Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 08/22/04

  • Next message: Shivdasani, Meenoo: "RE: [fw-wiz] Gauntlet 6 "adaptive proxy"" 
    To: Christopher Hicks <chicks@chicks.net>
Date: Sun, 22 Aug 2004 11:29:33 -0400 (EDT)

    On Fri, 20 Aug 2004, Christopher Hicks wrote:

    > Maybe if we weren't spending so much money sacrificing our military might
    > in the Middle East we'd have enough money left over to run our Top Secret
    > network? As much of a pain in the *** as physically seperate is to

    Different budgets, and not germain.

    > maintain we've seen clearly given how various widely respected crypto
    > algorithms have been undermined just in recent weeks that as vital and
    > necessary as crypto is that it doesn't provide a complete solution. We

    The time between deployment of a cryptosystem, and its analysis then its
    compromise is generally quite long. It's longer still if the algorithm
    hasn't undergone public scrutiny and gaining an implementation takes a physical
    theft[1].

    > won't have to worry about anybody at Los Alamos losing hard drives anymore
    > when our Latest Terrorist can just crack a poorly administered firewall.
    > My current sig is obviously something that our current brilliant DISA
    > management has missed out on. Sigh.

    Newsflash: We've been running encrypted traffic over untrusted networks
    for literally decades. It seems to have worked just fine so far. That's
    not to say there aren't concerns and issues, but to say that neither the
    practice, nor the threat is new.

    I've personally put classified nodes in hotel rooms (in a long past life,)
    and it's not exactly rocket science. It's all about a strong encryption
    boundary.

    Paul
    [1] Public scrutiny of cryptosystems is a good thing, but obscurity
    combined with limited physical implementation requires that an attacker
    actually get hold of either the device, or enough traffic to analyze.
    That takes time, which is in the defender's interest.
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Shivdasani, Meenoo: "RE: [fw-wiz] Gauntlet 6 "adaptive proxy""
    • Quantcast