Forwarded from: H C <keydet89at_private> Cc: bobat_private, jerichoat_private > This doesn't give me any sort of confidence. The fact that these > machines are connected to any public network is disturbing. Who said the machines were connected to a public network? The quote says "unidentified" machines, which could mean anything from misconfigured systems on the private network, to other machines on the network that are outside the scope of the exercise. Of course, the quote *was* from a LtCol...it's probably very likely that he hasn't even memorized the right buzzwords yet, so we have no idea what the *real* issue is... Does anyone know if the military is still doing the field grade lobotomy the old way, or if they're going through the nose now (doesn't leave the telltale scar)?? I had heard rumors that they had a medication taken orally now... ;-) > I understand the desire for access to information, but given how > critical and sensitive these systems are, it seems that there would > be some real need for a physical gap in the network. I agree. However, I've worked with the US Army before (they were the customer) and their support infrastructure, and to be quite honest, no amount of security awareness training is going to work in that environment. I've seen senior-level execs get the briefing and sign the sheet saying that they understand that they're not to send or launch executables via email, blah, blah, blah...and then they do just that b/c they think it's funny. Of course, you've then got the whole issue of how the Army operates...those officers quoted in the article may not be in their positions in 6 months or a year. Rotations are critical for advancement and promotion...and regardless of what anyone wants to believe, very little institutional knowledge survives. > Throwing up additional firewalls seems like a joke of a response. Exactly. > It isn't about how many devices you have protecting your resources, > it's about how they are configured and monitored. We should get that on a t-shirt. > Even if someone isn't intent on a classic breakin, how would a DoS > attack affect their capability to reach the information they need? > How about a few hundred script kiddy style attacks and the diversion > of resources that could cause? We'd need to know more about the set up. Unfortunately, when officers leave such positions, or the enlisted guys don't re-enlist, they very often get jobs w/ the contractor for the project, and sign NDAs there.... - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 04:45:25 PDT