Air Force To Rewrite the Rules of the Internet 547
meridiangod writes "The Air Force is fed up with a seemingly endless barrage of attacks on its computer networks from stealthy adversaries whose motives and even locations are unclear. So now the service is looking to restore its advantage on the virtual battlefield by doing nothing less than the rewriting the 'laws of cyberspace.'" I'm sure that'll work out really well for them.
They've solved their own problem (Score:5, Informative)
Luckily for the Air Force, they don't actually have to do any work at all to make this happen, since it's been not only possible, but actually implemented since at least 1998, when RFC 2341 was written all about Virtual Private Networks.
Helpful Hint for the Air Force: Pay your private sector computer engineers more and you'll get the innovation you're looking for.
Internet + secure (Score:3, Informative)
The only useful and meaningful thing they could do, is implement a secure internet protocol (i.e. with the missing session and presentation layers) and provide a good interface to the internet. Then the inherited insecurity of network protocols could be avoided from the beginning.
If it is done right, has advantages and is promoted and laid open to others, it might catch on and replace parts of the internet step by step. ;-)
Will probably not be faster than the IPv6 transition, but hey, they made the internet, why not make another one
Laws can not reach internet phenomena, they are too slow, and when they do, it doesn't matter anymore.
Re:Disconnect (Score:5, Informative)
Re:Penny Arcade (Score:4, Informative)
Here's a hint for future postings.
Enclosing your URL in parentheses prevents Slashdot from creating an automatic hyperlink. This is annoying, as it means that I have to copy and paste rather than just clicking. It's the difference between:
http://www.penny-arcade.com/comic/2007/07/16/ [penny-arcade.com]
and
(http://www.penny-arcade.com/comic/2007/07/16/)
on the screen.
In general, it's a bad idea anyway because parentheses are valid in a URL. Parsers which try to automatically hyperlink URLs may get confused by the trailing ')'. For this same reason, despite the rules of English suggesting it, you should avoid punctuation immediately following a URL.
Re:Only traitors will vote for Oook-oook Banana (Score:0, Informative)
troll? sounds more like what may happen to me.
Re:Disconnect (Score:5, Informative)
"hey, this memo implies the F35 can climb at over 330 meters/second."
Actually, there's plenty of that stuff around, and it's actually not necessarily classified, even if it's true. In the bad old days of the cold war, I asked the security officer in my Army unit why all this crap we were working with was classified SECRET and TOP SECRET when the same exact information was available to anyone purchasing a Jane's book by mail order. It was explained to me that it was not the raw information that was secret, but rather the positive verification that it was true that was being controlled. Most classified information falls into that category, really. Very little of it is truly secret, in that nobody without clearance knows it. I've seen quite a few pictures of "people and stuff at locations in Certain Southwest Asian Countries" that I know from personal experience would be classified SECRET or higher if they were government photos rather than casual snapshots taken by a yokel or journalist with a pocket camera. What the classification of the subject matter does is bar me (under penalty of waterboarding or whatever) from pointing out which pictures those are.
Re:Disconnect (Score:1, Informative)
I'm all for rebellion and making fun of peoples' cliques, but, um, I can't tell what you're rebelling against.
http://en.wikipedia.org/wiki/Air_gap_(computing) [wikipedia.org]
It's a common term in network security.
To avoid these terms altogether, get your technical news here [barney.com].
Re:Disconnect (Score:3, Informative)
Nah...
They generally start with the standard 'Sir, please get out of the vehicle'. If your response to that is not favorable, then stuff starts escallating.
The more impolite reactions are for more sensitive areas than a parking lot.
Re:Disconnect (Score:1, Informative)
This isn't technically true. A lot (and increasingly more and more) classified (SIPRNET) traffic is carried over the non-classified network (NIPRNET) using bulk encryption devices such as TACLANEs.
http://en.wikipedia.org/wiki/TACLANE
Re:Disconnect (Score:1, Informative)
You are absolutely correct. The USAF uses a system called SIPRNET for secret information.
Regarding your second point, you might be surprised as to how stringently the USAF, and the military in general, controls secret data. Classified Message Incidents are exceedingly rare.
Re:prevent IP spoofing - save the world (Score:2, Informative)
Who in this godless world has modded this insightful? IP addresses, MAC addresses, host names, user agents - NEVER trust any information which comes from an untrustworthy source or has travelled along an untrustworthy path. Plain and simple. If you don't trust it, kick it out. If you trust it, check it out in detail and see whether your trust was warranted.
Your suggestion is akin to enforcing valid return addresses on letter bombs.
Besides, you did hear about bot nets, did you? You know, those pesky things that keep stuffing your e-mail box with all those nice ads for penis enlargement and cheap medication? If not: welcome to life!
Re:Disconnect (Score:3, Informative)
Whenever this topic comes up, someone always incorrectly says that an "air gap" separates SECRET networks from unclassified networks. "Cross Domain Solutions" connect SECRET networks to uclassified networks. And these include "low assurance" solutions like SELiux and Trusted Solaris.
And these CDS machines also connect TOP SECRET networks to SECRET networks. Thus, two copies of SELinux sit between TOP SECRET networks and the Internet.
Re:Disconnect (Score:4, Informative)
I love Google as much as the next nerd, but exactly what rules are you talking about?
FTP, SMTP, HTTP, UDP, and TCP/IP still work pretty much as their respective RFCs dictated prior to Google. So do ping, tracert, and a whole host of other things.
Re:Disconnect (Score:3, Informative)
Pretty much, yes. I had several friends from college who went to work for government contractors on projects that required security clearance. The way they explained it, if I figure out on my own what they're working on, that's legal even if it is classified. What would be illegal is if they told me or gave me direct access to classified information about what they were working on.
(Also, in a lot of cases, what they were building wasn't classified, but who they were building it for was.)
Re:Disconnect (Score:5, Informative)
Re:Penny Arcade (Score:4, Informative)
Or you could type them like <URL:http://example.com/>, which renders like http://example.com/ [example.com] and is a standard.
Re:Disconnect (Score:2, Informative)
I agree with your post with one exception. While Secret and up machines cannot be connected to the internet they are NOT air-gapped. They are on a glorified VPN (at least the secret machines I work with routinely both in the USA and Iraq are) with a hardware encryption solution that separates them from the rest of the internet.
We send large amounts of encrypted secret traffic over the internet everyday.
-AC for obvious reasons
Re:Disconnect (Score:2, Informative)
It's not just public interface. They conduct a lot of non-battle-related stuff over the internet, or on computer systems that are indirectly linked to the internet. Obviously you don't plug an F-22 into comcast (although supposedly its electronics system is versatile enough that you could reprogram it to use the radar as a really powerful 802.11 antenna). However, it's quite a bit easier to just connect workstations to a typical LAN that has some computers online for logistics type stuff, even if all the actual communication takes place on the local side, than it is to maintain multiple networks for computers that need internet access and those that don't.
But not sensitive, classified material. NO systems with classified information are connected to the Internet. Trust me on this one.
Yes, some day-to-day non-classified systems do happen on computers connected to the Internet.
So, yes, they do maintain different systems -- one for classified information and one for non-classified information. What's maintained on the non-classified systems just day-to-day stuff like non-battle duty rosters or things like that.
Re:Disconnect (Score:1, Informative)
People can't [crack] hardware they can't access.
Re:Disconnect (Score:3, Informative)
Actually.. most of the search engines (and especially Yahoo as originally envisioned) did this.
Google just happened to be "the one with the decent results right now" (i.e. the one the SEO jerks hadn't turned their attention to yet) when moderate-bandwidth "raw" connections became popular. Prior to that, you had Alta-Vista, Lycos, Web Crawler, Yahoo, etc.
All of which had their period of most-useful-results, but google was in vogue at just the time everyone got connected, so they got lots of mind-share.
I only wish they were as good now as they were then.
Re:They've solved their own problem (Score:3, Informative)
Re:Disconnect (Score:2, Informative)
Re:Disconnect (Score:3, Informative)
My apologies - the result of working in an insular fashion is to rudely expect others to recognize an industry-specific TLA (three letter acronym).
BDM is/was a defense contractor. Here's a quick reference: http://www.business.com/directory/computers_and_software/bdm_international,_inc/profile/ [business.com]
Re:Jurisdiction... (Score:3, Informative)
Sort of like the SIPRNet [wikipedia.org]?
Larry
Re:Jurisdiction... (Score:3, Informative)
Re:Disconnect (Score:5, Informative)
Negative on that full of shit, compadre. Happened in Albuquerque, NM. First responders came from Kirtland AFB - home to Sandia National Labs (where ALL of the country's nukes were managed), (at the time) the Air Force Weapons Lab and the Air Force Operational Test and Evaluation Center, as well (at the time) of the Air Force's contract management office.
Home to the cradle-to-grave, or inception to deployment to retirement, of our strategic nuke delivery systems. At the time, Albuquerque was a higher priority Soviet nuclear first strike target than Washington, D.C.
Sorry to burst your bubble, but there are scarier things in this world than the donut eaters you describe working for the purple-suiters. So, no apologies, not full of shit - not even a little.
And the guy in my story was a spy. And I'm not going to elaborate on what made the van different, as I said in my post.
Believe what you want. If you choose not to, it's just another horse-water-drink situation to me.
Comment removed (Score:4, Informative)
Re:Disconnect (Score:3, Informative)
Re:Only traitors will vote for Oook-oook Banana (Score:3, Informative)
Signed integer limit is +32767.
32768 is only possible in the - domain!