RE: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd)

[Paul McNabb <mcnabb () argus-systems com>]

I've poked around on these sites and it appears that the Australians
are finally commercializing the old CMW technology, something that
was done years ago here in the U.S.  I wonder if they've added anything
of value or if they are just repackaging it?  I know of at least six
products that do exactly what is described by the Australian web pages,
and do it on a single machine with properly modified/secured X servers
and network stacks.

paul

---------------------------------------------------------
Paul McNabb                     Argus Systems Group, Inc.
Vice President and CTO          1809 Woodfield Drive
mcnabb () argus-systems com        Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433                "Securing the Future"
---------------------------------------------------------

>  From owner-firewall-wizards () nfr net  Mon Oct 19 09:11:16 1998
>  From: Peter Mayne <Peter.Mayne () digital com>
>  To: firewall-wizards () nfr net
>  Subject: RE: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd)
>  Date: Mon, 19 Oct 1998 13:25:30 +1000
>  
>  Not a firewall, but a way of securely "connecting" a classified network to
>  an unclassified network.
>  
>  The quote is right: in this kind of environment, a firewall is useless.
>  
>  The page at http://www.adc.gov.au/news/feature_infosec.html says:
>  
>  > The other members of the consortium are Compucat, a Canberra-based
>  > specialist in computer security, and Digital Equipment Corporation
>  > (Australia), a subsidiary of the US information technology giant.
>  
>  > The Interactive Link allows a computer operator to open both classified
>  > and unclassified "windows" simultaneously on the same workstation
>  > screen, and to import information from the unclassified to the
>  > classified window, but not the other way around.
>  
>  (I included the first paragraph so I can take the opportunity to guarantee
>  that I have nothing to do with it.)
>  
>  Here's an example:
>  
>  You're working on a classified network, but you want to be able to browse
>  the Web. You can have a second system on your desk connected to an
>  unclassified network, and on to the Internet, but that's clumsy and uses up
>  space. So, why not run your browser on the unclassified system, but display
>  it on the classified system (an everyday use for X Windows or SMS remote
>  control)? If anybody hacks your browser, the only system at risk is the
>  unclassified one, right? Likewise mail: if your email client is running on
>  the unclassified system, and only displaying on your classified system, you
>  can't send classified information, right?
>  
>  The holes are so obvious I won't start to point them out (as well a bunch of
>  not so obvious holes), but 'what Vision Abell calls a "data diode" which
>  allows information to travel one way but not the other' might help out here,
>  hence the "software and hardware in a modest-sized grey box". Sounds
>  horrendously complicated, so good for them if it works.
>  
>  See the links at http://www.dsto.defence.gov.au/stindex.htm#S for similar
>  media releases about Starlight (found using AltaVista).
>  
>  I have absolutely no involvement in any of this whatsoever, just in case
>  somebody thinks I'm giving away trade secrets; I've never heard of Vision
>  Abell before the other day, I don't know how they do it, I've never seen it
>  in action, etc, etc. I just happen to live here, and I saw the article in
>  the paper.
>  
>  PJDM
>  ----
>  Peter Mayne, Compaq Computer Corporation (Australia), Canberra, ACT
>  These are my opinions, and have nothing to do with Compaq.
>  I used to be a Digit, now I'm a Q.
>