funsec mailing list archives
Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack]
From: Jon Kibler <Jon.Kibler () aset com>
Date: Fri, 21 Nov 2008 08:45:35 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Valdis.Kletnieks () vt edu wrote:
I was under the impression that at some of the nuclear weapons research sites, *all* media was removable, so that when you were done working with it, it was possible to unplug/remove the drive and put it back in the safe. And in fact, Los Alamos got raked over the coals recently when they had to admit that some of the drives didn't make it back into the safe.
Nuke sites are DoE, not DoD. :) In this and similar cases of 'removable HDDs', the objective is to store the 'system' in a vault. Before the days where the entire HDD was easy to remove and lock up in a vault, you literally had to unplug the computer case every day and haul the entire thing to the vault to be locked up. I consider that type of 'removable HDD' to be an entirely different and totally unrelated issue. I am sure the this type of removable is not covered by the reported ban on removable media. After all, in this case you are securing the entire system, not introducing additional media to a system.
I'm looking at DoD 5220.22-M (Feb 2006 version), and I see on page 8-3-1: "C. Applicability of Logon Authentication. In some cases, it may not be necessary to use IS security controls as logon authenticators. In the case of stand alone workstations, or small local area networks, physical security controls and personnel security controls may suffice. For example, if the following conditions are met, it may not be necessary for the IS to have a logon and password: (1) The workstation does not have a permanent (internal) hard drive, and the removable hard drive and other associated storage media are stored in an approved security container when not in use." Hmm... so that's saying that a workstation can be on a (presumably) classified network, and *NOT EVEN NEED A FRIKKING PASSWORD*, if it has *ONLY* removable media (and a few other requirements I didn't quote). Of course, 5220.22-M is the set of rules that applies to DoD *contractors* - if you have a pointer to a *different* rule that applies directly to DoD networks, feel free to share.
I don't really have a problem with this case. Why? Several reasons: 1) To get physical access to the device, you have to prove you have the an adequate security clearance, you have to prove a 'need to know', and you have to prove authorization. 2) Usually in this type of situation, access to these devices is never by a single individual. Almost always at least two people must be present and quite often it is three -- and often all three must agree on every action taken on the system. 3) In a lot of these cases, the HDD would be to a real-time device (such as a radar console) where you do not have authentication / authorization. Physical access to the device is your authentication and authorization. 4) The physical security controls in most of these environments are extreme. I have been places before where I have had to have three armed guards accompany me everywhere, even including into the head to take a leak! (Which was REAL interesting the day I had 3 female guards!) Jon K - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkmu34ACgkQUVxQRc85QlMXYACfT4+bq/YBcZWBa8g3tSOZvoQn 5TsAn14GwMNEVnZnAu6SzyIgHEbzR8QK =hcnG -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Jon Kibler (Nov 20)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Rich Kulawiec (Nov 20)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] John Bambenek (Nov 20)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] freed0 (Nov 20)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Valdis . Kletnieks (Nov 20)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Jon Kibler (Nov 21)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Valdis . Kletnieks (Nov 21)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Jon Kibler (Nov 21)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Rich Kulawiec (Nov 20)