[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Bruce Schneier zu GOVNET
"Die Sicherheit von etwas wie GOVNET ist wahrscheinlich umgekehrt
proportional zu seiner Nützlichkeit." - Argument: Ein getrenntes Netz
für einen unspezifischen Auftrag (im Gegensatz zu INTELINK oder DSN)
will niemand haben, da man die Anbindung zum Internet braucht. Gateways
oder ähnliches Vermindern aber gerade die Sicherheit von GOVNET. RB
-------- Original Message --------
Betreff: CRYPTO-GRAM, November 15, 2001
Datum: Thu, 15 Nov 2001 01:45:27 -0600
Von: Bruce Schneier <schneier -!
- counterpane -
An: crypto-gram -!
- chaparraltree -
CRYPTO-GRAM, November 15, 2001
by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
- counterpane -
The U.S. government wants its own private Internet. The idea is to
a secure GOVNET, physically separate from the public Internet. I think
this is a good idea, although it will be very expensive and difficult to
and will almost certainly have insecurities. But even a mediocre
implementation would be more secure than what they have now.
Limiting access to a network goes a long way towards improving its
security. Hackers can't attempt to break in from half a planet
away. Well-meaning friends can't pass along viruses. Trojans can't
their owners of successful infections. Users can't access questionable
sites and release their passwords, configurations, and private
information. Outsiders can't sniff passwords. The software would be
as buggy -- applications and operating systems would have the same
vulnerabilities -- but accessing those vulnerabilities would be much
The effectiveness of this is directly tied to how strong the physical
separation is. The networks have to be physically different. GOVNET
run on the Internet over a VPN. GOVNET can't have firewall-protected
gateways to the Internet. GOVNET can't be separated from the Internet
one of those silly "air-gap" products. GOVNET has to use its own
its own servers, and its own clients. If a GOVNET user wants to use the
Internet, he needs two computers on his desk. He can use the same
on both, but they have to be different copies. And he can't share files
between them, not even by floppy disk.
Breaking any of these rules hurts the security. Pass a MS Word floppy
between the two networks, and you risk infection by a macro virus.
a computer to both networks, and you risk all sorts of malware jumping
over. Add public dial-up access points, and then the public can try to
GOVNET isn't a new idea. There are already several separate internets
the U.S. government -- INTELINK, SIPRNET, NIPRNET, etc. -- some of these
classified networks. The classified networks are completely encrypted,
all access points are in secured rooms and buildings. They're a whole
more secure than the Internet, but it took the Melissa virus 24 hours to
jump over from the Internet to one of these networks. And the
virus infected several of these computers.
I can imagine what happened. Some senior executive checked his e-mail
the Internet. Then he plugged the same laptop into one of the private,
secure, classified, separate networks. And the viruses crossed over.
But even that is worlds better than what we have today. And a GOVNET
designed from scratch can include other security features. There can be
mandated strong authentication (inasmuch as commercial products allow
it). All the links can be encrypted. Anonymity can be banned. There
be better accountability. There can be an approved list of permitted
software. GOVNET could not prevent insider attacks, but it could make
a lot harder to get away with.
On the other hand, physically separating a network from the Internet
it a whole lot less useful. And usefulness is why companies connected
their corporate networks to the Internet in the first place. In a lot
ways, this is a huge step backwards. The Internet got its name because
was a network of networks. In the old days, there was Arpanet, Milnet,
BITnet, Usenet, JANET, and a host of other disjoint networks.
them to the Internet made them all more useful.
Inasmuch as GOVNET (and the others) disconnect themselves from the
Internet, they become less useful. Networks like INTELINK have
well-defined missions; that's why they work. GOVNET doesn't, and that's
its biggest weakness. Users will need to access pieces of the Internet,
and the temptation will always be there to link to the Internet through
some kind of firewall. And then the separation is gone. Unfortunately,
the security of something like GOVNET is likely to be inversely
proportional to its utility.
News and Commentary:
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.