On Thursday 27 January 2005 11:18, Zan Lynx wrote: > On Thu, 2005-01-27 at 10:37 -0600, Jesse Pollard wrote: > > > > > > > Unfortunately, there will ALWAYS be a path, either direct, or > > > > indirect between the secure net and the internet. > > > > > > Other than letting people use secure computers after they have seen the > > > Internet, a good setup has no indirect paths. > > > > Ha. Hahaha... > > > > Reality bites. > > In the reality I'm familiar with, the defense contractor's secure > projects building had one entrance, guarded by security guards who were > not cheap $10/hr guys, with strict instructions. No computers or > computer media were allowed to leave the building except with written > authorization of a corporate officer. The building was shielded against > Tempest attacks and verified by the NSA. Any computer hardware or media > brought into the building for the project was physically destroyed at > the end. >
And you are assuming that everybody follows the rules. when a PHB, whether military or not (and not contractor) comes in and says "... I don't care what it takes... get that data over there NOW..." guess what - it gets done. Even if it is "less secure" in the process. Oh - and about that "physically destroyed" - that used to be true. Until it was pointed out to them that destruction of 300TB of data media would cost them about 2 Million. Suddenly, erasing became popular. And sufficient. Then it was reused in a non-secure facility, operated by the same CO. > Secure nets _are_ possible. Yes they are. But they are NOT reliable. Don't ever assume a "secure" network really is. All it means is: "as secure as we can manage" - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
