OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Hurd, Jon (Jon.HurdQWEST.COM)
Date: Wed Feb 07 2001 - 18:00:51 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    There are in fact NSA approved one-way interfaces (one-way serial cables).
    The Department of State's CLOUT messaging system uses a WOWI (Working? One
    Way Interface) for sending cables out to its classified network.

    -----Original Message-----
    From: Pete Henderson [mailto:peteBOSCONET.COM]
    Sent: Sunday, February 04, 2001 7:59 PM
    To: FOCUS-MSSECURITYFOCUS.COM
    Subject: Re: Win2000 Security - Level C2 security

    I agree. Get with your local DSS AIS rep and don't do anything with out
    them. And there are no methods to connect classified to unclassified.
    There must be an "Air Gap". I have never hard of a 1-way data flow device
    and I doubt the NSA would go for it.

    It sounds like you are new to classified work, so get with your local
    security people and get a copy of the NISPOM and/or Supplement/Overprint.
    Chapter 8 covers computer security.

    Pete Henderson

     -----Original Message-----
    From: Focus on Microsoft Mailing List [mailto:FOCUS-MSSECURITYFOCUS.COM]
    On Behalf Of Mollica, Steve
    Sent: Friday, February 02, 2001 12:19 PM
    To: FOCUS-MSSECURITYFOCUS.COM
    Subject: Re: Win2000 Security - Level C2 security

    Josh,

    Make sure you are in constant contact with the
    customer's security department, and the
    Defense Security Service Field Office
    for your region.

    I don't believe DSS will let you connect a
    Class and Unclassified networks together, unless
    there is a one-way data flow from the
    Unclassified network to the Class network.
    And then only if there is an NSA Approved device
    controlling the data flow.

    You can spend an outrageous amount of time and money
    and have it all denied by DSS.

    Steven J. Mollica Sr.

    ISSR

    Newport News Shipbuilding
    Information Security
    Dept. O02
    Bldg. 520-1
    Phone- (757) 380-2134
    Fax- (757) 688-1844
    Pager- (757) 881-7095

    -----Original Message-----
    From: Josh Perrymon [mailto:joshpINTEGRATED-SOLUTIONS.NET]
    Sent: Monday, January 29, 2001 5:32 PM
    To: FOCUS-MSSECURITYFOCUS.COM
    Subject: Re: Win2000 Security - Level C2 security

    Clement,

    After meeting further with the client
    we explained that we can't enable the
    C2 network to have internet access.
    And that Dual-Homed isn't even considered. We plan to implement
    the separate networks.. But, we are deciding how the 2 networks can talk to
    each other to receive mail..

    It's to my understanding that C2 really isn't implemented anymore... So we
    will configure to the NT C2 specs and document the approach we can take in
    regards to e-mail availability to the public network.

    -Josh

    -----Original Message-----
    From: Focus on Microsoft Mailing List
    [mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Clément Dupuis
    Sent: Tuesday, January 23, 2001 5:58 PM
    To: FOCUS-MSSECURITYFOCUS.COM
    Subject: Re: Win2000 Security - Level C2 security

    I was under the impression that NT 4.0 reach C2 level only in a non
    networked configuration?

    Clement

    > -----Original Message-----
    > From: Focus on Microsoft Mailing List
    > [mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Josh Perrymon
    > Sent: 21 janvier, 2001 19:55
    > To: FOCUS-MSSECURITYFOCUS.COM
    > Subject: Win2000 Security - Level C2 security
    >
    >
    > Hello,
    >
    > I have a question regarding Win2K Security. Currently , I have a client
    > using a MS 2K OS on all networked desktops and servers.
    > My task at hand is to make their network pass the level C2 DOD security
    > requirements. My main focus is a separate network that will be
    > handling the
    > classified info.
    > Their have a need for 15+ pc's, and a server. There will also be a public
    > network in the same building that also requires WWW, e-mail, and
    > the ability
    > to communicate with the classified network. I have been told by Microsoft
    > that Win 2000 will not be C2 compliant and that I will have to use NT 4.0
    > for the classified network. I would like to know if I could
    > configure 2K to
    > be compliant because I would rather have the same OS throughout the
    > installation. The client wishes to use dual-homed NIC's to communicate w/
    > each internal network in hopes of keeping separated security. My ideas are
    > to install a firewall/ router access between the two and filter what
    > packets/ports are necessary.
    > Anyway, I thought I would throw some ideas around for the list. I will be
    > researching this and posting info. as discovered.
    >
    > Thanks,
    >
    > Josh Perrymon
    > Network Security Analyst
    > Integrated-Solutions
    >
    >