NSA Closes Air Gaps
Chooses Linux for security
ERROR: Random File Unopenable
The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.
NSA Opts High-Security Linux Over Windows NT/2000by Dave Murphy
Unacknowledged for decades, the National Security Agency (NSA) is still referred to by its employees as "the Department of Defense" or simply "No Such Agency."
But within these mirrored glass and electronically-protected walls incubates new security technology that will have repercussions in the business community for years to come.
Currently NSA, like all sensitive military operations, separates data by classification. Confidential and secret are common classifications. To ensure higher-classified data doesn't leak to unauthorized recipients, NSA maintains separate and distinct computer networks. According to one report, as many as six networked computers are assigned to some agency employees. By using "air gaps," network administrators ensure cross-talk and accidental miswiring doesn't allow the unsecured dissemination of highly-classified data.
Imagine having multiple PCs on your desk, each used to access, modify, and transmit different classifications of data. What a nightmare!
Software firm VMware has teamed with NSA researchers to develop an alternative solution that provides security comparable to air gaps - to having multiple computers.
Called "NetTop," VMware's software-in-development would turn each computer into a number of virtual PCs running on a Linux computer that would sit on each worker's desk. The NetTop security system creates virtual walls between public and classified data and becomes an impenetrable barrier to inadvertent dissemination.
If successful, the project could mean huge cost savings and convenience for the NSA and other security-conscious government agencies by eliminating one or more computers--and a variety of network components--cluttering desktops at the agency. And it will mean big commercial deals for VMware, too. When NSA adopts new technology, thousands of it's vendors are often required to use the products to maintain the same high-level of information security.
The following paragraph is an excerpt from VMware's press release: "Users in the national security community have an increasing need for commercial off-the-shelf software, and to provide them with this functionality without compromising on security, we currently require them to use different computers for different applications," said Paul Pittelli, Director of Information Assurance Research at the National Security Agency. "A security enhanced virtual machine monitor is an important component to help us provide practical security solutions for our customers by allowing them to use commercial software safely. We are impressed with the VMware technology and look forward to a productive research partnership."
VMware's plan is to use an offshoot of the company's current virtual machine technology that allows Linux users to install and run Windows or any other PC-based operating system on top of Linux.
NSA has selected Linux as its preferred operating system because it's open source architecture ensures no trap doors or hidden security back doors are present.
According to Fred Cohen, the University of New Haven's professor of digital forensics investigation, VMware's idea seems to be a good one and he agreed the decision to run the VMware technology on top of Linux, not Windows, is key to a government agency like the NSA.
"You wouldn't want to do it on Windows NT, because you know nothing about what is going on inside NT," Cohen added.
Call for CommentsWhat do you think? Leave your comments on the message center.
Previous issues are on our website at http://itrain.org/itinfo/.
International Association of Information Technology Trainers
Copyright © 2001 International Association of Information Technology Trainers, Ltd., All Rights Reserved