[LINK] Milnet rides again

[Tom Koltai]

> -----Original Message-----
> From: link-bounces at mailman.anu.edu.au 
> [mailto:link-bounces at mailman.anu.edu.au] On Behalf Of Roger Clarke
> Sent: Sunday, 23 October 2011 8:14 AM
> To: link at anu.edu.au
> Subject: [LINK] Milnet rides again
> 
> 
> [The dullards in the US military have discovered that connecting 
> important equipment to the open, public Internet is a bad idea.  They 
> even think they've invented a new idea - that dedicated networks and 
> air-gaps contribute to security.]
> 
> 
> FBI Official Calls for Secure, Alternate Internet
> 
> October 21, 2011
> Associated Press|by Lolita C. Baldor
> Military.com News 
> http://www.military.com/news/article/fbi-official-calls-for-se
> cure-alternate-internet.html?ESRC=dod.nl
> 

Unless they authenticate at every router at Header level, eventually
some numbskull will run dual Protocol stacks and leaky routing will
result in an open invite Malware gateway.
So the only way to ensure the new Milnet doesn't have any security
issues is to:

A) turn off WiFi 
B) disallow non-proprietary NAT routing
C) disallow device attachment (NFS) to the network (FTP style
interaction only) 
D) disallow any CRT's within 100 metres of any reflective silicon
surface
E) Run each device on stand alone battery/non-grid (or inductive) power
devices.

AND/OR...

Rewrite TCP to allow packet re-ordering and throw some Satellites and
Stratoliners up with KA-Band high speed DSSS FHSS (CDMA - sort-of) style
via the new MILNET Cloud. If each Coms unit is required to authenticate
directly, according to it's owners security level, (think Google
circles, Contractor Circle, Clerical Circle, Secret, Top Secret, Most
Secret, Eyes Only and Armageddon. )  I don't see how Malware could get
even get a sniff-in. But alas, this would require thinking outside the
box and a crack team of geeks that were buried in the foundations after
the code was written.

TomK