Feds Move to Secure Net 137
An anonymous reader writes "eWeek reports:The Cyber Warning Information Network, a key part of the Bush administration's National Strategy to Secure Cyberspace, will use a secure, private IP network separate from the public Internet, according to officials. The government currently has seven nodes running, said Marcus Sachs, director of communications infrastructure protection at the Office of Cyberspace Security, in Washington."
SIPRNET / NIPRNET , jerky... (Score:5, Insightful)
"Security" (Score:3, Insightful)
And the nodes will be also connected to internet? If this is true, a worm that goes thru internet (i.e.if in some moment comes a sendmail worm and a company have a postfix in the dmz that receives and forward the main to the internal sendmail would be vulnerable also) could pass between the two networks, I remember how much damage do CodeRed2 and Nimda in not properly secured internal networks. In this case, if the networks are connected to the two networks, a worm could enter from one point and try to infect the other (at least email will be the common point between them.
But, if they are only connected between them and NOT connected to internet (neither by mail), they are not solving the problem with this, only isolating some critical (?) part of the network so worms like this one [slashdot.org] will not infect their window shares and things like that (at least, until a worm that combines several ways to spread enter there)
Re:You mean... (Score:4, Insightful)
One would assume the actual hardware would be under lock and key and behind a pair of burly Marines, to discourage any stray installers of WiFi cards etc. One would also assume there are software safety measures that would prevent the stray installer from importing dangerous data or viruses via sneakernet. And finally, one would assume that deviating from the strict rules of conduct will result in reprimands/jail time/caning (delete as applicable) depending on how dangerous or stupid the said stray installer acted.
As for patching, that's fine for security levels up to a certain degree, but there are unpatched and undiscovered bugs around any given time, as the submissions history on /. will tell you.
Re:So how will they get data in/out ? (Score:2, Insightful)
And anyway in a major computer manufacturer's network, you didn't see much of internet except through the web proxy and soxyfied telnets. That's of course the way to go.
If you want real security, you are likely not to want a machine connected to the main power lines as well (tempest protection). I guess an off line UPS does the job.
Re: hey easy with the terrorist word (Score:1, Insightful)
if you keep tossing that word around
freely applying it to everyone, pretty
soon domestic protests will be labeled
terrorist gatherings and other bad
stuff might result. I don't condone
releasing worms but its not terrorism.
I'm not terrorized when my web logs file
up with code red, just irritated.
Re:bastards (Score:2, Insightful)
I disagree that forcing them to squeeze into less space is going to buy much of an extension to ipv4, however. In fact I think it's the wrong idea entirely. Any system where saving address space is such a high priority needs to be changed, especially since an alternative already exists in ipv6.
Even forcing all the schools to use a Class C network would buy only a few hundred million addresses, which is a drop in the pond at the rate that the net is growing worldwide, what with phones, PDAs, and toasters needing their own network connections these days.
Re:So how will they get data in/out ? (Score:2, Insightful)
How is that supposed to work? (Score:2, Insightful)
umm.. if it's a completely separate network from the internet.. how is it going to have ANY effect whatsoever? I mean they won't even be able to look at what's out there! Am i missing something here?