Return-Path: <sentto-279987-5252-1030421680-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 26 Aug 2002 21:24:14 -0700 (PDT) Received: (qmail 3828 invoked by uid 510); 27 Aug 2002 04:16:54 -0000 Received: from n4.grp.scd.yahoo.com (66.218.66.88) by all.net with SMTP; 27 Aug 2002 04:16:54 -0000 X-eGroups-Return: sentto-279987-5252-1030421680-fc=all.net@returns.groups.yahoo.com Received: from [66.218.66.97] by n4.grp.scd.yahoo.com with NNFMP; 27 Aug 2002 04:14:40 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_1_0_1); 27 Aug 2002 04:14:40 -0000 Received: (qmail 11467 invoked from network); 27 Aug 2002 04:14:40 -0000 Received: from unknown (66.218.66.218) by m14.grp.scd.yahoo.com with QMQP; 27 Aug 2002 04:14:40 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 27 Aug 2002 04:14:38 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7R4F7T15177 for iwar@onelist.com; Mon, 26 Aug 2002 21:15:07 -0700 Message-Id: <200208270415.g7R4F7T15177@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 26 Aug 2002 21:15:06 -0700 (PDT) Subject: [iwar] [fc:DOD.may.pull.key.net.from.the.Internet] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: Federal Computer Week DOD may pull key net from the Internet BY Christopher J. Dorobek and Diane Frank Aug. 26, 2002 In an effort to secure one of its most widely used Internet networks, the Defense Department is considering constructing something more akin to an intranet. The Non-Classified Internet Protocol Router Network (NIPRNET) was created in 1995 as a network of government-owned IP routers used to exchange sensitive information. But DOD officials, increasingly uncomfortable with having NIPRNET reside on the Internet, want to put the network behind firewalls and create a "demilitarized zone" for services that need public access, said Keith Fuller, the Defense Information Systems Agency's chief engineer for information security, speaking last week at the Government Symposium on Information Sharing and Homeland Security in Philadelphia. Some military services and Defense agencies need public access to the Internet, he said. That was evident when DOD shut down access to the Internet as part of its effort to protect the agency from the "Code Red" worm that was proliferating across the Web. In conjunction with the efforts to secure NIPRNET, DISA is creating a database that will contain the ports and protocols for DOD systems to identify what would be affected if DOD had to pull the plug on its Internet connection, he said. The efforts are part of a long-term goal to plug security holes on NIPRNET. "The long and the short of it [is] that it was, in all practical terms, just an extension" of the Internet with "little additional controls," said retired Col. John Thomas, former chief of DISA's Global Operations and Security Office and now director of strategic programs at EMC Corp. NIPRNET has some "significant" security controls but is still largely an open network, he said, because NIPRNET was developed before there were significant threats. In 1999, DISA sought to plug some of those holes by cracking down on unofficial connections. "Positive control of all NIPRNET/Internet connections is an absolute requirement," according to an Aug. 22, 1999, policy issued by then-DOD chief information officer Art Money. That policy, however, failed to plug the holes. A December 2000 report from the DOD inspector general was critical of the efforts and concluded that NIPRNET's security policy was never incorporated into overall DOD policy. Furthermore, the IG report noted that the policy "lacked visibility" because it did not clearly define the process for connecting services nor did it require regular status reports on the progress made in securing the NIPRNET/Internet connections. Whenever DISA attempted to push greater security, there was always resistance, Thomas said. He said the military "has an absolute need to be able to transit the Internet." The DOD IG report noted that 70 percent of the traffic on NIPRNET is directed toward the Internet. "As the growth and usage of the Internet surge, so do the dangers of intrusion into sensitive networks," the report concluded. Thomas stressed that the difficulty has always been in finding the right balance between security and open lines of communication. ------------------------ Yahoo! Groups Sponsor ---------------------~--> 4 DVDs Free +s&p Join Now http://us.click.yahoo.com/pt6YBB/NXiEAA/mG3HAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT