Re: We got owned by the Chinese and didn't even get a "lessons learned"

[Etaoin Shrdlu <shrdlu () deaddrop org>]

Martin Johns wrote:

> On 5/24/06, Steve Wilson <S.Wilson () eris qinetiq com> wrote:
>
> > A large government organisation with no egress firewalling policy? No
> > restrictive and monitored outbound proxies? What sort of a perimeter is
> > that[1]?

> I do not think monitored outbound proxies are a feasible concept to
> prevent the leakage of classified material. As long as http traffic is
> allowed, there are about 100000000 hidden channels which could be used
> to encode the material.

Please, please, please, folks; unless you've worked in the classified 
area (which is where I've spent my entire professional life), try not to 
guess at these things. Truly classified documents are not *on* the 
Internet. They have multiple classified networks with only sneakernet 
between them, and while there have indeed been "spillages" of classified 
material, this has usually been the result of some fool or other 
mentioning something in email or in a document that makes the result 
classified (and the destruction and wiping of perfectly good disk drives 
due to inadvertent release of such minor details is *huge*, and very 
time consuming).

Sure, most of the gov and mil internet facing networks are a lot more 
lax than they should be, but the classified stuff (even the stuff 
classified at a mere Confidential level) is not there. Not. Look up 
things like siprnet.

Coffee. Need more coffee...

--
Shrdlu