Re: [ISN] The War in All its Online Glory

From: InfoSec News (isnat_private)
Date: Mon Jun 03 2002 - 03:15:10 PDT

  • Next message: InfoSec News: "[ISN] Technology Empowers Information Operations in Afghanistan"

    Forwarded from: security curmudgeon <jerichoat_private>
    
    > Forwarded from: Bob <bobat_private>
    > 
    > [Talk about a challenge for hackers, this is it.
    > Bob Adams - http://www.globaldisaster.org ]
    > 
    > Associated Press
    > May 30, 2002 PDT
    > http://www.wired.com/news/print/0,1294,52861,00.html
    > 
    > BAGRAM, Afghanistan -- The war in Afghanistan is going online. 
    > 
    > A drab tent under the Afghan sun hides a high-tech war room that
    > soon will become the nerve center of the campaign: Inside, tables
    > are lined with soldiers bent over laptops. They look up at computer
    > maps of Afghanistan projected on large screens illuminating the dim
    > interior.
    > 
    > All are logged onto the Tactical Web Page, a secret, secure website
    > being used in combat for the first time, through which American
    > commanders at Bagram air base and in the United States can direct
    > the fight in Afghanistan.
    
    > "The rule here is that you can reach any critical information within
    > two clicks of the mouse," said Maj. Keith Hauk, the knowledge
    > management officer.
    
    > "There have been a few instances when unidentified computers have
    > tried to get in, in which case we throw up additional firewalls,"
    > Lt.  Col. Bryan Dyer said.
    
    This doesn't give me any sort of confidence. The fact that these
    machines are connected to any public network is disturbing. I
    understand the desire for access to information, but given how
    critical and sensitive these systems are, it seems that there would be
    some real need for a physical gap in the network. Some point at which
    information goes via floppy or zipdisk.
    
    Throwing up additional firewalls seems like a joke of a response. I
    think we all realize that a dozen misconfigured firewalls won't do
    much. It isn't about how many devices you have protecting your
    resources, it's about how they are configured and monitored.
    
    Even if someone isn't intent on a classic breakin, how would a DoS
    attack affect their capability to reach the information they need? How
    about a few hundred script kiddy style attacks and the diversion of
    resources that could cause?
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jun 03 2002 - 06:26:21 PDT