Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?
From: Paul D. Robertson (paul_at_compuwar.net)
Date: 08/22/04
- Previous message: Eugene Kuznetsov: "RE: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"
- Next in thread: Eugene Kuznetsov: "RE: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Marcus J. Ranum" <mjr@ranum.com> Date: Sun, 22 Aug 2004 09:58:28 -0400 (EDT)
On Fri, 20 Aug 2004, Marcus J. Ranum wrote:
> Transitive trust attacks could be gigantic, especially if you
> figure that it's all being tunnelled over an encrypted black
> core point-to-point network. How do you detect attacks and
The royal "we" have transited classified data over unclassified networks
for *decades*. The PTN is still an untrusted, unclassified network- as
are most public/commercial satcom nets. The major trust point is the
encryption boundary. As long as you have a strong encryption boundary,
then only a breach of the crypto implementation (especially the keys,) or
a back-end breach on either end is a risk, same as it's been for decades.
Red/black networking hasn't changed, and isn't likely to change, the real
risk is in compromising the encryption boundary- such as having an
endpoint that isn't multi-level secure do DNS queries, or having endpoints
on the trusted net with Internet access.
People who don't understand encryption and doomed to implement it poorly.
> track them if they are being done over Type-1 crypto?
>
At the endpoints, just as it's always been done.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Eugene Kuznetsov: "RE: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"
- Next in thread: Eugene Kuznetsov: "RE: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
