NO, NO no
U.S. Central Command has 14 different, physically separated networks. To get access to the info on all of 'em, a military type needs as many as five different computers, sitting on his desk. But new software being tested by CENTCOM would enable a single computer to connect to all those networks at once -- from the open internet to the top secret stuff. "If it proves secure, could save more than $200 million for CENTCOM," UPI's Shaun Waterman reports. And a ton of hassle, too.
But the best part of the project might be its acronym. The demonstration is called "One Box, One Wire" -- OB1, for short. Use the Force, sysadmins!
The key to OB1, retired U.S. Air Force Gen. Eugene Habiger tells Waterman, is the "separation kernel," a piece of software "guaranteed to keep the different networks separate."
SOURCE:Permalink
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
" a piece of software "guaranteed to keep the different networks separate."
B.S.
Its software.
There is no software, security or otherwise that makes your PC 100% safe.
With the coming recession there is more motivaton for hackers,
( profit )
and less motiation for Security software cos.
( expenses/costs )
The Security software industry is a failure.
There is no way to secure a PC or MAC connected to the net.
The hackers are way ahead of the curve in maleware
and the Software Security Cos are way behind the curve.
And its going to get worse as in the depression the Sec.
Cos cut budgets, and hackers go for more $$$.
If the Military connects the seperate 14 newworks
they are providing a bridge to each one.
IT IS NOT POSSIBLE TO SECURE A COMPUTER
IF IT IS CONNECTED TO THE WWW.
I'm saying it here now, so I can quote my self later.
all 14 networks will be breached if you connect them
on one computer and the WWW.
At no time in the history of the WWW have computers
been so vunerable and from automated attacks, as they are now.
One of the leading Security Companies Trend Micro
has some of the best security systems, but the worst
service for paying clients I have ever experienced.
Their service is abysimal. They are unbelieveably
Bad. But some of their programs are the best out
there.
The hackers, and malware creators are so far ahead
of the Security Cos, it will take a major new paradigm
breakthrough to catch up. And there are none on the horizon.
There is no Security program or combination of programs
that will porvide 100% security, ain't no such animial.
Any company that says that is lying.
Lets look at the press release: MY COMMENTS IN CAPS FOR EASE OF READING.G
Last year the U.S. military banned the use of removable media like thumb and Flash drives after a worm spread on such devices infected CENTCOM computers.
"Through a Flash drive, a worm or a virus is introduced," said Liacko, "and moving data physically like that opens up the door, and once the door is open, it can propagate and the whole network can be compromised. Integrity stops that."
Retired U.S. Air Force Gen. Eugene Habiger, a member of the company's advisory board, is blunter. "Had this operating system been used within the systems (that were compromised by the worm), this would not have happened."
OK NOW THE WORM WAS SPREAD BY A THUMB DRIVE MOVED FROM PC TO PC.
NOW INSTEAD OF A THUMB DRIVE, ITS ONE PC CONNECTED TO ALL THE NETWORKS,
HOLD THAT THOUGHT. G
Habiger, a former head of cybersecurity at the Department of Energy, said the technology on which the new software was based had been certified by the National Security Agency.
"The fact that the NSA has given this certification to Integrity and its software after, as I understand it, a very intensive, exhaustive two-plus years of analysis … that speaks volumes for its reliability and security.
"This operating system is revolutionary," he concluded. "The technology is revolutionary."
The key to Integrity's game-changing character, said Jones, is known as the separation kernel, a piece of software "guaranteed to keep the different networks separate … all the way from the unclassified to the top-secret level."
KEEPS NETWORKS SEPERATE, BUT ALL USING THE SAME PC, WHICH WILL BE INFECTED FROM THE WWW. G
The software, Liacko explained, creates "what we call security domains … in essence virtual machines or virtual servers … each one of them is impregnable. Even viruses that operate at the very deepest level of the operating system cannot get around the new software, he said.
IF MALWARE GETS TO THE KERNEL LEVEL OF THE PC, THE PC IS INFECTED, THEN THEY START
CONNECTING THAT INFECTED PC TO 14 DIFFERENT SECURE NETWORKS. G
"We sit literally on the bare metal … on the microprocessor. What we create is a secure platform, and on top of that platform you can run Windows or Linux … inside of a securely separated domain, where … your top-secret or confidential corporate data … can be protected and cannot be accessed by an intruder" from any one of the other domains.
RIGHT CANNOT BE ACCESSED FROM ANY OTHER DOMAIN BUT THE CENTERAL POINT IS THE SAME
INFECTED PC IS USED BY ALL THE NEWTORKS TO SPREAD THE INFECTION.G
Specialists at the NSA tested the system for three years, said Liacko. "We had to give source codes andblueprints to the NSA, and they began a multiyear process of doing mathematic and physical penetration testing. … They were not able to penetrate it."
BUT DID THEY LOOK AT HOW THEY ARE GOING TO PROTECT THE CENTERAL VECTOR TO ALL
THE NETWORKS? HOW THEY WERE GOING TO STOP THE PC CONNECTED TO THE WWW AND ALL 14 NETWORKS FROM GETTING INFECTED?
THAT PC IS LIKE A DIRTY SPOON FEEDING ALL THE NETWORKS INFECTED MALWARE.
IF THEIR SYSTEM WORKS, SHOW ME THE PC THAT CANNOT BE INFECTED.
THE SOFTWARE THAT MAKES THE PC 100% SAFE.
I SAY BS.
IT DOES NOT EXISIT.
THEY ARE SAYING THE SOFTWARE CAN KEEP THE 14 NETWORKS SEPERATE.
YES THEY CAN, BUT THEY ARE INTERODUCING A CENTERAL INFECTION VECTOR
BY USING THE SAME PC FOR ALL 14 NETWORKS WHICHIS CONNECTED TO THE WWW.
U.S. Central Command would enable military computers for the first time ever to be connected at the same time to both classified and unclassified networks -- including the public Internet.
Officials say the technology, if it proves secure, could save more than $200 million for CENTCOM and eliminate the need to use workarounds like thumb drives to move data between networks at different levels of classification -- which can facilitate the spread of viruses and other malware.
IF THE THUMB DRIVE WAS THE CENTERAL VECTOR, MOVED FROM PC TO PC CAUSED INFECTION
THAN USING THE SAME PC FOR ALL 14 NETWORKS BECOMES THE CENTERAL VECTOR FOR INFECTION
JUST LIKE THE THUMB DRIVE DID.
DON'T LET THEM CONECT TO YOUR NETWORK.
THEY ARE PLAYING SEMANTIC GAMES WITH USA MILITARY NETWORK/PC SECURITY.
AGAIN I SAY ITS BS.G
Just say no to OB1 USE THE FORCE.G
Gerald
ps: ask NSA to see one of their
PC's connected to the WWW
that is 100% secure.
If your network isn't connected
to the WWW, OB1 will expose your network to the WWW.
Rebuttal:
Your misunderstanding here stems from your failure to understand what a separation kernel does. There IS NO central, common, shared infection vector. Each virtual OS is self contained and the software allows for switching between them. ( what happens when a rootkit/hacker gets access to the software/program that allows switching between networks? G ) One OS cannot access the portion of the drive allocated to another OS. This is not some guy using IE or Firefox to access secure networks on the same machine he checks his Yahoo mail with some fancy "anti-virus" running in the background. The main reason it's nearly impossible to completely secure an internet connected PC is because there is always a tradeoff to an end user of security vs. convenience. There is no such compromise in this system. Unknown author.
Second:
if each virtual machine is running in parallel and not being hosted by an OS with access to the network interface, then tunneling into WWW-connected Machine #1 gives no access to a network interface that can be used by Secure Machine #2. This is what is meant by kernel separation, and I would advise you to talk to network security experts before making such broad and unfounded proclamations.
This is not to say that somebody clever can't possibly figure out a way around these measures, just that this new system is not any worse than using 5 computers on the same switch connected to different military networks. by Aaron
( OB1 is a central vector vs having to hack 5 PC's/networks, HACKING just one sounds less secure.G )
Update:
VMBRs virtual-machine based rootkits G
posted by gerald at
1/30/2009 11:59:00 PM
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
1 Comments:
Your misunderstanding here stems from your failure to understand what a separation kernel does. There IS NO central, common, shared infection vector. Each virtual OS is self contained and the software allows for switching between them. One OS cannot access the portion of the drive allocated to another OS. This is not some guy using IE or Firefox to access secure networks on the same machine he checks his Yahoo mail with some fancy "anti-virus" running in the background. The main reason it's nearly impossible to completely secure an internet connected PC is because there is always a tradeoff to an end user of security vs. convenience. There is no such compromise in this system.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home