On Tuesday 11 May 2010 13:08:43 Pranesh Prakash wrote: > Dear all, > Would any of the folks on this list be able to shed more light on > this article? > > - Pranesh > > ===== > From Times of India: http://j.mp/duPRrc > > Govt to develop own operating system > TNN, May 10, 2010, 04.04pm IST > > NEW DELHI: The government has set in motion an ambitious plan to > develop its own software and end the reliance on foreign operating > systems and anti-virus products after growing worries over the > spurt in cyber attacks on Indian establishments.
Plenty of clueless stuff, proly dished out by some half brained consultant. Security is a process. A real attack would not even be noticed. But yes, getting rid of doze and those brain dead signature scanning software (basically a (computerized) clerk looking for matching names to decide what is good and what isnt) should keep out script kiddies and other simple attacks which are drummed up to be "major" security breaches by the clueless (or perhaps hobbled) fellows who run such infrastructure. The very fact that they rely on "antivirus" tells you quite a bit about their expertise. At least it will save them the embarrassment of explanations for "Free Kashmir" banners on their websites. > The government formed a high-level taskforce in February to devise > a plan for building indigenous software, said a senior intelligence > official who is a member. The panel will also suggest ways to > conduct third-party audits on existing software in government > offices to prevent online sabotage attempts until the software’s > launch, he said. How about attacking the RTGS and NEFT systems of RBI all relying (RBI actually mandating) on totally closed hardware and software (including closed encryption hardware) instead of lowcost open COTS systems. One could easily worm ones way into the system thru any of the 100s of sitting duck coop banks, many using dialup to connect to the RBI network. > The overwhelming belief among government bosses is that an > indigenous low-grade, but clean, software could nix the chances of > foreign states infiltrating the computers of key Indian > establishments and compromising the country’s security. “A > sanitised, lower level operating system and application software > may be preferred to the advanced versions, which necessarily > require access to internet for upgrades,” the official said. So by innuendo OSes other than the current "High Level" ones are low brow stuff?. > Operating system and anti-virus software makers said their products > were completely safe. No company official spoke on record. Notice how shit scared the GOI is about naming M$ and the AV vendors. > The > government is key customer, and sales to its departments are a big > driver of revenues. Even so, some welcomed the move. > > “It’s prudent for the government to develop an open source-based > operating system on which it has total control. Codes for even > anti-virus software and processors are available which can be > customised,” said a technical head of a US-based network security > giant. HA HA. Codes for AV. Kick out this US-based network security giant pronto. > > The government’s move shines a light on a major chink in India’s > technological armour. > Despite home to nearly 10% of the world’s > software developer base, the country still lacks an operating > system or security product of repute. India is now making a late > scramble to join nations that own both hardware and software > technology critical for the safe upkeep of their defence, space and > nuclear programmes. The government recently sanctioned Rs 50 crore > to design an indigenous microprocessor. There are any number of good open designs. The GOI should join up opencores.org. All the stuff they need is already there. GOI contributions would accelerate the process of IT security by a few orders of magnitude. Also the open world is bereft of fawning yes men who tell you what you want to hear. > The government’s unease with foreign technology and hardware has > been on the rise in recent years. Oh the zombie rises again. Maybe they will actually start to build and operate a fab. Lets come back to this in....20 years? > Recently, it warned telcos > against installation of foreign gear. Last week, junior minister > for communications & information technology Sachin Pilot told the > Rajya Sabha about several measures the government has taken to > detect and prevent cyber attacks. Like reading everybody's emails, and checking everbody's browsing. > > No sensitive information will be stored on systems connected to the > internet, while ministries and departments have been told to carry > out regular IT systems audits. The government has also established > a Crisis Management Plan against cyber attacks to be implemented by > all central ministries, state governments and critical sectors, he > said. would be fun to read this. > Last week, US counter terrorism head in the Clinton and Bush > regimes, Richard Clarke, warned nations of an ‘electronic Pearl > Harbour’ that can shut down power, transportation, communication > and all money from banks and exchanges. He said a massive cyber > attack could paralyse the US in 15 minutes. > > Taking cue, India is also taking further preventive steps. The > defence ministry has already removed many of its computers off the > internet. Its officers can’t carry pen drives inside offices. The > government has also decided to connect all key government > ministries and offices, which number over 5,000, to an alternate > exclusive communication network that is being built for the armed > forces. This will provide a secure backup during emergencies, or at > times when the networks of private telecom operators cannot be used > to transmit sensitive information. Open junction boxes, Optical cables running from rooftop antennas. It will take a lot more than they think to build a secure network. > > State-owned BSNL and MTNL are building the Rs 10,000-crore, 40,000 > km alternate-fibre network. The armed forces will shift a bulk of > their communication needs to this network, thereby enabling them to > vacate huge chunks of radio frequencies or spectrum they occupy for > commercial telephony. A good move, save the minor fact that all those routers and switches are sold by an american company, building em in China, with secret sauce software loaded in every box. I wonder how many have a default password. -- Rgds JTD _______________________________________________ network mailing list [email protected] http://lists.fosscom.in/listinfo.cgi/network-fosscom.in
