Come now... deep down inside you know this isn't a ploy to get rid of IPv4/IPv6... Microsoft has been brought in at the behest of High Command to develop a simplified (read "so simple, even a Lieutenant can do it!" ) replacement for the sneaker-net bridge between SIPR and NIPR. And in true ROT13 fashion, I'll bet NetBIOS is lurking in there somewhere... as the next "secure protocol with 'true' enterprise scalability".
You are correct, there are problems with the military communications system. However, the problem does not lie with the parts that think in ones and zeros. These pieces may have their faults, but are effective when used properly. The key with any military communications is the person sitting at the keyboard.
Basic COMSEC principles teach that you do not release *any* information unless the recipient has a valid need to know. The first question that should come to mind is: "Does this person (or this forum) need to know the information that is being requested" (or in the case of a forum like this, freely released). This includes unclassified information, and if taken to heart, personal information.
OPSEC principles teach that it's generally not the one "Golden Goose" piece of information that kills. It's many small pieces that, when put together, tank the plan.
If you can't positively identify the requester, how can you validate the need to know? That's what the chain of command is for... ask the next in the chain (again, an elementary military principle). In the civilian world, ask your boss, ask your bank, ask your card issuer.
Yes, troops are taught to obey the orders of those appointed over them. And that's the key here... If "Col Who???" is the first thought, then the person is obviously not appointed over you (everyone knows their chain of command right?? and how to use it?).
I'm not sure how they teach resource (and information is a resource) protection at West Point, but I can still vividly remember many a late late night screaming session at the barracks door because the right answer was "With all due respect sir, I do not know who you are, and your name is not on my authorized list"
The test had nothing to do with encryption schemes, nor with the type of system that processes the phish... It had *everything* to do with releasing information to an unknown entity, that could be detrimental to him/herself or the mission. (For the Air Force, reference paragraphs 3.6 and 8.4 of AFI 33-119... and I'd bet that all other military services have similar directives) (and yes, the document is publicly released)
MCSE track, twice... one commercial beacuse I needed it to get the job done, and one computer-based because our training materials changed
CNE track (commercial)
Various Info Security courses (can't talk about that...)
Various Unix courses
Much computer-based training on Internet services and infrastructure (web/DNS/RAS/routers/switches/etc)
Every IT troop has to attend a technical school upon entering the career field and recently the Air Force implemented several certification programs for network professionals.
No, the DoD rarely pays for your certification (troops become marketable and tend to bail early...)
But the most amazing site is when you see a baby troop, full of awe and innovation... ready to spend the next four/six years as a sponge... then you remind him that Comm is a primary target >;^)
Would I recommend following in the footsteps?? Definitely!
Yes, you will have to dodge bullets occasionally (hopefully you will have more than one opportunity...). But your outlook on the 5-nines is much different when you realize that there's a life (or bunch of 'em) behind the number.
Yes, you will go where needed... there are only so many slots for server drivers. It's pretty competitive to get your foot in the door (Dude! You're gettin' the Helpdesk!! heheheheh). The training though is there for everyone in the career field, but the best part is the on-the-job training. No guessing from trumped-up resumes whether a troop can do the job or not, and for the most part, you're weened into the job by a more experienced administrator. Oh... and no fear of loosing your job to a junior Admin (unless of course your just that bad at it). Overall it's a pretty knowledge rich environment.
Would I recommend it for someone who's been in the business for a while?? Well... unless you don't mind carrying a gun and a keyboard, or being ordered to sweep the floor on Friday, or wearing the same colored clothes every work day, or having to shave and keep you hair in regulation, or taking a nice 3, 4 or maybe 12-month vacation in a country not of your choosing. It is the military after all... not your local university.
Ya know... The 5.x series of StarOffice did the very same thing and all I heard on the wire was get rid of the desktop feature in 6.0... (I personally liked the desktop feature, on occasion, and it was quite turn-offable). The only difference I see here are the pretty icons. hmmmm...
As in the Armed Forces, once there is a suspicion of inappropriate or threatening behavior, he should have done exactly what he did. Notify his superiors and await further orders.
As in the Armed Forces, the person monitoring the system is legally bound by the Fourth Ammendment not to reveal any information beyond that documented in a legal and formal request regardless of the requestor. And at that can only release information specific to that infraction, unless another legal and formal request for the incidental information has been submitted.
Anything outside this scope can subject the monitor to civil liabilty, not just the company.
Yes, there is a moral obligation... There is a moral obligation to protect the information you are trusted to view. There is a moral obligation to protect the interests of all users of the information system. There is a moral obligation to ensure an innocent person is not prosecuted based on an unverifiable request for protected information. For all the monitor knows, the "distraught mother" could have been a "cyber-girlfriend" with a vengance, or worse yet a stalker on-the-prowl... In either instance, revealing any information could blow all hope of successfully putting the "bad guy" behind bars.
As much as it sucks, there are times when you really wish you could open your mouth... Unfortunately, as a system monitor, unless you've got a legal authority sitting next to you, your lips have to stay sealed.
Quite correct... he does not "possess" or "own" the system, however as the representative for the owner, he is therefore charged with protecting the owner's interests.
As the owner's representative, challenging the students to compromise the system, effectively gave the students consent to press forward unabated by any other policy restricting such activity.
One could argue that the next logical action from the student would be to challenge the teacher's authority to waiver network policy, in this case a pretty steep waiver... However, in most cases, questioning the authority of the teacher in the classroom is severely frowned upon.
With this in mind, the student is absolved... The teacher is the only perpetrator in this case.
Most definitely the teacher should be held accountable... Regardless of whether a computer is like a house or not, if I posses an item and I challenge you to remove it from my possession, I can't cry foul if you accomplish the stated goal.
However, had the teacher not proferred the challenge, the student should most definitely be held accountable for his actions. Access controls were in-place, and the student was made aware of them.
Where I feel you stray is in the misconception that just because a possession is accessible, it is therefore free for examination, manipulation, and/or removal.
A basic tenant is that if I own something, it is mine, not yours, unless, and not until, I give it to you. Therefore you have absolutely no business using my house as a jump-off point to enter another person's house (who knows... I might just be watching the neighbor's pets for the weekend and you find their keys). Wrong is Wrong!
The infraction comes when if through poor practice or innaction I cause the inadvertant loss of a possession, and that possession is then used to cause harm against others. This is known as due diligence. Again, a concept that is not biased by the existance of four walls and a roof.
Just as my employer would hold me responsible for the intrusion and subsequent illegal use of a poorly secured server, so too would legal authority if my unsecured handgun is used to commit a crime.
Slashdot Mirror
Come now... deep down inside you know this isn't a ploy to get rid of IPv4/IPv6... Microsoft has been brought in at the behest of High Command to develop a simplified (read "so simple, even a Lieutenant can do it!" ) replacement for the sneaker-net bridge between SIPR and NIPR. And in true ROT13 fashion, I'll bet NetBIOS is lurking in there somewhere... as the next "secure protocol with 'true' enterprise scalability".
You are correct, there are problems with the military communications system. However, the problem does not lie with the parts that think in ones and zeros. These pieces may have their faults, but are effective when used properly. The key with any military communications is the person sitting at the keyboard.
Basic COMSEC principles teach that you do not release *any* information unless the recipient has a valid need to know. The first question that should come to mind is: "Does this person (or this forum) need to know the information that is being requested" (or in the case of a forum like this, freely released). This includes unclassified information, and if taken to heart, personal information.
OPSEC principles teach that it's generally not the one "Golden Goose" piece of information that kills. It's many small pieces that, when put together, tank the plan.
If you can't positively identify the requester, how can you validate the need to know? That's what the chain of command is for... ask the next in the chain (again, an elementary military principle). In the civilian world, ask your boss, ask your bank, ask your card issuer.
Yes, troops are taught to obey the orders of those appointed over them. And that's the key here...
If "Col Who???" is the first thought, then the person is obviously not appointed over you (everyone knows their chain of command right?? and how to use it?).
I'm not sure how they teach resource (and information is a resource) protection at West Point, but I can still vividly remember many a late late night screaming session at the barracks door because the right answer was "With all due respect sir, I do not know who you are, and your name is not on my authorized list"
The test had nothing to do with encryption schemes, nor with the type of system that processes the phish... It had *everything* to do with releasing information to an unknown entity, that could be detrimental to him/herself or the mission. (For the Air Force, reference paragraphs 3.6 and 8.4 of AFI 33-119... and I'd bet that all other military services have similar directives) (and yes, the document is publicly released)
I dunno... He mis-spelled neucular
Every IT troop has to attend a technical school upon entering the career field and recently the Air Force implemented several certification programs for network professionals.
No, the DoD rarely pays for your certification (troops become marketable and tend to bail early...)
But the most amazing site is when you see a baby troop, full of awe and innovation... ready to spend the next four/six years as a sponge... then you remind him that Comm is a primary target >;^)
Would I recommend following in the footsteps?? Definitely!
Yes, you will have to dodge bullets occasionally (hopefully you will have more than one opportunity...). But your outlook on the 5-nines is much different when you realize that there's a life (or bunch of 'em) behind the number.
Yes, you will go where needed... there are only so many slots for server drivers. It's pretty competitive to get your foot in the door (Dude! You're gettin' the Helpdesk!! heheheheh). The training though is there for everyone in the career field, but the best part is the on-the-job training. No guessing from trumped-up resumes whether a troop can do the job or not, and for the most part, you're weened into the job by a more experienced administrator. Oh... and no fear of loosing your job to a junior Admin (unless of course your just that bad at it). Overall it's a pretty knowledge rich environment.
Would I recommend it for someone who's been in the business for a while?? Well... unless you don't mind carrying a gun and a keyboard, or being ordered to sweep the floor on Friday, or wearing the same colored clothes every work day, or having to shave and keep you hair in regulation, or taking a nice 3, 4 or maybe 12-month vacation in a country not of your choosing. It is the military after all... not your local university.
And no... I'm not a recruiter (heheheheheh)
Ya know... The 5.x series of StarOffice did the very same thing and all I heard on the wire was get rid of the desktop feature in 6.0... (I personally liked the desktop feature, on occasion, and it was quite turn-offable). The only difference I see here are the pretty icons. hmmmm...
As in the Armed Forces, once there is a suspicion of inappropriate or threatening behavior, he should have done exactly what he did. Notify his superiors and await further orders.
As in the Armed Forces, the person monitoring the system is legally bound by the Fourth Ammendment not to reveal any information beyond that documented in a legal and formal request regardless of the requestor. And at that can only release information specific to that infraction, unless another legal and formal request for the incidental information has been submitted.
Anything outside this scope can subject the monitor to civil liabilty, not just the company.
Yes, there is a moral obligation... There is a moral obligation to protect the information you are trusted to view. There is a moral obligation to protect the interests of all users of the information system. There is a moral obligation to ensure an innocent person is not prosecuted based on an unverifiable request for protected information. For all the monitor knows, the "distraught mother" could have been a "cyber-girlfriend" with a vengance, or worse yet a stalker on-the-prowl... In either instance, revealing any information could blow all hope of successfully putting the "bad guy" behind bars.
As much as it sucks, there are times when you really wish you could open your mouth... Unfortunately, as a system monitor, unless you've got a legal authority sitting next to you, your lips have to stay sealed.
Quite correct... he does not "possess" or "own" the system, however as the representative for the owner, he is therefore charged with protecting the owner's interests.
As the owner's representative, challenging the students to compromise the system, effectively gave the students consent to press forward unabated by any other policy restricting such activity.
One could argue that the next logical action from the student would be to challenge the teacher's authority to waiver network policy, in this case a pretty steep waiver... However, in most cases, questioning the authority of the teacher in the classroom is severely frowned upon.
With this in mind, the student is absolved... The teacher is the only perpetrator in this case.
Most definitely the teacher should be held accountable... Regardless of whether a computer is like a house or not, if I posses an item and I challenge you to remove it from my possession, I can't cry foul if you accomplish the stated goal.
However, had the teacher not proferred the challenge, the student should most definitely be held accountable for his actions. Access controls were in-place, and the student was made aware of them.
Where I feel you stray is in the misconception that just because a possession is accessible, it is therefore free for examination, manipulation, and/or removal.
A basic tenant is that if I own something, it is mine, not yours, unless, and not until, I give it to you. Therefore you have absolutely no business using my house as a jump-off point to enter another person's house (who knows... I might just be watching the neighbor's pets for the weekend and you find their keys). Wrong is Wrong!
The infraction comes when if through poor practice or innaction I cause the inadvertant loss of a possession, and that possession is then used to cause harm against others. This is known as due diligence. Again, a concept that is not biased by the existance of four walls and a roof.
Just as my employer would hold me responsible for the intrusion and subsequent illegal use of a poorly secured server, so too would legal authority if my unsecured handgun is used to commit a crime.