RE: Top Secret DOD Data over the Public Internet? Thoughts?

["Paul D. Robertson" <paul () compuwar net>]

On Sat, 21 Aug 2004, Eugene Kuznetsov wrote:

> > > http://www.gcn.com/vol1_no1/daily-updates/26971-1.html
>
> This is all very interesting, but I don't think that article said anything
> about DoD data going over public internet! ;-) I think they were hinting at

No injecting reality into a good debate, it's not fair! ;)

> separating messages on the internal DoD network, separating messages of
> different classification levels using encryption, instead of physical
> segments. That largely removes DoS and MIM considerations.

Not really, the considerations are still there, the "challenge" is in
building the aggregation points, which have to handle the input from less
trusted nodes, including routing information, unless you're using some
sort of source routing- if you're using DNS, then you have to be able to
trust the aggregation point's implementation not to be compromised from a
less-trusted node's answers, or have every nameserver be in the highest
trust grouping, then have them all secure from queries from untrusted
nodes.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards