Re: The War in All its Online Glory

[InfoSec News <isn () c4i org>]

Forwarded from: security curmudgeon <jericho () attrition org>

> Forwarded from: Bob <bob () globaldevelopment org>
>
> [Talk about a challenge for hackers, this is it.
> Bob Adams - http://www.globaldisaster.org ]
>
> Associated Press
> May 30, 2002 PDT
> http://www.wired.com/news/print/0,1294,52861,00.html
>
> BAGRAM, Afghanistan -- The war in Afghanistan is going online. 
>
> A drab tent under the Afghan sun hides a high-tech war room that
> soon will become the nerve center of the campaign: Inside, tables
> are lined with soldiers bent over laptops. They look up at computer
> maps of Afghanistan projected on large screens illuminating the dim
> interior.
>
> All are logged onto the Tactical Web Page, a secret, secure website
> being used in combat for the first time, through which American
> commanders at Bagram air base and in the United States can direct
> the fight in Afghanistan.

> "The rule here is that you can reach any critical information within
> two clicks of the mouse," said Maj. Keith Hauk, the knowledge
> management officer.

> "There have been a few instances when unidentified computers have
> tried to get in, in which case we throw up additional firewalls,"
> Lt.  Col. Bryan Dyer said.

This doesn't give me any sort of confidence. The fact that these
machines are connected to any public network is disturbing. I
understand the desire for access to information, but given how
critical and sensitive these systems are, it seems that there would be
some real need for a physical gap in the network. Some point at which
information goes via floppy or zipdisk.

Throwing up additional firewalls seems like a joke of a response. I
think we all realize that a dozen misconfigured firewalls won't do
much. It isn't about how many devices you have protecting your
resources, it's about how they are configured and monitored.

Even if someone isn't intent on a classic breakin, how would a DoS
attack affect their capability to reach the information they need? How
about a few hundred script kiddy style attacks and the diversion of
resources that could cause?



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.