At 11:54 PM 3/2/98 -0500, Gene Spafford wrote:
>> The net is that requiring strong authentication, hiding the operating
>> systems from the network, and removing gratuitous functionality are more
>> important and more effective than trying to replace or patch operating
>We agree, but it was not clear. I believe that vendors should be held
>accountable not only for releasing buggy code, but for not building in
>the simple solutions we know make a difference. This includes better
>authentication, selective functionality, and better network
>interaction (to name a few).
Back when I was a tool of the military-industrial complex,
helping design computer networks for various customers,
the problem was taken care of in the specification process.
Systems had to be C2 or B1 or B2 compliant, support GOSIP networking,
compliant not only to current POSIX specs but all future POSIX specs,
and support real-time if it was NASA or Ada if it was military,
plus support any other requirements left over from previous RFPs,
such as ECC memory, X.25, and Burroughs Poll-Select, in addition to
compliant with this year's crop of buzz-words and firm fixed price.
The mere fact that Red Book networking was still open research at best,
and that only one machine (ours) was B1-certified (Orange Book only),
and it was pre-POSIX, non-real-time, didn't do GOSIP, and pretty slow
meant that compliance was impossible, but occasionally you could get
the things sold anyway.
The other half of the RFPs had waivers from many of these requirements
so people could buy Z248 MS-DOS PCs off the GSA schedule and get some
work done, in spite of the really low quality of word processors back
in the 80286 and early 80386 days. (Of course this also meant that
the minicomputer procurements had to be compatible with the PC
wordprocessors :-) And occasional people got lucky and bought Suns,
either with standard SunOS or the Compartmented Mode Workstation stuff.
The PC actually made a substantial improvement in the security of
classified computing, because it was small enough and cheap enough
that an organization could buy one and lock it in the safe overnight,
and give each user their own floppy disks or shoebox drive,
rather than sharing a VAX or mainframe that was too big to lock up and
too expensive to dedicate to a project rather than sharing.
Meanwhile, one of our sales offices had an entry-level clerk who was
responsible for computer administration and security. She wasn't
trained by anyone, since the education bureaucracy offered clerks of
her pay grade courses on things like timecard accuracy and photocopying,
but since she was responsible for this $20,000 computer she made
absolutely sure that nobody stole it or broke it or lost any of the
mysterious packages of books and floppies that people kept shipping her.
However, the person who had installed the computer _had_ installed a modem,
and she did make sure it was also nice and secure - nobody ever unplugged
it and made phone calls to Bolivia or anything like that around her.
Probably the average staff sergeant in the military has had slightly
more computer training today than she had 10 years ago .....
Bill Stewart, bill .
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639