Return-Path: <sentto-279987-2897-1002965133-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 13 Oct 2001 02:29:07 -0700 (PDT) Received: (qmail 15755 invoked by uid 510); 13 Oct 2001 09:28:19 -0000 Received: from n9.groups.yahoo.com (216.115.96.59) by 204.181.12.215 with SMTP; 13 Oct 2001 09:28:19 -0000 X-eGroups-Return: sentto-279987-2897-1002965133-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by n9.groups.yahoo.com with NNFMP; 13 Oct 2001 09:28:29 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 13 Oct 2001 09:25:33 -0000 Received: (qmail 95131 invoked from network); 13 Oct 2001 09:25:33 -0000 Received: from unknown (10.1.10.26) by l10.egroups.com with QMQP; 13 Oct 2001 09:25:33 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 13 Oct 2001 09:25:33 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id CAA01793 for iwar@onelist.com; Sat, 13 Oct 2001 02:25:32 -0700 Message-Id: <200110130925.CAA01793@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 13 Oct 2001 02:25:32 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Security.pros.cautious.on.government.Net] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Security pros cautious on government Net By Robert Lemos Special to CNET News.com October 11, 2001, 12:25 p.m. PT Network-security professionals supported the Bush administration's idea of a separate government Internet but stressed that security on such a network will be elusive. Actions as simple as a government employee connecting a nonsecured computer to the network or loading data from a diskette could compromise the entire system, experts said. "It still is a really good idea," said Bruce Schneier, president of network-protection company Counterpane Internet Security. "But you really have to physically separate the networks." On Wednesday, Richard Clarke, the newly appointed presidential adviser for cyberspace security, and the General Services Administration called for industry leaders to help develop blueprints for a secure and separate government Internet. Dubbed "Govnet," the proposed computer network would use Internet protocols but would be completely shut off from the public Internet. The network would be the third U.S. Internet, adding to the current public Net and the classified military network that is a completely separate system. University researchers also are developing an Internet 2 for academic use. The Govnet proposal also requires that the network use encryption to protect all data and be immune to cyberattacks, worms and viruses. Yet Schneier said such threats are hard to dodge. "Even if you separate the networks, that doesn't mean you are immune to attacks," he said. The LoveLetter virus proved that point last year when the Pentagon admitted that four of the computers on its classified network had been infected by the virus. While the Pentagon said LoveLetter did not spread to other systems, somehow the program had been able to jump from the Internet to the military's classified network--a feat that is not supposed to be possible. "You have to ask, with all these attacks, is (something like Govnet) really going to do the job?" said Steve Bellovin, network-security researcher for ATT Labs. Bellovin questions whether the government, which by definition deals with the public on a regular basis, can really keep the networks separate and still make Govnet useful. Add to that the decisions of who gets access to the network, the headaches with dealing with many different government departments and all the equipment that would need to be administered, and you have a recipe for an insecure network. "This is not necessarily the wrong thing to do," he said. "But when you have a system with that many firewalls and gateways, it is hard to guarantee security." Instead, hardening smaller networks and connecting them over the Internet may deliver better security, he said. "The general approach is a reasonable approach," Bellovin said. "It may be more like a speed bump rather than a barrier (to attack)." ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST