Network security news you can use
- By Shawn McCarthy
- Nov 01, 2001
Shawn P. McCarthy
Watching new network security initiatives emerge this winter will be like watching a sporting event.
Privacy issues will be debated. Proposals and counterproposals will come and go. Amid the excitement, here are some efforts that merit extra attention by agency network gurus.
Starting at the top, Richard Clarke, the president's new cybersecurity adviser, has proposed constructing a new government network to secure critical information. Intelligence users have had one for some time in Intelink, but Clarke thinks it's time to extend the concept to all agencies.
By definition, such networks couldn't have public faces. The concept would protect government data, but it would not stop defacement of agency Web sites or denial-of-service attacks. See a request for information for GovNet at www.fts.gsa.gov/govnet/govnet.doc
If you manage a government network, you can expect to hear shortly from Clarke as chairman of the governmentwide board that will coordinate protection of critical infrastructures.
A safe prediction: Clarke will start with some quick surveys, then escalate into recommended protocols for closing the hundreds of holes that exist in government sites.
Let's hope he makes it mandatory to monitor CERT advisories for specific platforms and to install all required patches as soon as they are available. See www.cert.org
. Failure to install patches for known vulnerabilities is the chief reason networks get compromised.
Meanwhile, Attorney General John Ashcroft persuaded Congress to push through antiterrorism legislation giving the government greater power to use certain surveillance technologies.
That includes the FBI's DCS1000 network eavesdropping device, formerly known as Carnivore. Although it's mainly for intercepting e-mail on Internet service providers' networks, the DCS1000 could have some applications on government networks, so you might be asked to permit its installation. For example, the Army reportedly has already talked to the FBI about using it.
Information about how DCS1000 works can be found at www.fbi.gov/hq/lab/carnivore/carnivore2.htm
or at epic.org/privacy/carnivore
Oracle chairman Larry Ellison has been pushing the government to create a national citizen registry that would, of course, reside in Oracle database software he would donate. His argument isn't for building more government databases but for unifying them to make it easier to find the right information.
The starting point would be information sharing among immigration, intelligence and law enforcement agencies.
There are controversial proposals to link such a database to a national identity smart card that could, in theory, replace everything from Social Security cards to passports.
One possible technology for such cards comes from ActivCard Inc. of Fremont, Calif. A card reader attached to a PC Universal Serial Bus port decrypts the ActivCard two-factor authentication after receiving a password. See www.activcard.com
The company has worked on the Defense Department's access cards and is cooperating with VeriSign Inc. of Mountain View, Calif., on secure network log-ins.Shawn P. McCarthy designs products for a Web search engine provider. E-mail him at [email protected].
Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.