Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] FCW 26.08.02 DOD may pull key net from the Internet



Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------


DOD may pull key net from the Internet

 BY Christopher J. Dorobek and Diane Frank
 Aug. 26, 2002

 In an effort to secure one of its most widely used Internet networks,
the Defense Department is
 considering constructing something more akin to an intranet.

 The Non-Classified Internet Protocol Router Network (NIPRNET) was
created in 1995 as a network
 of government-owned IP routers used to exchange sensitive information.

 But DOD officials, increasingly uncomfortable with having NIPRNET
reside on the Internet, want to put
 the network behind firewalls and create a "demilitarized zone" for
services that need public access, said
 Keith Fuller, the Defense Information Systems Agency's chief engineer
for information security, speaking
 last week at the Government Symposium on Information Sharing and
Homeland Security in Philadelphia.

 Some military services and Defense agencies need public access to the
Internet, he said. That was
 evident when DOD shut down access to the Internet as part of its effort
to protect the agency from the
 "Code Red" worm that was proliferating across the Web.

 In conjunction with the efforts to secure NIPRNET, DISA is creating a
database that will contain the
 ports and protocols for DOD systems to identify what would be affected
if DOD had to pull the plug on
 its Internet connection, he said.

 The efforts are part of a long-term goal to plug security holes on
NIPRNET. "The long and the short of
 it [is] that it was, in all practical terms, just an extension" of the
Internet with "little additional controls,"
 said retired Col. John Thomas, former chief of DISA's Global Operations
and Security Office and now
 director of strategic programs at EMC Corp.

 NIPRNET has some "significant" security controls but is still largely
an open network, he said, because NIPRNET was developed
 before there were significant threats.

 In 1999, DISA sought to plug some of those holes by cracking down on
unofficial connections. "Positive control of all
 NIPRNET/Internet connections is an absolute requirement," according to
an Aug. 22, 1999, policy issued by then-DOD chief
 information officer Art Money.

 That policy, however, failed to plug the holes. A December 2000 report
from the DOD inspector general was critical of the efforts
 and concluded that NIPRNET's security policy was never incorporated
into overall DOD policy.

 Furthermore, the IG report noted that the policy "lacked visibility"
because it did not clearly define the process for connecting services
 nor did it require regular status reports on the progress made in
securing the NIPRNET/Internet connections.

 Whenever DISA attempted to push greater security, there was always
resistance, Thomas said. He said the military "has an absolute
 need to be able to transit the Internet."

 The DOD IG report noted that 70 percent of the traffic on NIPRNET is
directed toward the Internet. "As the growth and usage of
 the Internet surge, so do the dangers of intrusion into sensitive
networks," the report concluded.

 Thomas stressed that the difficulty has always been in finding the
right balance between security and open lines of communication.
http://www.fcw.com/fcw/articles/2002/0826/news-net-08-26-02.asp


--
Olivier Minkwitz___________________________________________
Dipl. Pol.
HSFK Hessische Stiftung für Friedens- und Konfliktforschung
PRIF Peace Research Institute Frankfurt
Leimenrode 29 60322 Frankfurt a/M Germany
Tel +49 (0)69 9591 0422  Fax +49 (0)69 5584 81
http://www.hsfk.de                         pgpKey:0xAD48A592
minkwitz -!
- hsfk -
 de____________________________________________



---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.