Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262323AbVA0ACY (ORCPT ); Wed, 26 Jan 2005 19:02:24 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262523AbVAZX74 (ORCPT ); Wed, 26 Jan 2005 18:59:56 -0500 Received: from mail.tmr.com ([216.238.38.203]:11525 "EHLO gatekeeper.tmr.com") by vger.kernel.org with ESMTP id S262323AbVAZUIH (ORCPT ); Wed, 26 Jan 2005 15:08:07 -0500 Date: Wed, 26 Jan 2005 14:56:22 -0500 (EST) From: Bill Davidsen To: Jesse Pollard cc: linux-os , John Richard Moser , dtor_core@ameritech.net, Linus Torvalds , Valdis.Kletnieks@vt.edu, Arjan van de Ven , Ingo Molnar , Christoph Hellwig , Dave Jones , Andrew Morton , marcelo.tosatti@cyclades.com, Greg KH , chrisw@osdl.org, Alan Cox , Kernel Mailing List Subject: Re: thoughts on kernel security issues In-Reply-To: <05012609151500.16556@tabby> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1853 Lines: 45 On Wed, 26 Jan 2005, Jesse Pollard wrote: > On Tuesday 25 January 2005 15:05, linux-os wrote: > > This isn't relevant at all. The Navy doesn't have any secure > > systems connected to a network to which any hackers could connect. > > The TDRS communications satellites provide secure channels > > that are disassembled on-board. Some ATM-slot, after decryption > > is fed to a LAN so the sailors can have an Internet connection > > for their lap-tops. The data took the same paths, but it's > > completely independent and can't get mixed up no matter how > > hard a hacker tries. > > Obviously you didn't hear about the secure network being hit by the "I love > you" virus. > > The Navy doesn't INTEND to have any secure systems connected to a network to > which any hackers could connect. What's hard about that? Matter of physical network topology, absolutely no physical connection, no machines with a 2nd NIC, no access to/from I'net. Yes, it's a PITA, add logging to a physical printer which can't be erased if you want to make your CSO happy (corporate security officer). > > Unfortunately, there will ALWAYS be a path, either direct, or indirect between > the secure net and the internet. Other than letting people use secure computers after they have seen the Internet, a good setup has no indirect paths. > > The problem exists. The only to protect is to apply layers of protection. > > And covering the possible unknown errors is a good way to add protection. > -- bill davidsen CTO, TMR Associates, Inc Doing interesting things with little computers since 1979. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/