Timothy J. Miller wrote:
Roy Keene (Contractor) wrote:
Thus if your workstation is in a significantly increased position of
risk (i.e., you do not apply security patches, and are not on a
network that blocks known-bad attackers, and there is no IDS/IPS) then
any e-mail you send is at a significantly increased risk of being
tampered with, and any encrypted transmission are at a significantly
increased risk of being intercepted with.
This is only true if you're leaving the card in the reader. I would say
don't do that; the card should only be inserted when the card is needed
for an operation, limiting the window during which malicious code can
piggyback an authenticated card session (or start its own).
This is always true of the box is ever compromised and the card is ever used.
Thunderbird could easily change your email messages before sending them out
(i.e., before signing as well), and they would be correctly signed since it
would prompt your for the PIN and you would give it. Or Thunderbird could send
its own email, signed using your CAC, using your PIN once you have given it
Fundamentally this is a trusted path issue and is as true on managed as
well as unmanaged machines. If you're interested in the problem, I
recommend Balfanz & Felton's paper "Handheld computers can be better
smart cards" as a starting point. (ObNameDrop: I was at USENIX SEC'99
where this paper was presented.)
I agree. However, it's a matter of degrees.
I will read the paper further, but an initial glance seems to suggest that they
agree with me on the current state of affairs -- the stack must be protected
diligently. (Another note, moving the stack to a mobile PC doesn't remove this
factor, it just shifts it.. what happens when the Handlheld computer gets
compromised through a vulnerability in its cryptographic API, or even worse if
the user is not following security guidelines and connects the device to many
untrusted networks ?)
Certainly, it still happens on a network that follows DISA guidelines,
but it happens very infrequently and is almost always detected.
Isn't the illusion of security grand? ;) Seriously--as has been
reported recently in the open media--there have been multiple,
long-running intrusions into DoD networks that went undetected for months.
If you compare the number of long-running intrusions into DoD networks that have
gone undetected for months against the number of long-running intrusions into
non-DoD networks that have gone undetected for months I think you will agree
that that latter number is significantly greater.
Thus, my conclusion that DoD networks are far safer (less intrusions, quicker
detection), and my assertion that following DISA guidelines make them that way.
-- Tim
------------------------------------------------------------------------
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
--
Roy Keene (Contractor)
Office of Network Management (Code 7030.8)
Naval Research Laboratory
Stennis Space Center, MS 39529
DSN 828-4827
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
