Break in at The Naval War College
This story is from the Associated Press, and my jaw hung open on this one for two reasons:
1. An ENTIRE network being shut down for two weeks is usually enough to bury a business
2. Having met with the Navy a few times this year and explaining HOW I can prevent this thing from happening (not just arm waving and saying that I could help, while being elusive), I guess the word didn't get out.
So if there is anyone from the Navy or the War College who reads the blogsphere - email me ASAP. For the sake of review, here is exactly how I will solve this problem:
1. Deploy 2-6 appliances to audit the entire network. These will be set up in 1 day, and will give you a baseline of what IS happening, not what you think is happening on your network.
2. I will deploy software to a handful of machines (<100) that will configure policies that will be enforced on the appliances to keep any more new hackers (and anyone else for that matter) from getting into the network so it can be rebuilt quickly and sterilized.
3. I will deploy software to the machines of the rest of the staff, admin, and other users who you want on your network. They will have the equivalent of a badge for your network.
4. I will set and audit the access policy to make sure it is correct, while still allowing ONLY those users who have the software installed and keeping unsavory folks out (and logging who they are).
5. I will then enable the enforcement of the policies so that no one who is not an identified user or identified machine does not get on the network, or critical segments of it, including hackers who may have left rootkits, malware, or other nastiness on the network to compromise its integrity, and the integrity of the United States Navy and the Department of Defense.
I will get this done by the end of the year if I am contacted by the end of the week.
Any Questions? email me - identitystuff@gmail.com or you can find out who I am through the FBI Infragard program as well.
Mark
http://www.cnn.com/2006/TECH/internet/12/05/hackers.war.college.ap/index.html
PROVIDENCE, Rhode Island (AP) -- Hackers attacked the computer network at the Naval War College in Newport, taking down the school's network for more than two weeks, including some e-mail services and the college's Web site.
The Navy Cyber Defense Operations Command in Norfolk, Virginia, detected the intrusion around November 16 and took the system offline, spokesman Lt. Cmdr. Doug Gabos said. He said the unclassified network was used by students.
Military spokesmen would not give an estimate on when the school's Web site, www.nwc.navy.mil, will be back up.
The Naval War College bills itself as the Navy's leading center of strategic thought and national security policy.
Investigators were trying to determine the extent of the intrusion, Gabos said. They planned to upgrade firewalls and make other unspecified improvements.
"Once that is complete, the network will be restored," Gabos said.
Gabos would not comment on who is suspected of attacking the network.
School spokeswoman Karen Sellers said e-mail worked on campus, but people could not send or receive messages from off-campus.
"It's certainly inconvenient," she said. "But we all understand the importance of network security and we're patiently waiting."
1. An ENTIRE network being shut down for two weeks is usually enough to bury a business
2. Having met with the Navy a few times this year and explaining HOW I can prevent this thing from happening (not just arm waving and saying that I could help, while being elusive), I guess the word didn't get out.
So if there is anyone from the Navy or the War College who reads the blogsphere - email me ASAP. For the sake of review, here is exactly how I will solve this problem:
1. Deploy 2-6 appliances to audit the entire network. These will be set up in 1 day, and will give you a baseline of what IS happening, not what you think is happening on your network.
2. I will deploy software to a handful of machines (<100) that will configure policies that will be enforced on the appliances to keep any more new hackers (and anyone else for that matter) from getting into the network so it can be rebuilt quickly and sterilized.
3. I will deploy software to the machines of the rest of the staff, admin, and other users who you want on your network. They will have the equivalent of a badge for your network.
4. I will set and audit the access policy to make sure it is correct, while still allowing ONLY those users who have the software installed and keeping unsavory folks out (and logging who they are).
5. I will then enable the enforcement of the policies so that no one who is not an identified user or identified machine does not get on the network, or critical segments of it, including hackers who may have left rootkits, malware, or other nastiness on the network to compromise its integrity, and the integrity of the United States Navy and the Department of Defense.
I will get this done by the end of the year if I am contacted by the end of the week.
Any Questions? email me - identitystuff@gmail.com or you can find out who I am through the FBI Infragard program as well.
Mark
http://www.cnn.com/2006/TECH/internet/12/05/hackers.war.college.ap/index.html
PROVIDENCE, Rhode Island (AP) -- Hackers attacked the computer network at the Naval War College in Newport, taking down the school's network for more than two weeks, including some e-mail services and the college's Web site.
The Navy Cyber Defense Operations Command in Norfolk, Virginia, detected the intrusion around November 16 and took the system offline, spokesman Lt. Cmdr. Doug Gabos said. He said the unclassified network was used by students.
Military spokesmen would not give an estimate on when the school's Web site, www.nwc.navy.mil, will be back up.
The Naval War College bills itself as the Navy's leading center of strategic thought and national security policy.
Investigators were trying to determine the extent of the intrusion, Gabos said. They planned to upgrade firewalls and make other unspecified improvements.
"Once that is complete, the network will be restored," Gabos said.
Gabos would not comment on who is suspected of attacking the network.
School spokeswoman Karen Sellers said e-mail worked on campus, but people could not send or receive messages from off-campus.
"It's certainly inconvenient," she said. "But we all understand the importance of network security and we're patiently waiting."
posted by Mark Mac Auley at 12/06/2006
Get My Identitystuff Newsletter
0 Comments:
Post a Comment
<< Home