Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] Bruce Schneier zu GOVNET



Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
"Die Sicherheit von etwas wie GOVNET ist wahrscheinlich umgekehrt
proportional zu seiner Nützlichkeit." - Argument: Ein getrenntes Netz
für einen unspezifischen Auftrag (im Gegensatz zu INTELINK oder DSN)
will niemand haben, da man die Anbindung zum Internet braucht. Gateways
oder ähnliches Vermindern aber gerade die Sicherheit von GOVNET. RB

-------- Original Message --------
Betreff: CRYPTO-GRAM, November 15, 2001
Datum: Thu, 15 Nov 2001 01:45:27 -0600
Von: Bruce Schneier <schneier -!
- counterpane -
 com>
An: crypto-gram -!
- chaparraltree -
 com

                  CRYPTO-GRAM, November 15, 2001

               by Bruce Schneier
                Founder and CTO
       Counterpane Internet Security, Inc.
            schneier -!
- counterpane -
 com
          <http://www.counterpane.com>

(...)
                     GOVNET

The U.S. government wants its own private Internet.  The idea is to
create 
a secure GOVNET, physically separate from the public Internet.  I think 
this is a good idea, although it will be very expensive and difficult to
do 
and will almost certainly have insecurities.  But even a mediocre 
implementation would be more secure than what they have now.

Limiting access to a network goes a long way towards improving its 
security.  Hackers can't attempt to break in from half a planet 
away.  Well-meaning friends can't pass along viruses.  Trojans can't
alert 
their owners of successful infections.  Users can't access questionable
Web 
sites and release their passwords, configurations, and private 
information.  Outsiders can't sniff passwords.  The software would be
just 
as buggy -- applications and operating systems would have the same 
vulnerabilities -- but accessing those vulnerabilities would be much
harder.

The effectiveness of this is directly tied to how strong the physical 
separation is.  The networks have to be physically different.  GOVNET
can't 
run on the Internet over a VPN.  GOVNET can't have firewall-protected 
gateways to the Internet.  GOVNET can't be separated from the Internet
by 
one of those silly "air-gap" products.  GOVNET has to use its own
routers, 
its own servers, and its own clients.  If a GOVNET user wants to use the 
Internet, he needs two computers on his desk.  He can use the same
programs 
on both, but they have to be different copies.  And he can't share files 
between them, not even by floppy disk.

Breaking any of these rules hurts the security.  Pass a MS Word floppy 
between the two networks, and you risk infection by a macro virus. 
Attach 
a computer to both networks, and you risk all sorts of malware jumping 
over.  Add public dial-up access points, and then the public can try to 
break in.

GOVNET isn't a new idea.  There are already several separate internets
in 
the U.S. government -- INTELINK, SIPRNET, NIPRNET, etc. -- some of these 
classified networks.  The classified networks are completely encrypted,
and 
all access points are in secured rooms and buildings.  They're a whole
lot 
more secure than the Internet, but it took the Melissa virus 24 hours to 
jump over from the Internet to one of these networks.  And the
LoveLetter 
virus infected several of these computers.

I can imagine what happened.  Some senior executive checked his e-mail
on 
the Internet.  Then he plugged the same laptop into one of the private, 
secure, classified, separate networks.  And the viruses crossed over.

But even that is worlds better than what we have today.  And a GOVNET 
designed from scratch can include other security features.  There can be 
mandated strong authentication (inasmuch as commercial products allow 
it).  All the links can be encrypted.  Anonymity can be banned.  There
can 
be better accountability.  There can be an approved list of permitted 
software.  GOVNET could not prevent insider attacks, but it could make
them 
a lot harder to get away with.

On the other hand, physically separating a network from the Internet
makes 
it a whole lot less useful.  And usefulness is why companies connected 
their corporate networks to the Internet in the first place.  In a lot
of 
ways, this is a huge step backwards.  The Internet got its name because
it 
was a network of networks.  In the old days, there was Arpanet, Milnet, 
BITnet, Usenet, JANET, and a host of other disjoint networks. 
Connecting 
them to the Internet made them all more useful.

Inasmuch as GOVNET (and the others) disconnect themselves from the 
Internet, they become less useful.  Networks like INTELINK have 
well-defined missions; that's why they work.  GOVNET doesn't, and that's 
its biggest weakness.  Users will need to access pieces of the Internet, 
and the temptation will always be there to link to the Internet through 
some kind of firewall.  And then the separation is gone.  Unfortunately, 
the security of something like GOVNET is likely to be inversely 
proportional to its utility.


Press Release:
<http://w3.gsa.gov/web/x/publicaffairs.nsf/dea168abbe828fe9852565c600519794/ 
1c10e9ac670553b885256ae100668beb?OpenDocument>

News and Commentary:
<http://news.bbc.co.uk/low/english/sci/tech/newsid_1601000/1601823.stm>
<http://www.theregister.co.uk/content/archive/22156.html>
<http://www.zdnet.com/zdnn/stories/news/0,4586,5098134,00.html>
<http://www.zdnet.com/zdnn/stories/news/0,4586,5098169,00.html>
<http://www.zdnet.com/sp/stories/news/0,4538,2818268,00.html>
<http://www.zdnet.com/zdnn/stories/news/0,4586,2818103,00.html>
<http://www3.gartner.com/DisplayDocument?doc_cd=101741>



---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.