Forwarded from: William Knowles <wk@private> http://www.fcw.com/fcw/articles/2005/0117/web-wolf-01-21-05.asp By Frank Tiboni Jan. 21, 2005 The second-highest public official at the Pentagon considers computer security so important to military operations that he sent a memo last year to department leaders telling them they must "Fight the Net." "Protection of DOD computer network systems is a key priority. Leaders at every echelon must be personally involved in the defense and protection of our computer networks," said Deputy Defense Department Secretary Paul Wolfowitz in the memo, "DOD Network Defense." The Pentagon's top information assurance official said Wolfowitz issued the memorandum because he wants all department personnel who use a computer to take a personal responsibility in protecting the Global Information Grid, the network of DOD business and war-fighting systems. "Everybody must understand the importance of practicing good computer security," said Robert Lentz, director of information assurance in the Office of the Assistant Secretary of Defense for Networks and Information Integration and Chief Information Officer. Wolfowitz offered five tips to improve computer security department-wide: * Employ information assurance best practices for proper network configurations. * Use accepted password management practices. * Minimize access privileges through need-to-know criteria. * Increase awareness of cross-domain file transfer security procedures. * Eliminate unauthorized use of readily exploitable software such as peer-to-peer file sharing and remote access applications. In the two-page memo dated Aug. 15, he acknowledged the hacking of military systems. "Recent exploits have reduced operational capabilities on our networks," Wolfowitz said. "Failure to secure our networks will weaken our war-fighting ability and potentially put lives at risk." He cited poor network management and vigilance as the culprit. "While great strides have been made in a number of areas, we continue to be negatively impacted when deficiencies in our information systems are successfully exploited," Wolfowitz said. "In most cases, proper vulnerability management would have prevented this." Lentz declined comment on the hackings mentioned in the memo citing operational concerns. "Take it [the memo] at face value," he said. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Mon Jan 24 2005 - 07:52:59 PST