One of the reasons for what Daniel is talking about happened during Operation Market Garden during WWII. One of the officers, I believe it was a 1st Lue, in the British force dropped into the battle carrying the FULL battle plans in his pocket. The Germans got those plans on the first day of the operation. They based their response on to the operation on what they had. THAT is why you don't give everyone everything. The NSA in this case based on public admissions and from has come out so far appears to have forgotten that, go figure. It appears that they did indeed appear to have handed the "master" keys to the kingdom to a non-stakeholder, someone working strictly for the money, i.e. a contractor, or at least a lot of various keys to individual doors for him to walk out with Gigabytes of information. Jon From: [email protected] To: [email protected] Subject: Re: [NTSysADM] Re: Finally. Date: Sun, 1 Sep 2013 13:07:44 -0500
Yes, I do think it matters especially in terms of OpSec (this is not Joe’s Widget Company we’re talking about after all). Are Lieutenants told the full details of a battle plan, or only what they need to know to do their job? How about Sergeants? Continuing the battlefield analogy, what about contractors (mercenaries in that context)? If you would prefer, the next time I mention the granularity of “Unix permission” I will include with that a 20-page discussion on what I mean by “Unix permissions.” If I mention the 1st Amendment do I have to include the full text of the amendment? Or can we just stipulate in the interest of brevity that that is not necessary and is already understood? Permissions flow downward. The primary one handing out the permissions should be a stakeholder. The persons below him do have the access he has. Sub-admins is hardly a new concept; they can be contractors and often are. Authority can be delegated; responsibility cannot. From: Ken Schaefer Sent: Sunday, September 01, 2013 4:00 AM To: [email protected] Subject: RE: [NTSysADM] Re: Finally. Do you think it matters, in this case, whether it’s an FTE or a contractor that has “the keys to the kingdom” – they’d all need to go through the necessary security clearance, and have the right citizenship etc.? For someone who /wants/ to betray their country (e.g. for ideological reasons or monetary inducements), do you think their employment status really matters? Especially if the penalty for getting caught might include being charged with treason? In a large org like NSA, it’s not a matter of simply knowing “UNIX permissions” – that’s a gross over-simplification of the types of systems a large organisation would have. There’d probably be multiple Windows/AD and Windows/standalone environments, multiple UNIX environments, multiple mainframe/host environments, plus multiple systems when application permissions where used. There is no single “key to the kingdom” or a person that has such a key – except the Head/CEO/etc. If you’re saying that every privileged user, from the developer that might implement a back door, to the network admin who might trace traffic, to the backup operator that might duplicate a backup to the person who manages the HR system and who could create a “fake” identity, needs to be an FTE, then I think you’ll find that just about every large business and government agency is “in breach” of your fundamental security principles. Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Chenault Sent: Wednesday, 4 September 2013 3:08 PM To: [email protected] Subject: Re: [NTSysADM] Re: Finally. Why were the keys to the castle given to a contractor, a non-stakeholder? While we may see a certain amount of laxity in this in industry and business (not to say that's okay, it just happens) in such a sensitive environment, one with a very real potential to be the target of espionage, the keys to the castle should only reside in the hands of an employee. An extremely well-trusted one with a complete knowledge of computer security including using the granularity of Unix permissions to create admin accounts and groups with specific perms to do specific functions. A contractor, in the context of the role within the organization, is not a stakeholder. If the company or organization fails the only impact to the contractor is it's time to find another contract ( assuming he wasn't the cause). Time to find another contract is business-as-usual for a contractor. When one speaks of "tight security protocols" this is part of the discussion: a very clear understanding of each position's role within the organization, how it furthers the mission, the liabilities associated with the position and a plan to ameliorate those liabilities. That discussion comes before filling the position with an asset as that also defines the type of asset; in this context it is employee or contractor. The proper answer is that the system administrator, the ultimate holder of all security secrets, the role with complete trust, is someone who has a stake in the success of the mission and is under the direct authority of a key stakeholder if not key himself. A contractor in such a sensitive environment should never have the full authority of that administrator delegated to him. That violates the whole idea of high security and the reason granularity is exposed in the computer security model (implementation-specific). I consider the above to be a rational and reasoned short examination of how and why the assignments of roles and permissions are to be defined in any organization where the word "security" is used as part of the priorities and goals. The higher the need for tight security (say, 1-10) the more scrutiny each role is given and permissions defined. For the NSA I would say the need is 11. But that's all just my opinion late on a Saturday night. I could be wrong. On Aug 31, 2013, at 21:37, "Ken Schaefer" <[email protected]> wrote: And what are your qualifications/experience, that allow you to make such a call? (I’m assuming that you have no inside knowledge of how the NSA works, and are relying on the public speculation/allegations at el Reg etc.) Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Sunday, 1 September 2013 12:03 AM To: [email protected] Subject: Re: [NTSysADM] Re: Finally. On the evidence, absolutely. For an intelligence/espionage operation to be so thoroughly pwned because of such amazingly poor internal operational security, there can be only one conclusion - management responsible for internal security should be fired. I'm just glad they weren't, and I hope that what Snowden took is enough to bring them down, and that it's all revealed to the public. Kurt On Sat, Aug 31, 2013 at 4:20 AM, Ken Schaefer <[email protected]> wrote: So, you’re saying that the feared NSA, which has a bunch of un-discovered rootkits, which able to undertake some of the most advanced espionage in the world, is managed by idiots? Seriously? From: [email protected] [mailto:[email protected]] On Behalf Of Jon Harris Sent: Saturday, 31 August 2013 6:17 AM To: [email protected] Subject: RE: [NTSysADM] Re: Finally. Generally from I have seen in state (Florida) organizations is that they don't like promoting anyone but a moron into supervisory positions. Occasionally someone will make a mistake and promote an intelligent person but not often. I would suspect this is the case with the Feds as well (worked with them too). Several times I have seen them hire those with less brains and longer tongues and large lips over those with brains. As long as this keeps happening then we will continue to see this happen. It will be a long time before they get rid of all the defective management personnel as I would think private companies would have little to gain by keeping them (maybe why they seem to concentrate in public jobs?) and in a government job it is MUCH harder to get rid of them. Jon Date: Fri, 30 Aug 2013 14:34:15 -0400 Subject: Re: [NTSysADM] Re: Finally. From: [email protected] To: [email protected] +13 On Aug 30, 2013 11:05 AM, "Kurt Buff" <[email protected]> wrote: On Fri, Aug 30, 2013 at 10:52 AM, Micheal Espinola Jr <[email protected]> wrote: > > I accidentally hit CTRL-Enter before finishing that email... and apparently that's a shortcut to instantly-send a message in Gmail. Yay! I love learning new things... but anyways - So, yea, this Forbes article was the first I have seen that highlights the real underlying IT problem regarding Snowden - aside from other OT issues. <snip> >> >> I may have missed some article by someone else somewhere, but Its to see Forbes 'get it' before anyone else... >> >> http://www.forbes.com/sites/timworstall/2013/08/30/if-the-nsa-really-let-edward-snowden-do-this-then-someone-needs-to-be-fired/ >> >> -- >> Espi Agreed- massive failure on the part of many people in the NSA in implementing security procedures. Of course, what Snowden showed, beyond that, is the massive failure that is government policy and practices regarding surveillance/espionage in general, so I'm actually quite happy Snowden was able to do what he did. Kurt
