Firewall Wizards mailing list archives
Re: Top Secret DOD Data over the Public Internet? Thoughts?
From: "Paul D. Robertson" <paul () compuwar net>
Date: Sun, 22 Aug 2004 11:29:33 -0400 (EDT)
On Fri, 20 Aug 2004, Christopher Hicks wrote:
Maybe if we weren't spending so much money sacrificing our military might in the Middle East we'd have enough money left over to run our Top Secret network? As much of a pain in the butt as physically seperate is to
Different budgets, and not germain.
maintain we've seen clearly given how various widely respected crypto algorithms have been undermined just in recent weeks that as vital and necessary as crypto is that it doesn't provide a complete solution. We
The time between deployment of a cryptosystem, and its analysis then its compromise is generally quite long. It's longer still if the algorithm hasn't undergone public scrutiny and gaining an implementation takes a physical theft[1].
won't have to worry about anybody at Los Alamos losing hard drives anymore when our Latest Terrorist can just crack a poorly administered firewall. My current sig is obviously something that our current brilliant DISA management has missed out on. Sigh.
Newsflash: We've been running encrypted traffic over untrusted networks for literally decades. It seems to have worked just fine so far. That's not to say there aren't concerns and issues, but to say that neither the practice, nor the threat is new. I've personally put classified nodes in hotel rooms (in a long past life,) and it's not exactly rocket science. It's all about a strong encryption boundary. Paul [1] Public scrutiny of cryptosystems is a good thing, but obscurity combined with limited physical implementation requires that an attacker actually get hold of either the device, or enough traffic to analyze. That takes time, which is in the defender's interest. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Top Secret DOD Data over the Public Internet? Thoughts? Gary Flynn (Aug 20)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Kevin Sheldrake (Aug 20)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Marcus J. Ranum (Aug 22)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Paul D. Robertson (Aug 22)
- RE: Top Secret DOD Data over the Public Internet? Thoughts? Eugene Kuznetsov (Aug 22)
- RE: Top Secret DOD Data over the Public Internet? Thoughts? Paul D. Robertson (Aug 22)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Marcus J. Ranum (Aug 22)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Christopher Hicks (Aug 20)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Marcus J. Ranum (Aug 22)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? George Capehart (Aug 23)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Paul D. Robertson (Aug 22)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Marcus J. Ranum (Aug 22)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Matt Curtin (Aug 22)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Marcus J. Ranum (Aug 22)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Christopher Hicks (Aug 23)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Marcus J. Ranum (Aug 22)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Chris Pugrud (Aug 22)
- <Possible follow-ups>
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Kevin Sheldrake (Aug 22)
- Re: Top Secret DOD Data over the Public Internet? Thoughts? Kevin Sheldrake (Aug 20)