Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

DOD Overhauls Network to Thwart Crackers 28

Toddius Maximus wrote in to send us a CNN story about the Departent of Defense Overhauling their network to prevent cracker attacks. How's that for a feeling of warm fuzzies?
This discussion has been archived. No new comments can be posted.

DOD Overhauls Network to Thwart Crackers

Comments Filter:
  • by Anonymous Coward
    If the technical people and the professional soldiers made the decisions in life we would be a LOT safer and be involved in a lot fewer military conflicts. Technical people of course will say "Put in a firewall, close access to this, secure that.. we need to get this this and that and we can be 99% secure." The politicians on the other hand will say "How does this effect our ISO9000 policy? We'll need to form a commission and evaluate the differing products before we can choose one based on cost, efficiency, robustness, etc." Then 2 years later they finally implement it only to find it's such outdated technology they need to start all over again. Doing anything in the government is like trying to turn an oceanliner with a rowboat.
  • these changes.

    "DISA's plans include the filtering of what DISA called "notorious" protocols routinely exploited by hackers... The protocols include the PostOffice Protocol (POP), which allows remote users to read e-mail stored on a central server; remote-access protocols, which allow users to read their e-mail from another system; and Packet Internet Groper (Ping).... The inability of NIPRNET to handle the loads imposed by Web traffic without lags or delays had resulted in numerous military commands installing Internet "backdoors" on their systems."

    Unless they're not telling us the important stuff, what they're doing is pretty darn basic -- I'd do this kind of thing for a small business. It doesn't really surprise me that their security was so bad, but they ARE the DOD.
  • Posted by RolandL:

    Would someone PLEASE send them a firewall? Or just configure their router? Maybe they haven't heard about the "established connection" feature.

    Christ, these guys are responsible for our defense?
  • The military uses red and black, not red and green. Same principal. (I had help designing a firewall for them once, and have a interface labled red, and the other black was in the requirements. I don't remember which is which off hand.

    BTW, this isn't ment to imply that all networks are connected, there are networks that are unconnected. The semi-secure but internet connected network is firewalled by this box, not the most highest security level networks, which not physical connection is allowed.

  • by Kurt Gray ( 935 ) on Wednesday May 05, 1999 @11:37AM (#1903425) Homepage Journal
    Translation:

    A DOD spokesman has publicly stated that as soon as
    their sys admins are tired of playing Quake, they
    fully intend to install tcp_wrapper on most of
    their systems, just as soon as they're done
    sorting their bookmarks and reading Slashdot
    they promised they would get right on it and
    install that wrapper any day now, and if they
    can have Friday off, they may even upgrade and patch
    the old buggy daemons they left running, but
    as one DOD sys admin stated "Phf! That's not my job!"
    then he quickly returned his attentions to a
    heated Phantom Menace debate on "Ain't It Coll News."
  • Read this [hackernews.com].

    It's basically the conscensus in the community that they're just adding a few firewalls. I think the DOD has more to worry about from internal threats than anything a bunch of adolescent l335 script kiddies could do.



    --
  • .. And run your red wires through conduit presurized with gass to protect against any tampering. (Drop in pressure = Breach of Containment.)

    Doesn't work. There have been demonstrations of how quickly one can crack that system. It's really simple - put a rubber sleeve (tightly) around the tubing, puncture the tube, and take a pressure reading. Equalize the pressure, hack hack hack.

    --
  • I'd like to be able to grope via packets over the internet. Alas.

    And Ping doesn't stand for anything. It's just Ping. Like the submarines do.
  • Thanks for the summary. Don't you wish CNN writer's had the same kind of BS filters in their head? No offense to CmdrTaco, but anything with "hacker" in the article gets treated like gospel in the media. /. links it, everyone reads it.

    The words "hacker" and "Y2K" on the internet are the equivalent of "fire" in a crowded theater.

    Who cares if the DOD website is brought down 4 times a day or cracked 250,000 times a year? (Where does that number come from? Is a port scan a crack?) It's non-classified, the admins are upgrading the routers and applying patches.

    CNN filler. They ran out of Microsoft pr announcements to post as news.
  • again the terms are confused...

    a hacker is someone who hacks hardware and OSes
    whereas a cracker is traditionally one who cracks
    software copyright and helps in the distribution
    of such warez.

    see Hacker V Cracker [manos.com] on manos.com,

    Cracker
    The definition of a cracker is one who attempts to break into a system using techniques that he does not fully understand. Most of the crackers are young teenage punks who are very malicious and seek to get their kicks from destroying or alternating data on a system.

    Hacker

    The hacker on the other hand is an individual who yearns for knowledge. The hackers are very knowledgeable individuals. They often times know several programming languages, work extensively with the inwards and outwards of UNIX, have a firm understanding of all the TCP/IP implementations and protocols. They keep abreast on all the security related issues involving computers. Breaking into a system for a hacker is a thrill, it is a challenge that they take on. The hacker takes much delight in exploring the system from the outside/inside searching vigorously for misconfigurations, bugs, and holes in the operating system that would allow them to break into a machine. Once in the system the challenge has been completed and they have succeeded in breaking in. It is against hacker ethics to alter any data aside from the logs that are needed to clean their tracks. They have no need or desire to destroy data as the malicious crackers. They are there to explore the system and learn more. The hacker has a constant yearning and thirst for knowledge that increases in intensity as their journey progresses.
  • Oh, I forgot the URL

    http://www.netmeg.net/jargon/terms/c.html#cracke r

  • Yes, you are a bit confused. ;)

    From the jargon dictionary:
    --
    cracker /n./ One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker (q.v., sense 8). An earlier attempt to establish `worm' in this sense around
    1981--82 on Usenet was largely a failure.

    Use of both these neologisms reflects a strong revulsion against the theft and vandalism perpetrated by cracking rings. While it is expected that any real hacker will have done some playful cracking and
    knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate, benign, practical reasons (for example, if it's necessary to get around
    some security in order to get some work done).

    Thus, there is far less overlap between hackerdom and crackerdom than the mundane reader misled by sensationalistic journalism might expect. Crackers tend to gather in small, tight-knit, very secretive
    groups that have little overlap with the huge, open poly-culture this lexicon describes; though crackers often like to describe *themselves* as hackers, most true hackers consider them a separate and
    lower form of life.

    Ethical considerations aside, hackers figure that anyone who can't imagine a more interesting way to play with their computers than breaking into someone else's has to be pretty losing. Some other
    reasons crackers are looked down on are discussed in the entries on cracking and phreaking. See also samurai, dark-side hacker, and hacker ethic. For a portrait of the typical teenage cracker, see warez
    d00dz.

  • by MikeTurk ( 18201 ) on Wednesday May 05, 1999 @11:40AM (#1903433)

    So, starting sometime in July, they're going to filter some protocols, maybe POP, maybe telnet, but they haven't decided what to filter yet. Hmm...the first thing I did on my Linux boxen was to turn off any protocols that I didn't use and to set up ipchains to filter the rest. I also set Samba not to listen to the outside world, but only to my 192.168.0.* C network. And I'm new at this.

    Typical government: A network that is several years old finally gets the consultant once-over and the committee decides to form a committee to look into what to do.


    Mike
    --

  • Oh yes. Stealing software on your behalf. Or rather, facilitating it for you.

    A 'good thing' if ever I saw it.

    *COUGH*

  • I took notice of the part that says they are eliminating the back door connections - that may be where the improovement is seen. From what I have read now there are some sites that have independent connections and varring levels of security on the connections. This seems to me like DISA is telling everyone to "close the back doors we'll make the front door bigger and add an extra rent-a-cop" I would also assume that the truly sensitive data would be on a stand alone network anyway. Use red wires for one network and green for the other and never connect anything red to anything green.
  • ...stands for Fondle INternet Group Expecting Response.

    /* We could keep this thread going all day with these :) */
  • Red is the "secure" network, and black is the "unsecure" network. This is pretty standard jargon in the crypto field.
  • Groping going on in the US government? Naaaah. Can't be. -NG


    +--
    Given infinite time, 100 monkeys could type out the complete works of Shakespeare.
  • Or even better, somebody working from home can dial in on a idsn and have their Linux box just part on the LAN over there. Then maybe they make their root passwd something like: root, blank, their name, etc. and then the 3LiTe Haqrz!! can come in through the hole.

Enzymes are things invented by biologists that explain things which otherwise require harder thinking. -- Jerome Lettvin

Working...