[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Bruce Schneier zu GOVNET
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
"Die Sicherheit von etwas wie GOVNET ist wahrscheinlich umgekehrt
proportional zu seiner Nützlichkeit." - Argument: Ein getrenntes Netz
für einen unspezifischen Auftrag (im Gegensatz zu INTELINK oder DSN)
will niemand haben, da man die Anbindung zum Internet braucht. Gateways
oder ähnliches Vermindern aber gerade die Sicherheit von GOVNET. RB
-------- Original Message --------
Betreff: CRYPTO-GRAM, November 15, 2001
Datum: Thu, 15 Nov 2001 01:45:27 -0600
Von: Bruce Schneier <schneier -!
- counterpane -
com>
An: crypto-gram -!
- chaparraltree -
com
CRYPTO-GRAM, November 15, 2001
by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
schneier -!
- counterpane -
com
<http://www.counterpane.com>
(...)
GOVNET
The U.S. government wants its own private Internet. The idea is to
create
a secure GOVNET, physically separate from the public Internet. I think
this is a good idea, although it will be very expensive and difficult to
do
and will almost certainly have insecurities. But even a mediocre
implementation would be more secure than what they have now.
Limiting access to a network goes a long way towards improving its
security. Hackers can't attempt to break in from half a planet
away. Well-meaning friends can't pass along viruses. Trojans can't
alert
their owners of successful infections. Users can't access questionable
Web
sites and release their passwords, configurations, and private
information. Outsiders can't sniff passwords. The software would be
just
as buggy -- applications and operating systems would have the same
vulnerabilities -- but accessing those vulnerabilities would be much
harder.
The effectiveness of this is directly tied to how strong the physical
separation is. The networks have to be physically different. GOVNET
can't
run on the Internet over a VPN. GOVNET can't have firewall-protected
gateways to the Internet. GOVNET can't be separated from the Internet
by
one of those silly "air-gap" products. GOVNET has to use its own
routers,
its own servers, and its own clients. If a GOVNET user wants to use the
Internet, he needs two computers on his desk. He can use the same
programs
on both, but they have to be different copies. And he can't share files
between them, not even by floppy disk.
Breaking any of these rules hurts the security. Pass a MS Word floppy
between the two networks, and you risk infection by a macro virus.
Attach
a computer to both networks, and you risk all sorts of malware jumping
over. Add public dial-up access points, and then the public can try to
break in.
GOVNET isn't a new idea. There are already several separate internets
in
the U.S. government -- INTELINK, SIPRNET, NIPRNET, etc. -- some of these
classified networks. The classified networks are completely encrypted,
and
all access points are in secured rooms and buildings. They're a whole
lot
more secure than the Internet, but it took the Melissa virus 24 hours to
jump over from the Internet to one of these networks. And the
LoveLetter
virus infected several of these computers.
I can imagine what happened. Some senior executive checked his e-mail
on
the Internet. Then he plugged the same laptop into one of the private,
secure, classified, separate networks. And the viruses crossed over.
But even that is worlds better than what we have today. And a GOVNET
designed from scratch can include other security features. There can be
mandated strong authentication (inasmuch as commercial products allow
it). All the links can be encrypted. Anonymity can be banned. There
can
be better accountability. There can be an approved list of permitted
software. GOVNET could not prevent insider attacks, but it could make
them
a lot harder to get away with.
On the other hand, physically separating a network from the Internet
makes
it a whole lot less useful. And usefulness is why companies connected
their corporate networks to the Internet in the first place. In a lot
of
ways, this is a huge step backwards. The Internet got its name because
it
was a network of networks. In the old days, there was Arpanet, Milnet,
BITnet, Usenet, JANET, and a host of other disjoint networks.
Connecting
them to the Internet made them all more useful.
Inasmuch as GOVNET (and the others) disconnect themselves from the
Internet, they become less useful. Networks like INTELINK have
well-defined missions; that's why they work. GOVNET doesn't, and that's
its biggest weakness. Users will need to access pieces of the Internet,
and the temptation will always be there to link to the Internet through
some kind of firewall. And then the separation is gone. Unfortunately,
the security of something like GOVNET is likely to be inversely
proportional to its utility.
Press Release:
<http://w3.gsa.gov/web/x/publicaffairs.nsf/dea168abbe828fe9852565c600519794/
1c10e9ac670553b885256ae100668beb?OpenDocument>
News and Commentary:
<http://news.bbc.co.uk/low/english/sci/tech/newsid_1601000/1601823.stm>
<http://www.theregister.co.uk/content/archive/22156.html>
<http://www.zdnet.com/zdnn/stories/news/0,4586,5098134,00.html>
<http://www.zdnet.com/zdnn/stories/news/0,4586,5098169,00.html>
<http://www.zdnet.com/sp/stories/news/0,4538,2818268,00.html>
<http://www.zdnet.com/zdnn/stories/news/0,4586,2818103,00.html>
<http://www3.gartner.com/DisplayDocument?doc_cd=101741>
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.