Return-Path: <sentto-279987-3914-1006666264-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 24 Nov 2001 21:34:08 -0800 (PST) Received: (qmail 16949 invoked by uid 510); 25 Nov 2001 05:29:37 -0000 Received: from n18.groups.yahoo.com (216.115.96.68) by all.net with SMTP; 25 Nov 2001 05:29:37 -0000 X-eGroups-Return: sentto-279987-3914-1006666264-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.52] by n18.groups.yahoo.com with NNFMP; 25 Nov 2001 05:31:11 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 25 Nov 2001 05:31:04 -0000 Received: (qmail 47143 invoked from network); 25 Nov 2001 05:31:03 -0000 Received: from unknown (216.115.97.172) by m8.grp.snv.yahoo.com with QMQP; 25 Nov 2001 05:31:03 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2.grp.snv.yahoo.com with SMTP; 25 Nov 2001 05:31:05 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fAP5Wcx13892 for iwar@onelist.com; Sat, 24 Nov 2001 21:32:38 -0800 Message-Id: <200111250532.fAP5Wcx13892@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 24 Nov 2001 21:32:37 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:NMCI.to.shore.up.security] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit NMCI to shore up security By Christopher J. Dorobek, Federal Computer Week, 11/16/2001 <a href="http://www.fcw.com/fcw/articles/2001/1112/web-nmci-11-14-01.asp">http://www.fcw.com/fcw/articles/2001/1112/web-nmci-11-14-01.asp> Some Navy networks have virtually no protection from cyberattacks, according to the officer who spearheads the Navy's efforts to assess network security. Such vulnerabilities have resulted in 40 instances of root access to Navy systems this year, including some that took days to detect, said Capt. Jim Newman, who leads the Navy's "Red Team," the group of 20 sailors and civilian personnel who attempt to break network defenses. Newman said the Navy Marine Corps Intranet has proven to be much more secure and offers some inherent security advantages. So far this year, the Navy has tracked some 16,000 incidents where somebody attempted to enter a Navy system. Of those, about 400 were considered significant attempts to obtain root access the level at which someone can access the network's functions. Of those attempts, about 40 succeeded in gaining root access, Newman said during a Nov. 13 press briefing. Navy officials acknowledged that although some of the service's networks are well-protected especially those used at sea for warfighting some of the shore networks have little or no protection. In a typical test of the Navy's existing shore-based networks, the Red Team can find 40,000 to 150,000 vulnerabilities in a network of about 8,000 machines, Newman said. During the past two years, the Navy has been hardening the most critical systems, he said, and the service has developed a multilevel defensive system where an intruder might be able to access less-sensitive systems but would be barred from more critical data. Meanwhile, the Navy has started rolling out the $6.9 billion NMCI, which Newman said will enhance the service's network security stature. "On the shore side, NMCI is building a defensible network structure," he said. During a recent similar test of the NMCI network operations centers, the Red Team found no vulnerabilities. "That is NMCI," Newman said. In part, NMCI will streamline the Navy's network functions by centralizing management of the Navy's network. Currently, the scores of Navy networks are operated independently, Newman said, and they often have different security policies and standards. Without standardization, adding applications or updating software can create security vulnerabilities, he said. NMCI also will provide users with training about the importance of security and their role in securing the network, Newman said, something that has not existed previously. The centralized network also will enable the best-trained personnel to work on the overall network. Among the NMCI service-level agreements are security standards that include defeating Red Team attacks on the system, said Garnet Smith, a project manager with the Space and Naval Warfare Systems Command. NMCI has just started to be rolled out across the Navy. The first 550 seats were recently rolled out at the Naval Air Facility, Washington, D.C. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/bAmslD/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST