The other thing I am highly skeptical of is the suggestion
of attempting to tap sensitive intel agency systems this way.
Talking to a C&C server is suicide from within their network.
Well, if your classified network is connecting to a higher classified net, then
*that* network is connecting to a lower classified net, right?
That, plus I think the Snowden escapade was ample proof that security rules
will get bent when needed to get work done - it turned out that Snowden was
able to walk off with terabytes of data because security restrictions had been
disabled because they were putting a crimp in the analysts' style...
Classified networks do not connect to other networks unless
they are equally or higher classified.
that sentence makes no sense. if A can connect to B because B is more
highly classified than A, then B is connecting to a less classified
network A.
randy
Classified networks do not connect to other networks unless they are
equally or higher classified. No internet connection.
Period.
Not quite but there are at least application level gateways. For example, there are usually gateway that can let unclassified email flow into classified systems. However there is an application gateway to allow ONLY email protocols and only in the desired direction.
Well, if your classified network is connecting to a higher classified net, then
*that* network is connecting to a lower classified net, right?
In a very highly controlled manner. The lower classified network may only be allowed to send data to the higher classified network. If the higher level network is multilevel capable it will be allowed to move documents to the lower level network if they are at the right level of classification. Again this is application layer security and all levels below that would not be trusted between the two networks. A gateway with a specialized application would have vetted connectivity to both networks.
That, plus I think the Snowden escapade was ample proof that security rules will get bent when needed to get work done - it turned out that Snowden was able to walk off with terabytes of data because >security restrictions had been disabled because they were putting a crimp in the analysts' style...
That is completely different. We are talking HUMINT instead of ELINT or SIGINT. Snowden flat out stole the data as an insider.
Steven Naslund
Chicago IL
Remember it's the data that is classified, not the network. It does not matter if you have IP connectivity, it matters if the classified data is allowed to move over the connection. When a government agency talks about a "classified network" they are talking about a network that has been approved to transport the data and has appropriate access controls. Just because your email server is attached to the Internet does not mean I have access to its data. Same in the classified world, just because you can send an email from the Internet to SIPRNET does not mean you have SIPRNET access.
Steven Naslund
Chicago IL
Which makes the traffic that wanders towards the default route where
nothing should go *very* noticeable.
Regards,
Bill Herrin
It would be really noticeable. In the secure networks I have worked with "default routes" were actually strictly forbidden. Also, ACLs and firewall policy is all written with Deny All policy first. Everything talking through them is explicitly allowed.
The government especially in the three letter intel agencies is not a clownish as they are depicted.
Steven Naslund
Chicago IL
You are what you allow