NETWORK WORLD NEWSLETTER: GIBBS & BRADNER 11/09/04 Dear [EMAIL PROTECTED],
In this issue: * Net Insider columnist Scott Bradner discusses the NSA's ��interesting yet confusing press coverage of late * Links related to Gibbs & Bradner * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Cisco Systems Special Report: Bridging the Gap; Enterprise ROI IT professionals today don't indulge in the latest-greatest technology for their own sake; instead they concentrate efforts on projects that are most likely to help achieve business goals. Read about the challenges and opportunities when IT starts 'bridging the gap' and directly contributes to enterprise ROI. http://www.fattail.com/redir/redirect.asp?CID=87940 _______________________________________________________________ WHAT DO YOU KNOW ABOUT THE NEW DATA CENTER? Sign up for Network World's Data Center Newsletter in which Johna Till Johnson and the team at Nemertes Research will provide an ongoing assessment of current data center business drivers and future trends; concrete advice and guidance for IT executives seeking to consolidate data centers, improve disaster recovery, and deploy virtualization techniques. Click here to subscribe: http://www.fattail.com/redir/redirect.asp?CID=87879 _______________________________________________________________ Today's focus: NSA Projects, Manhattan and otherwise By Scott Bradner The U.S. National Security Agency does not see its mission as being limited to peering through keyholes. In addition to trying to figure out what "the other guys" are up to, the NSA also tries to protect our cyber shores from attack. This part of NSA's mission is far from new, but it got some interesting and maybe confused press coverage recently. The NSA has been telling people how to think about computer security at least since the early 1980s. The original Trusted Computer System Evaluation Criteria (aka the Orange Book, <http://www.dynamoo.com/orange/> ) was published in 1983, and since then the NSA has published various documents to help people evaluate the security of systems or to configure systems in the most secure way that can be done considering the underlying operating system. For example, the NSA has an online repository (under the umbrella of the agency's Central Security Service) of more than 70 guides for configuring PCs, routers, switches and firewalls ( <http://www.nsa.gov/snac/> ). The latest batch of guides includes one for configuring Apple OSX systems - something I found interesting and well done (see <http://www.nsa.gov/snac/os/applemac/osx_client_final_v.1.pdf> ). In mid-October Daniel Wolf, the NSA's information assurance director, spoke at the Microsoft Security Summit East. The summit is a traveling road show focused on security in Microsoft products. I went to the one in Boston and found it generally useful, even more so because my Apple OSX bias has left me without as much personal experience with Windows security issues as many of you have. In a keynote speech, Wolf talked about a number of things, but different ears seem to have focused on different things he said or maybe overinterpreted his words. The official NSA press release ( <http://www.nsa.gov/releases/relea00084.cfm> ) focused on Wolf's enthusiasm for vendors' "progress and future plans to enhance the security of operating systems and desktop applications" and the fact that "the onus is now on the users" to do their part by "applying the latest patches and software updates." This report says Wolf also mentioned two of the national and international efforts that the NSA is engaged in to promote the development of security criteria ( <http://www.commoncriteriaportal.org/> ) and for security testing ( <http://www.niapnist.gov/> ). The latter project has tested and ranked the security of a large number of products. I am not all that sure the reporters from Federal Computer Week and Government Computer News went to the same talk described in the NSA press release or that they went to the same talk as each other, even though they both wrote about a mid-October speech by Wolf. The Government Computer News reporter focused on the NSA's development of a "three-phase architectural plan for secure worldwide data sharing" among intelligence agencies and the military. She also mentioned in passing a possible, but yet unfunded, office to push high-assurance software that she quoted Wolf as saying would be a modern equivalent of the World War II Manhattan Project. The reporter for Federal Computer Week made the unfunded office the focus of her report, noting that it would be a government-funded research center "devoted to improving the security of commercial software." She also included mention of government concern over the offshore development of much of the next generation of commercial software. So maybe the NSA is planning a new Manhattan Project and maybe it is not. In any case, the agency continues to crank out useful work (at least what we are permitted to see). Disclaimer: Harvard's expansion into Allston, Mass., might be almost as expensive, in non-constant dollars, as the original Manhattan Project but it will be nowhere as secret (at least going forward). But the above commentary is my own. Bradner is a consultant with Harvard University's University Information Systems. He can be reached at <mailto:[EMAIL PROTECTED]> _______________________________________________________________ To contact: Scott Bradner Bradner is a consultant with Harvard University's University Information Systems. He can be reached at <mailto:[EMAIL PROTECTED]> _______________________________________________________________ This newsletter is sponsored by Cisco Systems Special Report: Bridging the Gap; Enterprise ROI IT professionals today don't indulge in the latest-greatest technology for their own sake; instead they concentrate efforts on projects that are most likely to help achieve business goals. Read about the challenges and opportunities when IT starts 'bridging the gap' and directly contributes to enterprise ROI. http://www.fattail.com/redir/redirect.asp?CID=87939 _______________________________________________________________ ARCHIVE LINKS Gibbs archive: http://www.nwfusion.com/columnists/gibbs.html Bradner archive: http://www.nwfusion.com/columnists/bradner.html _______________________________________________________________ Webcast - Wireless Network Troubleshooting Watch this webcast and get an overview of wireless LANs including: key standards; the link and physical air wireless LAN; infrastructure, bridge, and ad-hoc modes; and wireless switch architecture. Watch now. http://www.fattail.com/redir/redirect.asp?CID=88064 _______________________________________________________________ FEATURED READER RESOURCE NEW! Website dedicated to Networking for Small Business now available The editors of NW Fusion and PC World have combined all their expert advice, authority, and know-how into a powerful new tool for small businesses, the new Networking for Small Business website. Get news, how-to's, product reviews, and expert advice specifically tailored to your small business needs. Find help with Security, Broadband, Networking, Hardware, Software, and Wireless & Mobile technology at: <http://www.networkingsmallbusiness.com/> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at <http://www.subscribenw.com/nl2> International subscribers click here: <http://nww1.com/go/circ_promo.html> _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
