases, was privileged to study with (requiescat in pace, Dr. Pimentel).
It is not difficult, just painful.
I am reminded of this exchange from The Magnificent Seven {http://www.imdb.com/title/tt0054047/}
[Calvera has just captured the Seven]
Calvera: What I don't understand is why a man like you took the job in the first place, hum? Why, heh?
Chris: I wonder myself.
Calvera: No, come on, tell me why.
Vin: It's like this fellow I knew in El Paso. One day, he just took all his clothes off and jumped in a mess of cactus. I asked him that same question, "Why?"
Calvera: And?
Vin: He said, "It seemed like a good idea at the time."
Incredible that no one has mentioned CC, PPs, and EALs yet.
:)
Not really. The original poster has to address his NISPOM issues before he needs to consider whether he even needs an evaluated computing platform for his processing.
In my opinion, the big step from the Rainbow Series evaluations (TCSEC) to Common Criteria Evaluations (CC) was separating security functionality from system assurance. The evaluated assurance levels you note refer only to the assurance that the system was developed (and is operated) in a particular way. You can produce an EAL7 light switch if you want - it won't have much security functionality, but you can be assured that it does whatever it does with extreme reliability.
What can I say? My day job makes Byers look laid back. :(
;-)
YOU will have to decide for yourself if you need to wear a tinfoil hat when I'm around.
Sigh!
t xt
o peratingsystem
The link you refer to points to material that is up to two decades old. The assurance levels you refer to (A, B, and C) are from the Orange Book, the seminal work of the Rainbow Series of security development manuals produced for the U.S. DoD.
The Rainbow Series was superceded in 1996 by the Common Criteria, an international agreement about security functional requirements, assurance requirements, and the processes needed to evaluate the security characteristics of IT products. Products that have met the requirements and undergone the process are listed in an Evaluated Products List. Among operating systems that have met the Common Criteria requirements are Mac OS X, Red Hat Enterprise Linux AS/WS 3, Solaris 9, SuSE Linux Enteprise Server V8, and Windows 2000 Server. All of these must be run on specific hardware configurations and with specific software configurations to retain their certified status in an operational environment. A recent project I was working on needed an HTML-based interface - imagine creating that on a Linux box that could not run X or even activate the frame buffer!
Secure systems are not just platforms that resist the latest script kiddie 'sploit. A system includes people, processes, hardware, software, development methodologies, and the operational environment. This is what makes a secure, assured SYSTEM, not just an expensive doorstop.
Links of (possible) interest:
Orange Book
http://csrc.ncsl.nist.gov/secpubs/rainbow/std001.
Rainbow Series
http://csrc.nist.gov/secpubs/rainbow/
Common Criteria
http://www.commoncriteriaportal.org/
U.S. "Scheme"
http://niap.nist.gov/cc-scheme/
Evaluated Products List (EPL)
http://niap.nist.gov/cc-scheme/vpl/vpl_type.html#
If you have a DoD-certified FSO/SSO, he or she has an opposite number or point-of-contact in the DoD who can help answer a lot of your questions.
Definitely call in an outside, licensed, professional consultant who specializes in DoD and NISPOM security issues to help you with this. Even with a facility already certified for handling classified material, you will need to have more policies, procedures, and physical tools in place to handle the additional requirements for IT security.
Good luck.
Amen, brother!
And don't just write the policies, train them, promote them, enforce them.
Rubbish. Those are useful tips for securing the public computers in the local public library, not for building a system for use in a classified processing environment.
Classified processing is more than just securing a box against the latest IE sploit. It's processes, policies, procedures, training, and a particular mindset, not the too-casually toss-about 'paranoia'.
Google NISPOM and do some reading.
You cannot use the machine in both a classified and a non-classified environment. You will get the machine certified for a specific level of classified processing and lock it into a room that is effectively a people-sized safe. Access to the room will be controlled and only cleared and authorized people will be permitted in. They will log their entrances and exits. Each project hard drive and associated backup media will be stored in a separate, individually lockable and differently keyed drawer of a safe certified for classified processing. Users will log every item in each safe drawer and will log every time they open or close any drawer of the safe. EVERY scrap of out put from the system (optical media, magnetic media, or hardcopy) will have to be logged and controlled at both creation and destruction - destruction requires special handling and facilities.
Issues of bootable CD-ROMS, USB data sticks, and product licensing are trivial housekeeping compared to the work you are going to have to undertake to create and maintain a secure processing facility. By the way, printers have memory and printer ribbons retain images - you have to address those items, too. Certified print required.
If you already have a secure processing facility, you also have a certified site security officer (SSO) who has been trained in the use and requirements of the NISPOM. You should be talking to this person, not us.
This is the best advice I've seen here. I've been around military and industrial computer security for most of my working career (~30 years) and everything that jinx90277 posted is spot on.
The original poster needs to get a fast course in the nuances of the NISPOM. His site needs an accredited Security Officer, a certified facility, special-purpose safes, training programs for the system users, policies and procedures, security clearances, and, finally, a machine for doing the actual classified processing. The last is ABSOLUTELY the cheapest and easiest part of the process.
The original poster needs to check out jinx' references ASAP.
As for all you folk hassling him for asking about his problem here, you need to take a chill pill. Asking for help is the only way to learn and the NISPOM is a beast that no one should face unprepared and alone.
You forgot the International XT family. :P
X TFamily/index.asp
http://www.internationaldelivers.com/site_layout/
Bill Goldberg will be test driving one on the History Channel today at 2pm Eastern.
http://www.historychannel.com/automaniac/
A very interesting topic and one that reveals how much mythology and folklore there is about US Constitutional Rights, police procedures, and technical/professional ethics.
...
IANAL, however
I did RTFA and from what was presented there, the police blew it on this one. Gateway's privacy policy and the tech's morals/ethics may have required them/him to notify the police. Police procedures and legal guidelines SHOULD have mandated a warrant, once the "probable cause" evidence was shown them by the tech and before they so much as touched the machine to adjust the viewing angle. That's the way it's SUPPOSED to work (in most U.S. jurisdictions, YMMV).
Computer forensics 'sperts come in like the CSIs from the TV shows, with all sorts of techie gizmos and gimmicks. They can, and do, create a bitwise, forensic clone of the hard drive, take photos, make notes, and maintain a chain of evidence. For them, it's routine. Some of the toys they have are enough to make you drool with envy. It doesn't sound like any of that happend here - instead the locals came in like the guy in the Swiffer commercial.
Computer forensics cuts both ways. A good defense expert CAN show that the bomb-making instructions ended up on the computer without your consent or knowledge, just as a good prosecution expert can demonstrate that you really did keep two sets of Quicken books for your money-laundering home business.
But as has been noted here before, when it comes to drugs, taxes, terrorism, or kiddie porn, it's guilty until proven innocent. A computer forensics consultant I know had to obtain "Get Out of Jail Free" cards from the State DAs in two states to carry evidence back and forth across a state line for one case he was involved with. Had he been stopped, and his evidence bag examined, without them, he could have ended up incarderated for "possession" of kiddie porn. Talk about mindless, knee-jerk situations.
Oh, well, if you want to experience a wild life of techno-crime, consider a career in computer criminal forensics. The pay is great, you get to play with neat toys, and if you are really unlucky you'll get to meet a lot of VERY interesting people.
> The Patriot Act has made it possible to do end-runs around the Judicial system, one of the core parts of our country's checks-and-balances system, a system that has been in place for 4 centuries.
2005 (now) - 1787 (U.S. Constitutional Convention) = 218
218 mod 100 = 2
2 =/= 4
Just FYI.
> I'd hope that if my system were compromised by a remote root exploit, having it fixed would not result in child pornography charges against me.
And your hope would likely be in vain, unless you have a very savvy defense attorney, a competent and ethical computer forensics defense analyst, and a bumbling DA. Take an introductory course in Computer Forensics (criminal justice, not IT service tech) to learn more, but be prepared to experience a chilling attitude from both your fellow students and the texts you work from.
When it comes to drugs, taxes, terrorism, or kiddie porn, it's "Guilty, even if proven innocent - kill them all, God will know his own."
So what he created was a web site 'emu'-lation?
> While LotR or tHGttG were originally books ...
...
By strict logic, that statement is true (LotR was one book, broken into three by the publisher), but in fact HHG was originally a radio PLAY. Since Adams already wrote all the dialogue, it's sort of "right" for a play or other visual performance
There is something about a BBC radio play, performed in the orignal language, that never translates well to the American screen.
I'm taking a course in computer forensics. I picked up "Forensic Discovery" by Farmer & Venema (ISBN 0-201-63497-X) for a bit more rigorous look at the subject than the course textbook was providing. On page 147, there's a wonderful picture of "Residuals of overwritten information on the sides of magnetic disk tracks" (supporting a discussion on p.146 of the characteristics of analog recording of digital information). The image, and others like it, can be found on the Veeco website at:
t ID=3&page=2&recs=20&CP=# )
( http://www.veeco.com/nanotheatre/nano_view.asp?Ca
This not only presents the image of the residual data dramatically, it also makes the point that the technology to recover residual data is real and commercial, not just theoretical or restricted to three-letter agencies.
If you meant "US Department of Defense 5220.22 M", try ( http://www.dss.mil/isec/nispom_0195.htm ). That's the home page for the National Industrial Security Program Operating Manual (NISPOM).
Have you checked Standards.gov ( http://standards.gov/standards_gov/index.cfm )?
BTW: DoD 2250 isn't enough info. There are standards, regulations, publications, et cetera ad nauseum. There are also MIL, Army, AF, Navy, JCS, and TLA (three-letter agency) documents in heaps. The GPO goes through several deciduous forests every year, just printing indexes to the govt pubs.
Good luck in your search.
"...entropy data generated from an onboard Random Event Generator. "
Like a cup of really hot tea?
What you need to do is to never store plaintext data on the hard drive in the first place. I believe Asus makes a system case with built-in encryption and a company in Norway, High Density Devices ( http://www.hdd.no/ ), builds an after-market device that sits between the mainboard IDE controller and the drive. Keying material is physically and logically NEVER part of the CPU or main memory. The advantage to both of these is that the encryption is spindle-to-rim; even the MBR is encrypted. 256-bit AES is good enough for the U.S. military right now - the CNO has even allowed it for classified data.
With these solutions, when the drive crashes, just send it to the recycler - no keying material means that the drive contents are digital kibble.
Interesting that the primer-writer at MS noted: "Non-alphabet characters can be used to replace the letters they resemble. For example, '5' or even '$' can replace the letter S."