Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Securing Win2K, NSA-style 186

bpitzer writes: "The NSA has released their guides for securing Windows 2000 that they have issued for various DoD organizations."
This discussion has been archived. No new comments can be posted.

Securing Win2K, NSA-style

Comments Filter:
  • by Anonymous Coward
    Anyone happen to know if the NSA (or a similarly respected group) has information on locking down, say, Red Hat 7.1? Can't seem to find it on their website... I'm sure they're running something other than just Win32.
  • by Anonymous Coward
    Oh no! You gave our secret password away! And it will be so hard to change!?!!!? (We hardcoded it in with a 'if (password eq "nsaspooks") {logged_in=1;} else {logged_in=0;}'
  • by Anonymous Coward
    RMS says: All your base are belong to GCC! ^_^
  • by Anonymous Coward
    "You mean, like NTFS' ACL? Which NT had since forever? "

    No - because it applies to processes too. For example you can't cut and paste (or pipe, I don't think SE Linux has an X server yet) classified information into an unclassified document. Much more sophisticated than any form of file permissions.
  • by Anonymous Coward
    I have been thinking of that myself and i got to the following conclusion: If you compiled a hello world program or something similar you could easily debug, view using a hex editor or disassemble the code using any third party tools. That would mean that the "attacker" would have to own the compiler, debugger, and any other tool on the system that could be used to verify the integrity of the compiled code. If i were the "attacker" i'd put the backdoors on the linked libraries (libc perhaps?) so any program running would be "infected" and they could not be debugged as easily as a simple program.
  • by Anonymous Coward on Thursday June 14, 2001 @12:20AM (#152374)
    In a gigantic police operation many thousands hackers from a gang calling themselves "Slashdotters" were lifted from their beds and arrested this night for organising a massive DDOS (Distributed Denial Of Service) attack to the main NSA network. It is not yet clear which foreign country payed the leader of this gang known under the name Commander Taco to destabilize the national security of the U.S.
  • The NSA site has been slashdotted! How hilarious!!!!!!
  • That might be a little hard to do after Step 8, you might simply want to put it in your will to be done by your next of kin instead.
  • The NSA has the Win2k source code. It's very easy for universities and other establishments to get the source, slightly less easy for large companies, and slightly less easy still for small companies and individuals (although they're changing this as we speak...)

    True, but just because they have the source doesn't mean they can hack on it or fork it like they can with Linux.


  • It's not just apps. The permissions granularity on the filesystem are often misunderstood and misused by sysadmins, who leave their machines open to attack. The issue here is that while Windows is all GUI and easy enough for a monkey to configure (if you're to believe Microsoft advertising), finer points like correctly using the granularity provided are often overlooked because no one knows how to use them. And of course Microsoft is never part of the solution here, they stomp all over their own guidelines (design, installation, security, etc) with their software, so it's a big case of do as I say not as I do.


  • by X ( 1235 )
    Format the hard disk.....
  • Charge you? Beta testers get free copies of the product they are testing.
  • There's an interesting post [securityfocus.com] on BugTraq that can be boiled down to "Win2k has some great granularity features... unfortunately the apps you are pretty much forced to use with it (Office2k, etc.) stink up that granularity."


  • Oh you're right about that. Sorry... I just skimmed it since I saw it on the ml and didn't reread it properly. I am curious if Office2k is affected now!

  • Indeed, I wonder if GNU/Linux distributions were to adopt MAC and CAPS more fully whether or not sysadmins would be up to the task... especially at smaller companies (like mine) where they can't afford the higher end guys to do simple internal MIS stuff. I've actually been kind of glad that Linux has not gone all ACLs yet due to the sheer complexity that that involves. But, when Linus does finally accept a patch for it, I'll thank my stars again that I transferred to the programming department!

  • ... one would think they'd have more than a dinky uplink to the 'net.. They're slashdotted :p

    Still, I suppose you get SOME security by using extremely slow connections..

    Your Working Boy,
    - Otis (GAIM: OtisWild)
  • They say [nsa.gov]: "Because of the amount of interest in the Windows 2000 Security Recommendation Guides, we are updating our Web site to better handle the demands placed on downloading the files. We expect to make the guides available once again during the week of June 18, 2001."
  • NSA machines are taken down and scanned regularly for trojans and other guests. A good friend of mine is a physicist for several govt. projects of which he wont talk, but his laptop is replaced every two weeks or so.
  • Instead, I have to ask, did they return that code to the community?

    Yes, they did - which is pretty remarkable for an incredibly secretive organisation like the NSA.

    Did they attempt to prevent forking the kernel by offering the improvement for inclusion in the "standard" kernel?

    By putting it out there under the GPL, they have. I don't know whether it's planned to integrate with the main tree or not - it may be that the features the NSA require interfere with other things more important for maintream use.

    Go you big red fire engine!

  • One computer per department that does not have knowledge on it is connected to the net, but is also networked to other boxes in the department that may or may not have knowledge on them. Those boxes, in turn are connected to other boxes in the building that may or may not have knowledge on them, etc....

    While what you say is theoretically true, as a practical matter any machine that has any really secret stuff on it is always going to be air-gapped. That is, the machines that really have to be secure are simply not physically connected to the outside world, either directly or indirectly. It's the only way to be sure there won't be a remote exploit...
  • by paleck ( 10298 ) on Thursday June 14, 2001 @12:11AM (#152389) Homepage
    For some reason you have to go to http://www.nsa.gov/winsecurity [nsa.gov] and then proceed from there.
  • SELinux also has support for various forms of mandatory access control, and the related (and necessary for the same) labelling of data with security-related information.

    Shoving all that under "capabilities" and then arguing that since win2k outshines linux in the granularity of it's permissions model borders on dishonest. Security-feature wise, SELinux is in a whole different ballpark (B1) from both win2k and Linux.

    Pretending that that patch was necessary to get Linux to be as secure as NT is dishonest (or ignorant).

  • I suppose technically you could still root it by using microwaves to power the circuits as well as read/write values (van Eck style) into the onboard cache of the processor. You've got a couple kilobytes in the BIOS memory you could use for runtime/firmware stuff. Granted you'd need to get some equipment really close to it but the water might provide a good way to cancel out noise. Hmmm.
  • I downloaded 'em all (except the three supporting docs that I wasn't interested in) before they turned off the pipe, so if they change something, I would notice. I don't expect them to, though.


  • The problem is not that they had to fork the linux kernel, but rather that they are forced to make do with whatever Microsoft allows them to do to make their servers secure.....

    Forking the kernel can be a good thing, and it shows how flexible linux can be...
  • Why is this moderated to +5 Interesting? If you read the docs and follow the mailing list you will see that what they are doing is experimenting with manditory access control and the only reason they picked linux was because the source is available and there are a lot of people using it. The project does not aim to create a secure distro - only experiment with a single feature that could lead to more secure distros in the future (and probably not just linux distros)

  • your post would have been funnier if you spelled caveat properly


  • by Ambassador Kosh ( 18352 ) on Thursday June 14, 2001 @12:03AM (#152396)
    Actually you are partly right and mostly wrong. They forked linux not to get it as secure as w2k but to make it a secure operating system. Since they had the source code to work with they have worked on adding features to linux to make it secure in a way that other operating systems can not be guaranteed to be.

    With their linux dist they get many eyes looking at it and they can do anything they want with the source code to make it as secure as possible.

    Given the choice of mostly secure which the nsa can get with w2k and redoing parts of linux to make it actually secure which would you choose? It seems obvious which one the nsa chose. Also they are more changes in their linux dist then just the kernel.
  • yeah right - "because our Win2k IIS server seemed to get DDos even after we posted our recommendations on securing Win2k against it we are migrating to Linux... we expect to have completed this the week after next"
  • Man, some of you guys are as automatic as a jack in the box. Give you the right stimulus, get the exact response.

    For those of you over 17,

    I'm going to tell you a story I heard in a movie. A little boy grows up hating his stern father because he punishes him, while he is very close to his mother because she protects him. He grows up and moves out. Later, when he's about 25, his mother dies unexpectedly at around 50. At her funeral, he's silent. His father continues to remain estranged to him but lives to an old age, and dies at 75 when the man is now 50. As he's standing at his father's graveside, he finds himself sobbing uncontrollably.

    The point is that when his mother died, it was unfortunate. But, when the father died, the man, who hated his father so much, now no longer had the hate to keep him going.

    The movie was a movie about how Nazis and Jews. It reminds me very much about how some of you act. Please be more interesting.
    [Saint Stephen]
  • You are so clueless.

    ACLs provide very little security in
    a practical sense because they are
    almost impossible to administer.

    Capabilities, (not the dumbass privileges of
    POSIX) are the only easily administered general
    security model. They are a lot less work for the kernel too.
  • It is simple for the child to have only the rights that the parent had at the time of the fork.
    The trick is to have the child lose the rights whenever the parent loses the rights.
  • Just like the government to put up a bait site like in the book "The Cuckoo's Egg"
  • by spectecjr ( 31235 ) on Thursday June 14, 2001 @01:36AM (#152402) Homepage
    And they forked linux because they could it being open source and all. They would undoubtedly have done the same with win2k, but they can not because it is closed source.

    The NSA has the Win2k source code. It's very easy for universities and other establishments to get the source, slightly less easy for large companies, and slightly less easy still for small companies and individuals (although they're changing this as we speak...)

  • So if a million of us chip in a dollar and pay for access to the W2K source all of us can see it? I don't think so.

    The W2K source is available for corporations with the funds. There will never come a day when CompSci students can learn OS design by looking over MS's source.

  • I just tried to go to the SE Linux page and it looks to be pretty well slashdotted. I wonder if we'll see any stories about DoS attacks on the NSA in the news because of this post...
  • Step 1: Disconnect the network cable.
    Step 2: Disconnect the keyboard
    Step 3: Disconnect the mouse
    Step 4: Disconnect the monitor
    Step 5: Turn the computer off
    Step 6: Unplug it
    Step 7: Remove the harddrive and lock it in a safe somewhere where nobody will ever think to look for it, then promptly forget where you left it.
    Step 8: Kill yourself just to be sure you don't accidently ever remember

    Ok. Its secure.

  • Notice about the availability of the Windows 2000 Security Recommendation Guides:

    Because of the amount of interest in the Windows 2000 Security Recommendation Guides, we are updating our Web site to better handle the demands placed on downloading the files. We expect to make the guides available once again during the week of June 18, 2001.

    Windows 2000 Security Recommendation Guides [nsa.gov]

    Maintain a questioning attitude

  • ignorant posts on zdnet, though... I love those!
    Just kidding. It's impossible to read those pathetic forums.
  • Well... it just became Error 403... Forbidden... I guess, that's how they handle that problem...:) At least, that's what it is now... hehe:)

    ------------------------------------------------ -
  • This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment.

    Really? Well, I guess I shouldn't kiss this rattle snake then. Lucky I read the legal notice.

  • Why should I freely work for them for a product that they will turn around and charge me for, you ask.

    If you're even a halfway productive beta tester, you don't have to pay for the OS. At least, i've never had to.

    Plus, its knowing you have access to a pre-release OS in its formative stages, watching it grow and having more input than the average joe into the development of a platform destined to go on thousands of PC's. It also has benefits when it comes to one's career - When one of my previous employers moved to 2000, I already had extensive experience in 2000 and knew it intimately - moreso than any of the other NT admins. This provided a distinct advantage for me within the company which is beyond the scope of this post.
  • This is the reason one of the best ways to get into the beta team is you have a security background and a positive attitude.
  • by AnalogBoy ( 51094 ) on Thursday June 14, 2001 @02:53AM (#152412) Journal
    They finally post a /. article that isnt directly attacking windows - and seemingly people crawl out of the woodwork to provide a kneejerk reaction to the words "Windows" and "Secure".

    Heres a small dose of insight, from someone who's beta tested MS operating systems for 5 years (or so.)

    Microsoft listens to users suggestions. They may not respond to you, they may not integrate them into the OS. But they do listen. MS does not make an insecure operating system on purpose - Beta testers have a whole newsgroup to focus on security and how to improve it before the final build is released. Its part of their role and responsability to test for exploitable security holes - if you don't think they're doing a good enough job, how about you send a request to betareq@microsoft.com and ask to be on the next beta team for windows. Keep in mind though, they usually only want experienced users and there are checks and balances to make sure you're a functional beta tester - not just someone who enjoys bragging about having teh leet XP build #x.

    The beta process is not perfect, IMHO - Bugs do get knocked down (i've thought for a long time they should let the beta testers moderate bugs) and i have an extreme distaste for setting a release date before the beta testers agree that testing is complete. XP is remarkable right now, but not perfect. This part is MS's fault.

    If you have an intelligent, well-thought-out, non-kneejerk "windows sucks *chortle*" suggestion/comment regarding windows - you may go to http://www.microsoft.com/mswish/

    (p.s. - When you list your beta testing experience, the following line is a bad, bad idea: "I tested (unofficially) Windows XP, 2000, ME, 98SE, 98.... you get the idea. har har har *snort*" :)
  • NSA has two halves. One half has the purpose of recommending security systems (e.g. DES many moons back).
    Ah yes - DES which was deliberately weakened from 128 bits (which was the original recommendation) to 40 (which the NSA could break but hoped nobody else could)
    and this supports your argument how?
  • by DaveHowe ( 51510 ) on Thursday June 14, 2001 @01:41AM (#152414)
    I think it would be more appropriate to say they took an OSS product, and modified it to suit what they wanted it to look like - as doing so is one of the strengths of Open Source. I doubt they actually WANT secure versions of windows out there - several governments seem to be viewing windows with mounting suspicion for official use....
  • That's not that hard, really. A program owned by some user will never have more permissions than that user, right? So just have a permissions mask for every program, as well as every user.
  • > The W2K source is [only] available for corporations with the funds. There will never come a day when CompSci students can learn OS design by looking over MS's source.

    Thank God for that.

  • This is also quite useful: http://arstechnica.com/tweak/win2k/security/begin- 1.html
  • Ummm... It *is* closed.

    Just because you can see source doesn't mean that it is open source. Microsoft won't let you change the source code or build your own version of w2k. They will (for a large fee) let you look at the source to make your code work better, but they have so many rules and restrictions on the code that it next to impossible to do anything useful after you've seen the code.
  • PS. Step 9. Remove Windows Key from your keyboard and give it to somebody with a mac.

    (well, i don't have a windows key, but some people might)
  • 1) never ever give out your password (except to us of course - you can trust us (really!)).
    2) use encryption, but only really stupid encryption so that we can read it.
    3) please please please use Windows - it is waay more secure than unix ok? (really!).
    4) all your base are belong to us
  • Stupid troll.
  • Great link, sorry I used up my mod points. One correction though, the posting doesn't mention Office2k, but "Word 97, Excel 97, Visio 5.0" (these are examples, not necessarily all the apps that have the fault mentioned). Pretty old programs to be using, especially if you're using Win2k for the OS.
  • Eh, doubtful. The method used to save a file that the article is talking about is rather Bass-Aackwards, of course, that makes it 100% suitable for an Micro~1 product. And the fact that it's present in Office 97 products removes the option to say "I can't see them doing file-saves like this".
  • In my experience, it's always the fault of stupid admins who don't properly setup and patch their OS (any). But, here it is in a simple nutshell, everything you need to run a secure W2K/IIS box.

    Install W2K Server.
    Install Service Pack 2
    Install this IIS patch: http://www.microsoft.com/windows2000/downloads/cri tical/q293826

    OK - lets see someone "root" that box. I can positively guarentee you won't find any box with these two simple patches applied being defaced!

    Is this really that hard people? W2K is secure. IIS is not nearly - but can be with a single patch (it's a rollup of all previous patches).

  • So you worked for Microsoft for 5 years. I hope you made a lot of money. You certainly made them a lot of money.

    Did you know that some beta testers even pay to test for Microsoft (as in: I bought winxx rc2 and sent in bugs)?

    Has anyone a decent explanation for this behaviour? And is there a way I can make a profit from letting other people do the same for me? Please let me know.

  • A couple of years ago a Dutch computing magazine organized a contest to find the most bugs in Microsoft winxx rcx. You had to pay to buy the beta software (which would work for a limited time). Prizes were minimal: something like being mentioned in the magazine and somewhere on a website and some cheap electronics (Possibly you could even win some licences for the real thing, I don't remember).

    Hundreds of people joined the contest. How is that for cheap labor ;)
  • I find the behaviour of some people interesting but completely unlogical (to me). So I've got two ways of proceeding:

    -assuming they are dumb and I am right
    -asking for help to understand why people behave unlogical (to me).

    The second option is much more fun and instructive. So the question I asked was not a rhetorical one, but a real one.

    As for the hostility: I assume the way of thinking of the others is dumb, but I am open to different opinions to enlighten me.

  • Yes, it's probably too elementary for your subtle and keenly-developed sense of computer security, but these guidelines might actually be useful to the great unwashed masses, many of whom die in droves while

    crossing the street, talking to strangers, clicking through default W2K security settings

    If 90% of the computer security fatalities are a result of supposedly trivial things to fix, that does not make it any less helpful and useful to suggest trivial fixes, given how much grief can be saved.

  • by cperciva ( 102828 ) on Thursday June 14, 2001 @12:18AM (#152435) Homepage
    Anyone care to speculate on what DoD's reaction to a full-scale slashdotting would be? Given that they report routine pings and port scans as "attacks" I imagine their reaction to this unsolicited SYN flood would be similarly excessive.
  • by neier ( 103246 ) on Thursday June 14, 2001 @12:10AM (#152436)
    The secret NSA password is "nsaspooksrule!!!"

    Funny, I thought it was "CIAagentsareweenies".

  • by Carnage4Life ( 106069 ) on Thursday June 14, 2001 @12:48AM (#152441) Homepage Journal
    Now, I've worked with security-clearance-required data before. I think it's absolutely fascinating to consider encoding the clearance level and need-to-know requirements into the filesystem. As others have noted, Linux is the only OS extant they could have done this kind of work with.

    This is probably the most false claim I've ever seen on Slashdot. SE Linux is based on research into
    1. Capabilities: A concept that is literally over a decade old in OS design as can be seen by the POSIX 1.E [xpilot.org] standard that never got drafted (although some people prefer to call what POSIX suggested "privileges" and the fact that many operating systems support "encoding clearance into the filesystem and OS" otherwise known as capailities including Spring [sunlabs.com], EROS [eros-os.org], KeyKOS [agorics.com], and Mungi [mungi.org].

    2. Access Control Lists: Again this is an ancient concept which has been implemented in quite a number of OSEs including some versions of Solaris, *BSD and Win2K.
    Both of these concepts are things that Linux either does not support or supports in a limited manner. Currently Win2K outshines Linux in the granularity of the permissions and security model and filesystem support for things like encryption. I'm not an OS bigot and run both OSes at home but seeing something so blatantly false and jingoistic just begs to be challenged.

  • by Carnage4Life ( 106069 ) on Thursday June 14, 2001 @01:34AM (#152442) Homepage Journal
    Color me confused. Wouldn't it be fairly simple to force any process or file to have only the permissions of its creator? I thought that in standard-flavor Linux it was impossible for any user to give a file or process permissions beyond the user's own?

    That's fairly easy and rather insecure. The hard part is limiting permissions in small chunks to different programs. Basically, the assumption is that any program is potentially hostile so you want them to run with the minimum amount of permissions necessary. For example, just because I can delete files, send emails and edit the registry in Windows doesn't mean that it is the wisest thing to have any script that runs from my email program have the same permissions that I do, the same thing goes for *nix and all those buffer overflow bugs that exploit setuid(). Ideally I should be able to say "start [web server of choice] but the only thing it can do is listen on port 80 and serve read files from directories A, B, and C and everything else is explicitly disallowed to the apache process"

  • by Carnage4Life ( 106069 ) on Wednesday June 13, 2001 @11:42PM (#152443) Homepage Journal
    Interesting, there are about 18 comments as I post this and over half are jokes about unplugging the computer to make it safe. The truth of the matter is that by NSA guidelines no popular operating system is secure enough out of the box and has to be extremely looked down.

    What is perhaps even more interesting is that at least Win2K can be secured to a level that is suitable for the NSA, they actually had to fork the Linux kernel [nsa.gov] to get the same functionality out of Linux.

  • by Carnage4Life ( 106069 ) on Thursday June 14, 2001 @01:20AM (#152444) Homepage Journal
    Okay, ignoring the ad-hominem "blatantly false and jingoistic" . . .

    Sorry about that, its just sometimes people seem to just be as guilty of spreading FUD as the so-called "evil" corporations that it gets exasperating.

    I apologise for those comments.

    Now . . . you're saying, if I understand, that the NSA's SE Linux is just hacking the Linux kernel to put in some stuff that's been talked about and even done in other OSes for years? And stuff that isn't even all that novel for Linux?

    Yes and Yes. Actually what regular Linux is implementing (which is different from what the NSA is doing with SE Linux) is POSIX 1.e capabilities or "priviledges" which involves splitting up the permissions typically given to the root user (e.g. can connect to ports under 1024, can mount kernel modules, can change ownership of files, etc) into discrete entities that can be apportioned to other users and processes. This was something that the POSIX folks tried to agree on in the eighties (or is it seventies) but never came to an agreement on how best to implement it. Check out the Linux Capabilities FAQ [kernel.org] for more information.

    The NSA is working on "true capabilities" which is being able to grant and revoke extremely granular permissions to all objects/entities in the system. This concept is similar to java.policy files [arm.gov] being maintained for every entity in the system. Making sure that policies can be tracked in such a manner that they are revokable is the most difficult part (e.g. if I lose permissions to connect on a certain port or write to a certain file, then every process or file that I've created should lose those permissions as well).

  • by Dr_Cheeks ( 110261 ) on Wednesday June 13, 2001 @11:23PM (#152446) Homepage Journal
    The secret NSA password is "nsaspooksrule!!!"

    This is only to be used for non-spying means. Really. There is no need for users to worry about invasion of privacy as we at the NSA are above that.

    Additionally, please ensure that you give your files clear names such as "Nuke blueprints" or "Kiddie Porn". We suggest this purely to help you organise your file system.

  • if you don't think they're doing a good enough job, how about you send a request to betareq@microsoft.com and ask to be on the next beta team for windows. Keep in mind though, they usually only want experienced users and there are checks and balances to make sure you're a functional beta tester - not just someone who enjoys bragging about having teh leet XP build #x.

    Or, here's a radical idea, how about I use an OS that doesn't make me go down on my knees for the priviledge of exposing my computer to the risks of a beta version? Who's doing who the favor here, buddy?

    The only "intuitive" interface is the nipple. After that, it's all learned.

  • You've slashdotted the NSA!

    You bastards!
    --------------------------------------- -----------
  • One computer per department that does not have knowledge on it is connected to the net, but is also networked to other boxes
    That's a rather stupid assumption to make.
  • by Aceticon ( 140883 ) on Thursday June 14, 2001 @12:14AM (#152465)
    If you forget the administrative password just phones us and we'll get it for you!
  • ACL's, meaning you can give separate read/write/execute permissions to individual users. They don't necessarily need to belong to a certain group to get additional rights.

    Additionally you can give users special rights on the OS that don't have anything to do with file permissions. For instance, you can set up accounts that act only to run server processes, and you might give that account permission to act as part of the OS.

    Basically, Win2K security is designed around the user, whereas in UNIX security is designed around the file.

  • Ummm... sorry but your are wrong. Nokia firewalls use a BSD derivative, that then runs Checkpoint firewall on top of it as a firewall appliance.
  • Step 1: Shut off computer. Step 2: Unplug from wall. Step 3: Lock in NSA basement. Congratulations, it is now secure.
  • by Jetifi ( 188285 ) on Thursday June 14, 2001 @03:11AM (#152478) Homepage

    Um. May I suggest you read this [nsa.gov] document which explains the philosophy behind the kernel modifications.

    Securing Windows 2000 and 'forking' (actually patching) the Kernel were both done with different goals.

    In a nutshell, the modifications done to the kernel were done to impliment the 'Flask' security architecture, which (mainly) is about separation between setting and enforcing security policies, and how this is applied to the various types of resources. In addition, SELinux was the by-product of a research project, and is not used operationally by the NSA.

    The suggested configurations for Windows 2000 have different goals, and is not a handbook for implimenting the Flask architecture on Windows 2000.

  • by RatFink100 ( 189508 ) on Thursday June 14, 2001 @05:14AM (#152481)
    Backdoors are possible in Open Source - if you put them in the compiler.

    Suppose I set up a website with my new compiler. I give a binary download and a source download. What I don't tell people is that the binary download contains extra code which adds a backdoor to the software it compiles. It also recognises when it is compiling itself and adds all this extra code.

    So now you've got a corrupt compiler which generates back doors.

    Of course you have to persuade someone to download the binary compiler first. But if they're working on a system without a compiler - that's exactly what they'll do. Or they installed the compiler direct from the CD.

    I'm afraid the only way to 100% sure that your compiler is not corrupt in this way is to write your own. At least one that's good enough to compile another one.

  • Listen the NSA does use Windows / Linux / Sun basically what ever the person prefers. But all the computers are on a closed network that has no access to the Internet at all. I have been in Fort Meade (NSA Headquarters) and every department has Internet access but it is usually limited to one computer per department that doesn't have any kind of knowledge on it.

    The whole point of the specifications that they realeased if any of you accually read the thing before you started bitching about it, was it was for government agencies that were looking to set up W2K systems. By government agencies they probably ment local and state goverment, because the federal government has a set standard for their servers, and it is not W2K. They were doing this as a service to all the stupid Admins out there that mess up their W2K system because they are to retarded to read the manual and set up a good security protocol, and then go on slashdot and complain that Microsoft sucks because the knowledge to set up the server wasn't so obvious a chimp could set it up.
  • by Quila ( 201335 ) on Thursday June 14, 2001 @12:36AM (#152489)

    We've been using these "Security Baselines" as we call them in our organization for a while.

    We have a *LOT* of Win2K boxes spread over a continent, and whenever one's compromised, we always find that the administrator or operator was not following the baseline. I don't know of any baselined machines being compromised.

    Use these; they're a Good Thing.

  • by BlueJay465 ( 216717 ) on Thursday June 14, 2001 @12:34AM (#152493)
    1:40am PDT, and you guys have slashdotted the NSA, I am so proud of you all :)
  • I work for an MS gold certified partner. As the network specialist, I implement MS, UNIX or Cisco based firewall/Proxy/whatever solutions, based on the customers needed. Because we're a MCGP, we have free reign over MS licenses, and can install basically all we need. This is great, because we have full access to any products we want to look at. HOWEVER, I can't imagine what it's like for businesses/persons who have to pay for BS from MS. The cost of these products is outrageous. Sure win2k is a nice stable platform (I've been running it for over 2 months on one system, very hard on it, and it seems good), but the price? OMG. Let me clarify this with one thing. I would gladly pay the price most companies ask for software because I know they have costs, and expect to make a reasonable return. However, knowing the sheer magnitude of the profits MS is making, surely their software doesn't need to be so expensive. They have billions and billions in the bank... Now I'm not saying they should stop turning a profit or give money back, but be reasonable about your greed! Ack. I also blame "boot camps" for the prevelance of MS products, but that's a whole other rant.... Max Inglis
  • ...if I were really paranoid, I'd assume that the NSA is willing to tell people how to secure their systems because they already have a back [slashdot.org] door [slashdot.org].


    - B

  • on the NSA homepage, just below the link to the article mentioned in this post is a link Security-enhanced Linux [nsa.gov].

    If you did'nt find that on their wabpage you surely did not look very herd.
  • I started reading the Guide to Securing Microsoft Windows 2000 File and Disk Resources [nsa.gov] and one of the first things they recommend is to "Apply the latest Windows 2000 service pack and security-related hotfixes." I'm not MS bashing here, but isn't that a (cough) BAD IDEA?? I don't care if it's W2K, Linux, Solaris, etc. -- that's just not the way you run a production server, let alone a workstation that you are trying to make as secure as possible for sensitive info. You should always test out any patches/fixes/service packs. I would think the wording would be, "Apply the latest **NSA APPROVED** Windows 2000 service pack and security-related hotfixes."
  • by waytoomuchcoffee ( 263275 ) on Thursday June 14, 2001 @07:20AM (#152508)
    Reams of NSA information on how to make your Win2k box "secure" just points out that Win2k was not meant for the large majorities of home users. Microsoft expects your Win2k system to be operated in a network. This includes allowing remote users to access your registry, view your clipbook, browse your directory, or connect to it via Telnet, right out of the box. It is not set up by default to be the gateway computer to the net. I came up with a step-by-step checklist a while back for all my friends that were running non-networked Win2k home systems directly connected to the net. I don't know how good an idea it was to give step-by-step directions on how to change registry settings, but hey, no one has locked themselves out of their computer yet (at least that I know of). You can see it here: http://www.gpick.net/sbr/security/w2ksecuritytips. htm
  • Typical beta testing will not uncover many of the really tricky security holes in a product. If you need proof of this, go look at the Critical Security Updates page for Windows NT 4.0. The full list of security patches since the original release reads like the first few chapters of the bible.

    Unless MS is specifically recruiting thousands of beta-testers just to hack the security, they're not going to fix the important holes. I'm sure they're doing a certain amount of this sort of testing, but it clearly wasn't enough for their previous OSes. In any case, the sort of beta testing you suggest is generally not where you would expect to discover most of your security flaws. I really hope MS knows this.

  • > encoding the clearance level and need-to-know requirements into the filesystem

    You mean, like NTFS' ACL? Which NT had since forever?
    Hell, NT can do it to any object whatsoever, not just files.

    > Linux is the only OS extant they could have done this kind of work with.

    No, they could've got any number of other OSes to do it for them.
    Most Unixes has some sort of ACL capabilities, and I think that VMS has it as well.


    Two witches watch two watches.
  • Even if you make it only 90% secure, then you are ensuring that a lot of people will not be able to hack you.

    Since the number of truely talented hackers is small, that in itself reduce the chances of a break in.


    Two witches watch two watches.
  • Give some examples of ACLs being impossible to manage.


    Two witches watch two watches.
  • Sorry, but you can apply ACL to proccess, threads, whatever you want to.


    Two witches watch two watches.
  • by CrackElf ( 318113 ) on Wednesday June 13, 2001 @11:55PM (#152522) Homepage
    Their web site is so secure that I can not even look at it.
  • Operating System and Web Server for www.nsa.gov The site www.nsa.gov is running Apache/1.3.11 (Unix) on Solaris.
  • The NSA has been Slashdotted.

    If you try to access their reccomendation guides you get redirected to http://www.nsa.gov/winsecnote.htm [nsa.gov] which says:

    Because of the amount of interest in the Windows 2000 Security Recommendation Guides, we are updating our Web site to better handle the demands placed on downloading the files. We expect to make the guides available once again during the week of June 18, 2001.
    Those poor bastards...
  • They've probably been working on the proper security settings since W2K hit the market, spending heaps of man-hours and tax dollars trying to find the right template that makes their data-protection job easier and web hosters happy. Then they make this template avaiable for public access and use (read "scrutiny"). Do you really think they'd foul the whole thing up by then inserting a back door that the whole internet-surfing world could see for themselves?

    Before trying to accuse the NSA of putting a private back door into your OS, be ready to explain how your conspiracy theory would keep it private. "Relying on the stupidity of several hundred million individuals" gets cut to shreds by Occam's Razor.

  • by adalger ( 458844 ) on Wednesday June 13, 2001 @11:52PM (#152549)
    Only open digitally signed Word documents received from trusted individuals via trusted paths. This is Microsoft's preferred security solution. While this can guarantee the source of the document, it does not guarantee that the trusted source was free of infection when the document was sent.

    Not to be a knee-jerk basher, but does it really surprise anyone that MS's preferred solution is inadequate?

    Macro viruses pose a serious threat to Microsoft Office users. The best defense is to be alert to the danger, and to trust no document that was externally created.

    Okay . . . and this the NSA spent years researching and deciding on? I mean . . . okay. I don't suppose they've got a bunch of chimps randomly banging on keyboards over there, but . . . well, it would seem that perhaps the Great and Powerful NSA could come up with something a little better than "Look both ways before crossing the street and don't talk to strangers."

  • by adalger ( 458844 ) on Thursday June 14, 2001 @12:27AM (#152550)

    Okay, posting before investigating the link is lame. So I know I'm lame.

    However, I went and checked the link. They didn't "fork the kernel to get it secure enough for them." They performed some research and experimentation in secure treatment of sensitive data being integrated into an operating system. This is vastly different from the kind of security being discussed in the referenced info on Win2k.

    Now, I've worked with security-clearance-required data before. I think it's absolutely fascinating to consider encoding the clearance level and need-to-know requirements into the filesystem. As others have noted, Linux is the only OS extant they could have done this kind of work with.

    I don't think anything they might have added would necessarily outright interfere with the main tree, but it would almost certainly create completely unnecessary overhead for most desktop users. OTOH, it might be a big bonus for corporations concerned about industrial espionage to have such features available.

  • by adalger ( 458844 ) on Thursday June 14, 2001 @01:06AM (#152551)

    Okay, ignoring the ad-hominem "blatantly false and jingoistic" . . .

    I am a rank newbie into the world of Linux/Unix/POSIX/etc. Please treat what you see as deceit and jingoism as pure, unabashed ignorance. It may not be an excuse for breaking the law, but from what I've seen it's a good enough excuse to post on /. ;)

    I'm posting from a Win98 machine at the moment because, quite frankly, I'm more comfortable with it. I'm not particularly an OS bigot either. I just plain didn't (and still don't) know anything about any of those other projects.

    On the one hand, thank you for pointing out to me the factual errors in my assumptions and suppositions, but on the other, I guess I'd appreciate if you'd not attribute to malice what can be adequately explained by stupidity. Perhaps it's a rarity to find someone who readily admits to it, but I'm much more interested in learning new things than mud-slinging and name-calling.

    Now . . . you're saying, if I understand, that the NSA's SE Linux is just hacking the Linux kernel to put in some stuff that's been talked about and even done in other OSes for years? And stuff that isn't even all that novel for Linux?

  • by species267 ( 459987 ) on Thursday June 14, 2001 @12:48AM (#152553)
    Agreed name calling is a little low, but Linux can be secured and is used in big old nokia firewalls used by the likes of BT, admittedly they stick on a number of 3rd party/proprietry software to sure things up, but most operationg systems need that.(do you run zone alarm or similar on win 2K?)

    I have run win 2000 pro as well, its nice enough, and stable(I didn't run it for too long), no real complaints except the cost.

    as for good software, it is out there, it just means you have to look thurther than PC world, and if you still can not find what you want, find a software company that can produce it for you - I can almost gaurentee that if you want it someone else will to.

    - note I use OpenBSD rather than Linux (but thats my current personal preference)

    - those who can spell care, those who can't don't -

The best book on programming for the layman is "Alice in Wonderland"; but that's because it's the best book on anything for the layman.