RE: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 08/22/04

  • Next message: Matt Curtin: "Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?" 
    To: Eugene Kuznetsov <eugene@datapower.com>
Date: Sun, 22 Aug 2004 10:11:03 -0400 (EDT)

    On Sat, 21 Aug 2004, Eugene Kuznetsov wrote:

    >
    > > > http://www.gcn.com/vol1_no1/daily-updates/26971-1.html
    >
    > This is all very interesting, but I don't think that article said anything
    > about DoD data going over public internet! ;-) I think they were hinting at

    No injecting reality into a good debate, it's not fair! ;)

    > separating messages on the internal DoD network, separating messages of
    > different classification levels using encryption, instead of physical
    > segments. That largely removes DoS and MIM considerations.

    Not really, the considerations are still there, the "challenge" is in
    building the aggregation points, which have to handle the input from less
    trusted nodes, including routing information, unless you're using some
    sort of source routing- if you're using DNS, then you have to be able to
    trust the aggregation point's implementation not to be compromised from a
    less-trusted node's answers, or have every nameserver be in the highest
    trust grouping, then have them all secure from queries from untrusted
    nodes.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Matt Curtin: "Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?"