nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: bloomberg on supermicro: sky is falling

From: "Naslund, Steve" <SNaslund () medline com>
Date: Thu, 4 Oct 2018 21:36:07 +0000
Classified networks do not connect to other networks unless they are 
equally or higher classified.  No internet connection.
Period.


Not quite but there are at least application level gateways.  For example, there are usually gateway that can let 
unclassified email flow into classified systems.  However there is an application gateway to allow ONLY email protocols 
and only in the desired direction.


Well, if your classified network is connecting to a higher classified net, then
*that* network is connecting to a lower classified net, right?


In a very highly controlled manner.  The lower classified network may only be allowed to send data to the higher 
classified network.  If the higher level network is multilevel capable it will be allowed to move documents to the 
lower level network if they are at the right level of classification.  Again this is application layer security and all 
levels below that would not be trusted between the two networks.  A gateway with a specialized application would have 
vetted connectivity to both networks.


That, plus I think the Snowden escapade was ample proof that security rules will get bent when needed to get work done 
- it turned out that Snowden was able to walk off with terabytes of data because >security restrictions had been 
disabled because they were putting a crimp in the analysts' style...


That is completely different.  We are talking HUMINT instead of ELINT or SIGINT.  Snowden flat out stole the data as an 
insider.

Steven Naslund 
Chicago IL
Previous By Date Next
Previous By Thread Next

Current thread: