Meshnet Digital Armor To Protect Tanks

An anonymous reader writes "General Dynamics Canada and Secure Computing have partnered to develop Meshnet, a hardware/software firewall designed to protect networks and digital devices inside tanks and other military vehicles from hostile computer and virus attacks. Without adequate protection a tech savvy enemy can infiltrate networks, manipulate information, and deny crews the data they need to participate in modern warfare. Exactly such an event happened last year to an Israeli crew, when hackers from Hezbollah eavesdropped on their communications. 'The system uses Secure Computing's off-the-shelf Sidewinder Security Appliance ... Sidewinder consolidates all major Internet security functions into a single system, providing "best-of-breed" antivirus and spyware network protection "against all types of threats, both known and unknown," according to Secure Computing.'"

Why?

[msi]

Or just shoot any one coming towards you with a laptop!

Re:

[ArcherB]

Or just shoot any one coming towards you with a laptop!

First, the military has their own set of frequencies that they operate with. Your typical D-link PCMCIA wireless NIC won't allow you on the network.
Second, military vehicles have their own network. It's not like they are pulling up Google Maps to see where the enemy is. ("Hey Johnson, go out side and wave while I look at the map. There we are."

With these two things in mind, it takes quite an infrastructure just to intercept military traffic. Off th

Re:Why?

[eobanb]

Well, that's not entirely true. For example: 2.4 GHz, which is an ISM band in the United States, is used by the French military in France. Therefore, a number of common electronics, like cordless phones, Bluetooth devices, 802.11, etc., have faced problems with the government banning their use; over time, industry groups have been able to cut through the red tape, but both Bluetooth and Wi-Fi was not allowed in France for several years after it was already in wide use in other countries.

Re:

[Mister Whirly]

The French Military? Why even bother trying to encrypt "We Surrender!" - their enemy will find out soon enough.

If you want a chuckle, go to Google and type "French military victories" and click on the "I'm Feeling Lucky" button...

Re:

[Mister Whirly]

I hardly think the US will "surrender" in either case.
Not winning =! surrendering

Neither of those countries occupied US territories either. So manybe you can have a smirk, but no chuckle.

Umm?

[pembo13]

Is there some deficiency in the military's current ability to kill people that I am not aware of? Or are they preparing to defend against extra terrestrial attacks? Isn't this the second military research story for week?

Re:

[aadvancedGIR]

No, they are still as deadly, it is just that if a hidden guy with a wireless laptop could trick a nearby MBT crew to fire on their own troops, it would be bad news.

Re:

[Bloke down the pub]

Is any trickery [wikipedia.org] necessary?

Re:

[joib]

The US military budget is only as large as the rest of the world combined. The military-industrial complex would like to significantly increase it further (duh). It's up to the civilian leadership to say enough is enough.

Sanity check:

[Jennifer York]

Do anyone think the Hezbollah reference is a little bit odd? How does intrusion detection and firewalls stop someone from eavsdropping on communications? Please point out the reference that deatils how an Isreali tank was denied information, or misled by false information.

This unsubstantiated BS as a justification for an obvious product placement requires more scrutiny. I don't doubt that there IS a chance that some enemy force could have the capability to "hack" a tank, but the "Exactly such an event happened last year to an Israeli crew" needs some evidence.

Re:

[ByOhTek]

So, lets say I'm connecting to my computer via SSH, and I'm a savvy individual, I notice a keyswitch, etc, and won't connect if I see something like that (suggesting a man in the middle).

No you think "great, it'll be hard to evesdrop on my conversation, I'm running SSH, it's encrypted!"

So, now some hacker comes along and wants to observe me. He *could* go after my SSH traffic, and try to decode it, but look! I'm not running a firewall or intrusion detection software. He figures (correctly in most cases), it

You still haven't said how he would do that.

[khasim]

So, now some hacker comes along and wants to observe me. He *could* go after my SSH traffic, and try to decode it, but look! I'm not running a firewall or intrusion detection software. He figures (correctly in most cases), it will probably be easier to hack into my system, and put monitors there.

HOW does he do that?

Does he send you an email with an attachment named "nude girl.jpg.exe" that you open?

Does he send you an HTML email that exploits a vulnerability in Outlooks/IE?

Does he use a worm to attack the v

Re:

[ByOhTek]

There are a lot of ways to hack into a system, it varies on the system. Cracking a Windows box is different from a Linux box which is different from a FreeBSD box which is different from a Solaris box. If there are many applications running, one of those could be the culprit.

The best answer that can be given without more information is simply - they try stuff until they get some indication of the quality of the user, and the OS. At which point, they pick their method and target.

The firewall can make this a

Yeah, you go with that.

[khasim]

There are a lot of ways to hack into a system, it varies on the system.

No, there are not. There are very few avenues to crack any system.

#1. Attack the daemon listening on an open port.

#2. Trojans.

#3. Exploiting a vulnerability in an app when fed specific data (IE is a good example).

#4. Viruses that attach themselves to other apps.

The best answer that can be given without more information is simply - they try stuff until they get some indication of the quality of the user, and the OS. At which point, they p

Re:

[MarsDefenseMinister]

#5 social engineering. The secretary will let you in, and she's easily tricked.

Good point. And #6.

[khasim]

Yep, if you can get the codes from someone else ... you're in.

Which brings up #6. Backdoors and simple passwords. If your tank's system "admin" account has the password of "USA", well ...

And let's not forget about "debug" accounts and such that are hard coded and NOT mentioned in the documentation.

Re:

[ByOhTek]

Yes, those are the avenues of attack, but if I said "attack an open port" (the primary one that firewalls defend against), then you would say "which and how", which is where the the main variety comes in.

Of course, I could simplify it further to two routes of attack:
1) Attack the autonomous systems of the computer
2) Attack the user

You are limiting the options to a set that suits your argument - you are assuming the hacker has the same lack of imagination as yourself (note: do not miscontrue that as a person

Then show me where I am wrong.

[khasim]

You are limiting the options to a set that suits your argument - you are assuming the hacker has the same lack of imagination as yourself (note: do not miscontrue that as a personal attack, you are not infinitely imaginative, so you have some lack of imagination, as does everyone else).

Then it should be very easy for you to explain an attack that uses an avenue I have not listed.

But you won't be able to do that.

Of course, I could simplify it further to two routes of attack:
1) Attack the autonomous systems o

Re:

[ByOhTek]

What is your obsession with attack avenues. Attacks can be clusertered into so many categories, it is really arbitrary. You can group attacks by apllication, OS, user mindset... Each one has a different approach. Sure, hacking a stack or buffer involves putting in malformed data that fools the stack/buffer into acting in a manner it shouldn't - but different stacks/buffers will require different tricks and techniques for that. A bug in the IE url/link handling algorithms wont necessarily work on Firefox, an

Re:

[slashname3]

You forgot #5. Social engineering. Getting the other guy to open things up for you is one of the most used methods out there for getting into systems.

And why has no one asked the simple question of why is a tanks network exposed to external sources? It seems to me that the only input a tank should need from outside are command channels such as radio for voice communications. And the tank commander should be trained to understand how to authenticate any commands that come in over the radio.

I don't

How about making that #7?

[khasim]

Since the tanks PROBABLY aren't running fiber or CAT 5 between them ... we're talking radio signals. So yeah, if they can attack TCP/IP or exploit a vulnerability in the transmission itself ...
http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks [lucidinteractive.ca]

And as you've noted, a firewall would NOT be much help.

Particularly, as noted in the article, and "off the shelf" firewall.

Re:

[sgtrock]

It's all about knowing where to point the guns. The U.S. military, the Swedish and Norwegian Air Forces, etc. don't obsess over 3C (Command, Control, and Communications) for nothing. :)

Re:

[ColdWetDog]

It's all about knowing where to point the guns. The U.S. military, the Swedish and Norwegian Air Forces, etc. don't obsess over 3C (Command, Control, and Communications) for nothing.

OK... That's nice. Then just what do the Danish, Polish, UK, EA, Chinese and Russian military obsess about? Random, uncontrolled violence? Cheese?

Re:

[MrMr]

I second the suspect BS motion.
The article that is being referred to doesn't provide a working link to the alledged hacking story.

Re:

[ArcherB]

The communication is wireless. Either they were not encrypted, did not frequency hop or were jammed. Probably a combination.

Re:

[ColdWetDog]

The communication is wireless. Either they were not encrypted, did not frequency hop or were jammed. Probably a combination.

Or the claim is just nonsense. Link please. Can the Slashdot editors PLEASE stop picking up pointless press-releases-in-a-blog?

This is embarrassing.

Re:

[ArcherB]

The communication is wireless. Either they were not encrypted, did not frequency hop or were jammed. Probably a combination.

Or the claim is just nonsense. Link please. Can the Slashdot editors PLEASE stop picking up pointless press-releases-in-a-blog?

I didn't think I needed a link to show that combat vehicles use wireless communication. You can't very well maneuver a brigade of tanks with wires connecting them all. THAT would be embarrassing.

(Now it is true that there is some wired communication. When I was an armor crewman about 15 years ago, when parked, we did run wires between the tanks. That is not what the TFA was about as it was a pretty damn secure way of communication, if not a PITA trying to keep other tanks from running over your wire!

Re:

[ZonkerWilliam]

How does intrusion detection and firewalls stop someone from eavesdropping on communications?

There are still ways for an IDS/IPS to detect network cards in promiscuous mode (without an IP address), which most hackers use to sniff traffic.

Re:

[JFitzsimmons]

Haha and what might those ways be?

Re:

[ZonkerWilliam]

Well sending a packet with an invalid MAC address, a normal NIC will reject it, one in promiscuous mode will accept it. Sending ARP packets may get a response, since the packets by-pass the NIC hardware and goes straight to the OS's kernel. There are variations on these used by many vendors.

Re:Sanity check:

[dwillden]

Absolutely it's odd, since Hezbollah wasn't really able to listen in on the Israeli radio's, they just used Direction Finding to locate where the Israelies were broadcasting from, and used that to plot where the Israelies were and where they were going.
There was no great security hack, just monitoring and DF'ing the encrypted radio traffic. I don't need to know what is actually said. If I can track the enemies location by simple DF'ing of their communications, I can quickly locate them and then track their movements. And when that indicates that a large number of radio's are moving up the valley towards my position, I know to be ready to attack, defend or run.

Re:

[sumdumass]

I will have to check my references but this Hezbollah hacking incident was basically getting a set of radios from a country (people inside that country) that ended up keeping a few of the Israeli radios after some joint UN or NATO military exorcises.

I guess the channel and encryption hopping that the radios do is programed and if you have the radio, once you find the first combination, it jumps automatically on the rest. A firewall wouldn't have helped protect from that unless the hackers got the initial co

Re:

[PitaBred]

But... I only thought my freedom cost a buck o' five :(

Don't want to imagine

[downix]

This article begs the thought, what if a hostile force did take over the computer systems of military vehicles. With the advent of fly by wire and now drive by wire systems, the computer can pretty much take complete control over the vehicle. Add in something like Storm, which can run more brute force keygens than even the best supercomputer, and none of these vehicles are in any way secure, even with this new digital armor installed.

Re:

[Sqweegee]

The easy option: Don't have any remote communication/data systems connected to vehicle control systems, unfortunately there's already a lot of hardware out there already.

The solution the US military will come up with: Spend trillions setting up a super intelligent AI that can defeat hackers on the fly and control all military weapons on it's own to spare ever needing to send real troops into battle again... it will be named Skynet...

Re:

[Dunbal]

Don't have any remote communication/data systems connected to vehicle control systems, unfortunately there's already a lot of hardware out there already.

      It will be funny the day all the Predators fail to come in for landing and the guys in Nevada are left staring at a marijuana leaf on their screens...

Re:

[porpnorber]

Yes! That's why we need to x-ray the shoes and steal the water bottles of all the programmers.

Re:

[Fallingcow]

Well, luckily we've still got one Battlestar that uses old tech and has its computer systems decoupled from the network, so when the Cylons attack us with their crippling viruses we'll still have that one warship.

It's called the Galactica.

They will need to study hard though.

[AltGrendel]

If the current defenses against phishing, spam, and botnets are any example, it's going to be a long, long struggle to keep things "clean".

Did I really understood TFR?

[aadvancedGIR]

So, defense contractors plan to use off the shelf network security tools in the future because the one currently deployed are too easily hacked. What the point in having that on the main page?

This reminds me

[javilon]

This reminds me of Ghost in the shell, "I pwned your eyes".

Re:

[Billosaur]

I was thinking of Keith Laumer's "Bolo" stories actually... how long till we have a completely self-aware tank?

Re:

[IBBoard]

Following on along the Ghost in the Shell lines: if we do get self-aware tanks, then please don't make them as annoying as Tatchcomas! (sp?) Unless we use their grating voices to annoy the enemy to death...

Reminds me of Battlestar, Generators, Wardriving..

[stoicfaux]

Reminds me of Battlestar Galactica and how the Cyclons hacked into a squadron of Vipers via their sensor arrays and shut them down. Granted they had placed a backdoor in the software (or found a security gap.)

Then there was that power generator that could be "hacked" and given commands to tear itself apart.

And then there's war driving where you drive around looking for wireless networks to access/hack/piggyback on.

And then there are those huge zombie networks containing hundreds of thousands of compr

Buzzword threshold exceeded

[arivanov]

Incoming buzzword alert!!! Run for best of bread cover against unknown threats.

Re:

[Critical Facilities]

Run for best of bread cover

Isn't that when 8 track tapes of bad 70's bands rain down from the sky?

Hey, it runs BSD!

[downix]

They won't say which BSD, but who wants to bet OpenBSD or at least parts of OpenBSD have found their way into it?

Re:

[canuck57]

They won't say which BSD, but who wants to bet OpenBSD or at least parts of OpenBSD have found their way into it?

One would think you would choose a stable, high uptime secure OS in a tank as it's fundamentally a good idea. Makes me wonder why it already isn't intrinsically firewalled. I wonder if some idiot put Windows inside the tank? I can hear it now:

Gunner: Can't fire yet, waiting for the A/V to finish scanning...

Boom, silence after. It crashed thinking the shell was in mid flight when it restar

Skynet

[jandoedel]

Hope it helps a bit when Skynet takes over. I for one don't welcome our Skynet overlord with his beowulf cluster of hacked tanks.

Technology Worth It?

[ObsessiveMathsFreak]

Exactly such an event happened last year to an Israeli crew, when hackers from Hezbollah eavesdropped on their communications.

In fact, the entire war was characterized by the overall failure of modern military technology, gadgets and intelligence to defeat an enemy essentially using little more than AK-47s, mortars, and sandbags. The entire Israeli army could do little more than advance ~2km into Lebannon. It's clear that military reliance on technological silver bullets is no match for simple numerical sup

Re:

[TheLink]

I bet the real reason why the Israelis didn't get further in was more political than tech. They were already bombing practically any building they wanted in Lebanon.

AFAIK Israel doesn't really want Lebanon or other countries, they want Israel. Judging from the UN Security Council "vetoes" and other similar stuff they've already got the USA by the balls.

Re:

[Bastard of Subhumani]

AFAIK Israel doesn't really want Lebanon or other countries

If they'd wanted them, they'd have had them 20 years ago.

Re:

[Dunbal]

Stalin once asked of the Pope: "How many divisions has he got?". It shows the mindset of those whose countries actually fought in a major and prolonged conflict. For them, it was not as much about which tank could turn faster, or whose radios had a better signal. It was about how many men (and for the Soviets, women) they actually had to fight with.

Good post and I essentially agree with you, however this is a bad example. The Russians threw countless bodies in front of the German advan

Well no, not really

[SmallFurryCreature]

That conflict showed the failure of an army fighting by the rules, against an enemy that did not, and never has.

If Israel could have used the full force of its military without the world breathing down its neck, hezbollah would have been so much smoking corpses.

What this shows you is that most advanced tank cannot deal with a meat shield if there is a camera crew near. Hezbollah has become very good at using this kind of war, they had to, the more recent lebanese actions have shown they suck at military conflict. Note that lebanon could just blow the hell out of hezbollah bases and civilian casualties be damned. Suddenly the world realises that just because a shot up corpse is dressed in civil garb, does not make it a civilian.

In fact the military conflics around Israel have shown just how bloody effective modern equipment is, outnumbered in every way, Israel nonetheless manages to hold out, because they use tech to the max.

You are also wrong about the soviets, the russians were actually the one with the better gear against the germans. It just took a while for it all to come together, but it was the germans that copied soviet tech, not the other way around. The turn around came when russia learned to use the tech advantage it had and properly equip its soldiers with it. Early in the war, it had excellent tanks, but often without radios, or it had motivated troops, who lacked guns. Once that was sorted out, the germans never won a single battle against the russians. Superior tech.

Offcourse, you got to use it properly.

Iraq again shows you just how lethal tech is over numbers. The iraq army was many times greater and was wiped out.

The current conflict has nothing to do with the lack of manpower or reliance on tech. You cannot occupy a country that doesn't want to be occupied unless you are capable of dealing out massive amounts of punishment Roman style. Storm the city, kill everyone inside, tear down the buildings, plow up the ground and sow it with salt, so that you can then point to the desolate area and say, "this is what we do with those who oppose us, any questions?"

In a way, Hezbollah uses very modern weapons, western media, to fight the war. No use of radio? How do you think the images of bloodshed, real and staged made its way to the west? Pigeons?

One final note. You state that Israel only managed to advance X miles. How many miles did Hezbollah advance? Okay, yards then. Feet? Inches? So much for low tech then. Hezbollah has never once manage to threaten Israels survival. It is one of the reasons Lebanon is so fed up with them and finally took action against them and this time, the world media didn't care.

Re:

[Frangible]

Uh, in what bizarre historical revisionism were the T-34s better than many of the panzers? The Russian kyatusha rockets also paled in comparison to the panzerfaust. The Germans had many problems on the Eastern Front, but superiority of Russian technology wasn't one of them. The Germans had a massive kill ratio advantage on the Eastern Front, it was only through a lack support / supplies and overwhelming numbers they lost. To state Germany did not have a technological edge is a lie or an ignorant delusio

Re:

[joib]

Uh, in what bizarre historical revisionism were the T-34s better than many of the panzers?


When it was introduced in 1941 it was clearly superior to the panzer III and IV which was what the germans had at the time. It was mainly inept leadership and tactics (as a result of stalins previous purges) that prevented the Russians from causing devastating losses to the wehrmacht. Only in 1943 did the Germans field tanks that were superior (Panther and Tiger). But these were produced in fairly limited numbers (less

Re:

[joib]

the Panzerfaust an infranty AT rocket


To correct myself, the panzerfaust was actually a recoilless gun, not a rocket propelled one. So if possible, the original comparison with the Katyusha is even more wrong.

Exactly...

[NEOtaku17]

That's the whole point. Hezbollah was hiding in the hospitals and residential areas so that Israel would look bad in the eyes of the world when they attacked. The strategy was not to win on the battlefield, but in the news media.

Never underestimate ...

[Ungrounded Lightning]

... the bandwidth of a homing pigeon with memory cards strapped to its legs.

Re:

[couchslug]

Israel forces were effective because of the way they fought. Their reliance on systems that did not easily smash hardened bunkers and buildings (even Mk84 2000lb bombs are limited in that role) and failure to destroy area targets doomed their effort. Cluster bombs work on surface targets, but they don't punch through mumtiple concrete floors.

Thermobaric and deep-penetration munitions should be used to destroy enemy areas where they are dug-in.

The lightfighter RMA mentality would rather slay the enemy with a

Re:

[couchslug]

DOH! Change "effective" to "ineffective"...drool.

And those protected devices now slow to a crawl...

[securityfolk]

C'mon Joe, aim the turret, aim the turret!!! Sorry Jim, I can't - my system isn't responding right now - it's scanning for spyware :(

BOOM...

In reality...

[Javarufus]

The evidence from the digital attack last year is as follows:

"The A-176 tank scope operator was panning to the North to acquire the target in question when a pop-up add appeared in the view finder alerting him of a fantastic deal on Viagra. Later alerts included free porn and offers to download virus scanning software"...

Re:

[tttonyyy]

The evidence from the digital attack last year is as follows:

"The A-176 tank scope operator was panning to the North to acquire the target in question when a pop-up add appeared in the view finder alerting him of a fantastic deal on Viagra. Later alerts included free porn and offers to download virus scanning software"...

This is why SpamAssassin should be integrated into tanks. It'd make mail headers a bit more entertaining, as well as reducing the general levels of spam.

Received: from sufi-isis.org (unknown [80.92.104.100])
by epsilon (Postfix) with SMTP id 08A4663D38
X-Spam-Report:
* 4.3 RCVD_FORGED_WROTE2 RCVD_FORGED_WROTE2
* 2.5 RCVD_FORGED_WROTE Forged 'Received' header found ('wrote:' spam)

Nice ad

[Pedrito]

How do I get my products advertised as articles on Slashdot? I imagine that could be pretty lucrative. Who do I pay?

Re:

[Nimey]

Zonk.

More seriously, this is at least a somewhat interesting post.

Single Point of Failure

[cyberbian]

Any security consultant worth his salt would be aghast at the military taking up a posture that allows for a single point of failure. Defense in depth is the current mechanism of choice... talk about putting all of your eggs in one basket.

Missing the obvious

[athloi]

Just shoot back at the enemy. If your tanks are getting hacked, cancel the MySpace page for your regiment.

What is their "antivirus" protecting against?

[argent]

Is the military so stupid they're actually using Windows-based software (or software running ANY consumer OS for that matter) in battlefields? If so, there's been a major drop in their design and code standards in the past few years.

Also, what's the threat? "This was reportedly the case during Israel's incursion into South Lebanon last year, where Hezbollah hackers were allegedly able to monitor IDF communications, giving the guerrillas a leg up in attacking Israeli armor." sounds like ordinary signals intelligence. You don't fight that with firewalls and antivirus software, you fight it with encryption and electronic countermeasures like dummy sources to fight tracking and traffic analysis.

Re:

[Ungrounded Lightning]

Is the military so stupid they're actually using Windows-based software (or software running ANY consumer OS for that matter) in battlefields?

Sure looks like it.

If so, there's been a major drop in their design and code standards in the past few years.

Really?

I seem to recall a battleship that got stalled a few years back ...

Re:

[argent]

If so, there's been a major drop in their design and code standards in the past few years.

Really?

Yeh, I know a lot of people who were working on mil-spec stuff back in the '80s and earlier, and their battlefield and avionic firmware was using languages and systems developed specifically for military use. Some of them were even dismissive of ADA. I think using C++ would have started a rebellion.

I seem to recall a battleship that got stalled a few years back ...

Yeh, an experimental one. After that fiasco, the

MS has a version

[switcha]

"You have aquired an enemy target. Cancel or Allow?"

Sorry folks, we're not that Sci-Fi yet

[blueZ3]

The article makes it sound like M1s are Bolos, or something. But slow down there, McFly. The ability to "blind" a tank assumes a level of tech that's not currently available.

Sure the commander is getting info electronically. But it's not like the computer that stabilizes the gun and sight is connected to the network. Nor is the turret traversing mechanism. The article at best glosses over the systems that are networked, and at worse is FUD. From TFS it sounds like there's imminent danger that Al Queda is go

Re:

[SuiteSisterMary]

Oh, I don't know about that. You could screw up a tank pretty good if you can manage to screw with the IVIS data going to it. Or you could neutralize the usefulness of a scout by screwing with the IVIS data coming from it, for that matter.

Re:

[AJWM]

The ability to "blind" a tank assumes a level of tech that's not currently available.

Hey, a few paintballs or some spraypaint on the viewports will do wonders.

Crap! It's updating!

[centron]

"We're taking small arms fire, possible RPG position sighted!"

"Ballistics are non-responsive! The whole thing is locked up! Possible enemy infiltration of system... wait, no, it's installing new DATs. 28% complete... 29%... RPG fire! Cover!"

Gaius Baltar named spokesman

[tjstork]

Gaius Baltar, seen with an attractive blonde collegue, assured the Congress in a special Senate Session that the integrated network was completely safe from Cylon, er uh, Chinese attack...

awesome

[circletimessquare]

first Windows for Warships [slashdot.org]

now Windows for Tanks

"officer on my mark, fire at will on target 254 delta!"

"user account control is asking if i approve or deny the action"

"approve! approve! target is acquiring cover!"

"windows firewall is asking if i should unblock port 666 for application gitty.usuckusa.exe"

"aaaaahhh!"

Useless...

[gillbates]

Once again, this is just product placement.

A firewall won't do you any good when the intruders are already on your network!. Someone is apparently oblivious to the fact that tanks communicate with radio networks, and anyone within broadcast range can become a part of the network. Having a firewall won't do you any good, security wise. Having an encrypted network, OTOH, will.

While communication security is important to the armed forces, I wouldn't trust any of the contractors in the article to do i

Re:

[rjforster]

Having a firewall won't do you any good, security wise. Having an encrypted network, OTOH, will.

But sidewinders can do encryption.

Also, Secure Computing's support lines are the best I've ever dealt with. The call is answered by a smart guy who helps you fix your problem. That's all there is to it.

Whew!

[Comatose51]

Whew, at least we're safe from the Cylons!

id4-type attack?

[superwiz]

Who are they getting ready to fight? China? Whose military could be sophisticated enough that the would conceive of remotely taking control of tanks and having them shoot at each other?

Re:id4-type attack?

[IgnoramusMaximus]

You are confusing logic with sales. The point of this excercise is to sell a bunch $50,000 anti-alien-mind-control-ray tin foil hats. "100% Guaranteed and Tested! No Space Aliens have ever penetrated our ReflectoBeanie! Its a real bargain!"

Never you mind that practicality of manipulating takns into shooting each other or their own troops is beyond ridiculous from the perspective of logistics on the battlefield and return on investment for the attacker who would have to be just in the right place in the right time with a complete understanding of the internal workings of the enemy's command and control systems and procedures, relative tank positions and in respect to their true targets and also to be able to plausibly override voice communications when one tank commander goes on his radio to ask "Sir, why are we prorized to shoot a target 90 degrees from the direction towards the enemy positions?".

But thats Military Industrial complex for ya. Next up, $500 military-grade anti-vampire garlic patches.

Imbecile Speak

[DFDumont]

Whenever I read, "protection 'against all types of threats, both known and unknown'" - all I can do is laugh. I realize that MBA's write articles like this, not technologists but come on, am I the only one that sees the logical fallacy in that statement?

Dennis Dumont

Re:

[slashname3]

Fallacy? Name one unknown threat that their system doesn't protect against? Can't name a single one can you! :)

No one else can either. Because they are all unknown!

The 800 LB gorilla in the room...

[tgatliff]

No one wants to suggest the obvious, which is systems like this should never require antivirus and spyware support. For mission critical systems, the only thing they should use is embedded devices where the only way to install additional software is by flashing the firmware on the device. Also, use of a hardened kernel would be nice...

Re:

[somersault]

How are they meant to install their bonzai buddy on that?

Re:

[krazytekn0]

The problem with this is that the spec-writers for government contracts don't know anything about the products they are trying to buy. Therefore we would end up with job specs at my old job that said stuff like, "1 piece tank with no seams that is 6' tall by 6' diameter, delivered and set in place." Which would normally be ok except the only doors on the facility are 30" wide. So one could imagine that the spec for these systems had some kind of requirement for the vendor to remotely update many tanks/vehic

Re:

[Critical Facilities]

It apparently does run Linux!

No, It doesn't. According to the PDF in the article:

Administration system requirements OS - MS Windows 2000 or XP CPU - Intel (1 GHz minimum) Memory - 512 MB minimum Drives - 300 MB of available disk space, 3.5" 1.44 MB floppy disk drive, CD-ROM drive Monitor - 1024 x 768 or higher Network interface card - access to your firewall network Browser - Internet Explorer 4 or later; Netscape 4.x or later Model 2100 & 2150 - 2U platform Model 1100 - enterprise 1U platform Model 410 & 510 - smal

Re:It runs on snake oil.

[russ1337]

Exactly. It's the same old story with military hardware salesmen. The put words in nice brochures that attract the senior officers who don't understand the details. Look at the words used in the ad.

"The system uses Secure Computing's..... " makes it sound secure.
"off-the-shelf.... " makes it sound 'cost effective'
"...Sidewinder Security Appliance..." makes it sound like a cool offensive weapon
".... consolidates all major Internet security functions into a single system" makes it sound like they

Re:

[russ1337]

yeah, that'll teach me for not reading TFA and the link... but relying on the GPP's post saying it was on XP with ie... Looks like a reasonable piece of kit. Thanks for the link.

Yum. eating my own words is tasty.

Re:

[Critical Facilities]

Well, yes, but according to this product overview (PDF warning) [www.inet.it],

Intuitive Windows-based GUI The rack-mounted G2 Enterprise Manager server and the dynamic security policies for hundreds of distributed appliances are always managed over the network within strongly authenticated, encrypted sessions from a highly intuitive, next-generation Microsoft Windows software package. You only have to authenticate once to manage all of your appliances from one place. Easily view individual security policies or enterpri

Re:

[CheeseTroll]

How do you use your eyes to sight a target in the dark? I'd say the system on the Abrams is doing its job well, if the 95% hit percentage is accurate.

http://en.wikipedia.org/wiki/M1_Abrams#Aiming [wikipedia.org]

Re:

[stoicfaux]

The sorry state of affairs today in that our boys on the field rely TOO MUCH on TECHNOLOGY is reflected in what happens when that technology FAILS. People DIE.

a) Technology can give you a huge advantage over The Enemy(tm). Which is why the US led coalition was able to dominate in Desert Storm.

b) Because technology acts as a "force multiplier," meaning you can do a lot more with less people/tanks/planes/etc.. Without high technology we would need many more real live people in the military. So you

Re:

[frank249]

Technology is good at some things but does have its drawbacks. The more complex a system is, the more likely it will break down at the wrong moment. On a tank the problem is not that bad. Technology helps but there are multiple backup systems so even if all the computers fail, you can still fire the guns. A M829A3 120mm APFSDS round travels at 1,575 m/sec so at ranges up to 2,500m, whatever you point at will die.

As for hacking into a tank's computer, it is impossible. The Tactical Coms system employs ve

Technology, or lots of bombs?

[EmbeddedJanitor]

Far too much gets said about this "Soldier is a knowledge worker" stuff. When it comes down to it, the obvious reason that USD dominated in Iraq is due to Brute Force (TM): firing more shells and dropping more bombs.

As always, the people who win wars are the ones who can mobilise the biggest armies and most equipment. Storemen win more wars than infantrymen. Hollywood might let you think that winning is due to six navy seals called "Bad karma leader", but real war is a lot more boring than that.

Sure, some t

Re:

[Antique Geekmeister]

Rabbits don't shoot back. Infantry do. They'll kill armor first if they get too close. Modern armor absolutely needs the improved sensor suite, or infantry can approach under modest cover with grenade launchers, RPG's, or other tools for eliminating armor.

Re:

[delinear]

Slashdot is now publishing press releases from military-industrial-complex vendors without any real commentary in the main post? Yeah, the military needs firewalls at all levels of networking, but is this news?

You're missing the big picture here, which is that it has a really cool name which looks great in a headline.

Re:

[stuntpope]

That color scheme thing made me wonder if I was really reading the Onion. Or the Style or Arts section of the paper. The device doesn't clash with the color scheme of the tank's interior? I didn't know "must look fabulous" was a requirement.

"General Dynamics Canada and Secure Computing won the contract after beating out competitors who prototyped devices in alternate color schemes such as plaid and fuschia."

Re:

[AJWM]

"Woof, woof!"

Kelly's Heroes, one of the all time great war movies. When Clint Eastwood, Telly Savalas and Donald Sutherland face off against the Tiger tank, you can almost hear "The Good, the Bad and the Ugly" theme in the background.