funsec mailing list archives

Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack]

From: Valdis.Kletnieks () vt edu
Date: Thu, 20 Nov 2008 23:15:45 -0500

On Thu, 20 Nov 2008 21:19:52 EST, Jon Kibler said:

2) About the article: No organization that has ANY interest in security
should allow ANY type of removable media on ANY system. No hard drives,
no CD/DVD players or burners, no thumb drives, no MP3 players, etc. To
allow removable media and/or devices introduces two serious risks: a)
data exfiltration, and b) malware infections. The DoD has never allowed
removable media on any classified network, and I was under the
impression that the same policy applied to unclassified networks as
well.


I was under the impression that at some of the nuclear weapons research sites,
*all* media was removable, so that when you were done working with it, it
was possible to unplug/remove the drive and put it back in the safe.
And in fact, Los Alamos got raked over the coals recently when they had to
admit that some of the drives didn't make it back into the safe.

I'm looking at DoD 5220.22-M (Feb 2006 version), and I see on page 8-3-1:

"C. Applicability of Logon Authentication. In some cases, it may not be
necessary to use IS security controls as logon authenticators. In the case of
stand alone workstations, or small local area networks, physical security
controls and personnel security controls may suffice. For example, if the
following conditions are met, it may not be necessary for the IS to have a
logon and password:

              (1) The workstation does not have a
     permanent (internal) hard drive, and the
     removable hard drive and other associated
     storage media are stored in an approved security
     container when not in use."

Hmm... so that's saying that a workstation can be on a (presumably) classified
network, and *NOT EVEN NEED A FRIKKING PASSWORD*, if it has *ONLY* removable
media (and a few other requirements I didn't quote).  Of course, 5220.22-M
is the set of rules that applies to DoD *contractors* - if you have a pointer
to a *different* rule that applies directly to DoD networks, feel free to share.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

[Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Jon Kibler (Nov 20)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Rich Kulawiec (Nov 20)
  - Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] John Bambenek (Nov 20)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] freed0 (Nov 20)
- Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Valdis . Kletnieks (Nov 20)
  - Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Jon Kibler (Nov 21)
    - Re: [Fwd: RE: Pentagon Hit by Unprecedented Cyber Attack] Valdis . Kletnieks (Nov 21)