|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: "top secret" security does require blocking SSH
Actually, it isn't so hard. Northgrum.com has firewall, moat, alligators, and free-fire kill-zone <g>. I will also never take them on as a client again because of it. I just can't be disconnected from my business in chunks of time that large. Oh yeah, they also don't allow off-site work. Aerospace/DOD is feeling the pinch though. But, this latest LLNL thing has really caused them to think long and hard about some serious issues. Yes, if there is any way to bypass the wall, including Xircom CardBus (LAN port plugged into the LAN and modem port connected to a Nokia 6185, via DLR3 datacable, dialed into an external Internet server.) then covert ops are assured, as well as almost undetectible. The only way to stop that is a mil-grade PCS jammer. The Nokia uses spread-spectrum so intercepts are very difficult. I wonder if anyone has suggested this to the investigators of the Nat labs? > -----Original Message----- > From: [email protected] [mailto:[email protected]]On Behalf Of > Alex Bligh > Sent: Sunday, July 09, 2000 1:12 PM > To: Derrick > Cc: [email protected] > Subject: Re: "top secret" security does require blocking SSH > > > > "Derrick" <[email protected]> > > Blocking SSH is a weak solution. > > I wrote: > > > No. We are just rapidly approaching the point where people realize > > > it has always been the case that this is impossible. > > I meant it has always been the case that blocking covert channels > of communication was technically impossible. You can tunnel ssh > or equivalent through email wordcounts if you really feel the > need. I'm not an expert, but there is good information theory > that says once you allow more than trivial bit rates in/out > of an organization, blocking covert communication encapsulated > one way or another becomes extremely hard. > > -- > Alex Bligh > VP Core Network, Concentric Network Corporation > (formerly GX Networks, Xara Networks) > >
|