RE: [ISN] [TSCM-L] Security? Huh!

From: InfoSec News (isnat_private)
Date: Thu Mar 07 2002 - 00:20:23 PST

  • Next message: InfoSec News: "[ISN] Network Associates discontinues PGP encryption software"

    Forwarded from: "Huggins, Michael" <mhhugginsat_private>
    
    In regards to this item.  There is a security course of instruction
    the Chief identified taught there and I an a few others developed it.
    
    It is based on dare I say this "Government standards" when developed
    it met all NSTISSI requirements for security fundamentals.  If it has
    deteriorated since then it is due to the fact that the government is
    losing all of the truly dedicated to open market.
    
    In fact there are numerous government (US Navy) coi's for information
    security
    
    Advanced Network Administrator (heavy focus on security)
    Network security vulnerability Technician (NSVT)
    ISSM 
    
    And if the individual has a problem with security
    
    DON 5230 series document exist to cover every asset available.
    
    Maybe the tools this individual has access to aren't true hacker tools
    But, they have been validated to not have Trojans, Backdoors.
    
    SPAWAR to my experience has a lot of material available to them that
    if this individual reviewed would change their statement.
    
    If not spawars than perhaps IASE.DISA.Mil and it's free to all
    Americans (usa no insult to my can/mex friends)
    
    Review, educate, inform before opening mouth and inserting foot.
    
    Very Respectfully Michael H. Huggins Retired USN Chief, CISSP
    
    
    -----Original Message-----
    From: InfoSec News [mailto:isnat_private] 
    Sent: Wednesday, March 06, 2002 2:31 AM
    To: isnat_private
    Subject: RE: [ISN] [TSCM-L] Security? Huh! 
    
    From: "Anonymous" <popeyeat_private>
    
    [OK, yesterday I said that this thread is dead unless something
    interesting popped up, well this one is interesting.  This posting is
    anonymized since this comes from someone active-duty in the navy,
    reads from the web, and would probably get in a world of hurt posting
    under their real name(s).   - WK]
    
    I hate to contradict this opinion, however, I am an Operations
    Specialist active in the USN. ITC ( Information Technology Chief ) has
    obviously not been exposed to the security side of things very well.
    
    For one, without my inside knowledge of the USN's network, you can see
    the amount of defacements that are gov't based. The numbers speak for
    themselves. As for the Navy, they are sadly restricted in their
    ability to efficently secure their network due to being contracted out
    by SPAWAR. No unauthorized "third-party" software is allowed.
    
    The security applications that are made available via SPAWAR is
    pathetic. No IDS, no monitoring software, no nothing. They rely on the
    LAN Admin's event log alone. Now this may actually be worth something
    if the admin is actually worth a shit. Usually it's someone not even
    in the IT rating that has a fair knowledge of NT.
    
    There are many ways that I believe the USN and all military
    establishments could increase the security of their network. I cannot
    go into specifics on what I have seen myself, but I can say I have
    identified 3 major security holes on my ship alone.
    
    I can only assume the entire Navy is like this. Maybe they should make
    security school a requirement before they send these guys to run a
    network.
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 03:38:36 PST