`Govnet` Would Be Costly, Prone to Failure-Experts
posted by: valvoline on 17/10/2001 @ 8.30.30
|
SAN FRANCISCO - Creating an independent U.S. government computer network that is separate from the Internet would be costly and fail to create a safe haven from hack attacks and viruses, security experts said on Monday.
Last week Richard Clarke, the presidential adviser on cyberspace security, proposed that the U.S. government establish its own network-- dubbed Govnet -- that would be less vulnerable to malicious attacks amounting to a kind of ``digital Pearl Harbor`` Clarke and others have warned could cripple key systems.
While the concept is theoretically feasible, experts said it would be very difficult to execute.
``The idea is sound, to physically separate services that do not require access to the Internet or that have sensitive information,`` said Elias Levy, chief technology officer at SecurityFocus.com. ``Of course, no separation is ever 100 percent.``
For instance, Govnet would be susceptible to the same physical attacks as the Internet if its fiber optic cable were run through the same conduits the Internet uses, Levy said.
Inside the government offices, employees themselves could easily pass viruses from the public Internet to Govnet with floppy disks, unless the floppy disk drive were locked shut, experts said.
The Department of Defense is among the government agencies that already operates its own classified network separate from the Internet. Despite diligent efforts, several computers in that classified network were infected by the Love Letter computer worm last year, experts noted.
NO BULLETPROOF SYSTEM
``The thought is if we can have complete control over it will be bulletproof,`` said Jeff Wyne, vice president of marketing at security services provider Atabok Inc.
``But this is farfetched unless they assume there`s not going to be any kind of human intervention or place where someone is going to connect in through a PC,`` Wyne said.
The larger the network the harder it is to secure, said Bill Cheswick, author of a book on security and chief scientist at network management and security services provider Lumeta Corp.
Users of classified networks are prone to lax security practices because they have the perception that the network they are using is immune from security issues, said Amit Yoran, chief executive of network monitoring form RIPTech.
``They believe that because they are unplugged that they`re secure enough,`` said Yoran, who was director of vulnerability assessment for the Defense Department`s computer emergency response team in 1997 and 1998.
``In reality, what happens is that even the smallest chink in the armor causes the entire infrastructure to fall apart because these kinds of networks don`t have the kinds of security they need, (or) even minimal security practices,`` Yoran added.
USE EXISTING TECHNOLOGY
Yoran and the others recommended that instead of creating a new network from scratch, the government improve its security practices and use existing security technologies.
``We might make the best use of our dollars by taking the security products and processes and technologies which exist and using them more effectively,`` Yoran said.
A compromise, the experts said, is virtual private network technology, which enables corporations to use the Internet securely by encrypting data communications before they are sent over the public network and decrypting them at the receiving end.
But one expert pointed out that users of such technology are only as safe as the computer user at the other end is.
``VPN is a trust relationship, not a security one,`` said Alan Paller, research director of the System Administration, Networking and Security Institute.
Paller predicted that by pursuing a separate, more secure network, the government would force software companies to improve the security of software they develop.
``Think of this money as a reality check on safe networking that will force vendors to build something that is just as safe,`` Paller said.
Copyright 2001, Arizona Central. All Rights Reserved.
|
comments: (0)
|
|
|
|
|
