对美国政府电子安全官员宣称的所谓“GOVnet”安全隔离网络分析
中文部分由 阿新(Seraph Chutium) http://com.6to23.com/ 补充
这里是一份华盛顿邮报对这个“GOVnet”的相关报道。
我理解的大意是美国政府的新任电子信息安全官员称他们要为美国政府构建一个能够抵挡任何黑客,恐怖分子攻击以及蠕虫、病毒的GOVnet网络。他们在做决定前想向业内认识询问了构建这样一个网络的花费及难度等等,业内的大部分安全专家认为这向计划很难完成。其中还有一段介绍了前不久白宫遭红色代码等攻击的例子:
This year, the current network has been breached by hackers, computer worms and viruses. In April, government Web sites were manipulated by Chinese hackers angered by the death of a Chinese pilot in a collision with an American spy plane. 这段话看了比较欣慰! The system was also roughed up by the "Code Red" computer worm and an attack program called "ILoveYou." The viruses affected thousands of government computers. (先贴到这里,大家先看看)文章的后面 Kurtz 说即使有这样的网络,攻击或病毒仍然可以通过软盘和可信任的内部系统中传播。一位现在美国国防部的信息安全项目主管(information-security program director at the Defense Department 不知道是不是这个意思)说,要想在internet上完全阻止一个经验丰富的黑客或者设计精巧的病毒是几乎不可能的。
U.S. Seeks to Build Secure Online Network
Telecom Firms Asked for Help in Constructing Private 'Govnet' System
By Krissah Williams
Washington Post Staff Writer
Thursday, October 11, 2001; Page A10
The government's new cyber-security officials yesterday asked telecommunications companies for help building a government computer network that would have "no risk of outside penetration" -- a task some computer security consultants say is nearly impossible.
Plans for the private network, called Govnet, hinge on whether a reliable network infrastructure can be built at an affordable price, officials said. Computer system consultants said they could not estimate how much the network would cost because of the government's enormous size and security needs.
Richard Clarke, who was appointed special adviser to the president for cyberspace security this week, said he believes a more reliable system can be built. Ninety percent of available fiber-optic space is unused and fairly inexpensive to obtain, he said.
Govnet is part of a plan Clarke announced earlier this week "to secure our cyberspace from a range of possible threats, from hackers to criminals to terrorist groups, to foreign nations, which might use cyber-war against us in the future." Govnet would be completely independent from the Internet to help keep out hackers and viruses, according to the government's plan.
The request from the General Services Administration asks that telecommunications companies submit proposals about how the network could be built, how much it would cost, and how long it would take to construct.
"Based upon that we will make a decision. We're waiting to hear from industry right now," Clarke said.
This year, the current network has been breached by hackers, computer worms and viruses. In April, government Web sites were manipulated by Chinese hackers angered by the death of a Chinese pilot in a collision with an American spy plane. The system was also roughed up by the "Code Red" computer worm and an attack program called "ILoveYou." The viruses affected thousands of government computers.
Last year a report by the General Accounting Office, an internal government watchdog, found weaknesses in the computer network that could allow terrorists or hackers to "severly damage or disrupt national defense or vital public operations or steal sensitive data."
Clarke said the government's current virtual private network is vulnerable to viruses and denial of service attacks that Govnet would make more difficult to execute.
George Kurtz, co-author of "Hacking Exposed" and chief executive of security consulting firm Foundstone Inc., said such a network is feasible but would be costly and difficult to build. It is impossible to stave off all attacks, he said.
"The gist of this entire effort is to try to segment critical government computer systems from the rest of the Internet," Kurtz said. "You can't guarantee against these sort of attacks. There is always going to be a flaw with software, a flaw with hardware or the human element."
Even on Govnet, viruses and attacks could still be spread by floppy disks or connections with trusted systems, Kurtz said.
An internal network, such as the Govnet proposal, is worth investigating but will probably fall to sophisticated hackers, said Amit Yoran, chief executive of security-services company Riptech Inc. and a former information-security program director at the Defense Department.
"It is probably more feasible to implement and strongly enforce global security postures and practices rather than go out and purchase new assets," Yoran said. "Once someone is able to get in, they will find a weak link. When you have a network the size of the government's there will be weak links. Someone will get in."
下面是名为"m4chine"的fucktelus.com组织成员写的一份深入分析。
主要介绍了它的目的、由来、拨号码前缀和最后作者做出的结论。
至于那个“News Article Pertaining to GOVnet”就是上面那篇华盛顿邮报的文章。
==> 'An Insightful Look at the GOVnet Network' <==
==> By: m4chine
==> Date: 10/12/01
==> E-mail: m4chine@fucktelus.com
-
Description
indeX =>
-> Introduction
-> GOVnet's Purpose
-> GOVnet's Origin
-> Dial-In Prefixes
-> News Article Pertaining to GOVnet
-> Conclusion
<=>
Introduction -
GOVnet is the name given to the network infrastructure which serves government offices in
Montpelier and Waterbury as well as district offices in twelve cities and towns statewide. In
the near future the Whitehouse and the DOD will be adopting this network for nation-wide usage.
The physical backbone consists of fiber optic cable connecting state buildings on the Montpelier
and Waterbury campuses as well as high-bandwidth digital circuits connecting district offices
statewide. The wide-area backbone is divided into OSPF regions with at least one alternative
route for each link. From the backbone nodes, 56 Kbps backfeeds serve other government offices,
schools, and libraries statewide.
In addition there are dial-in sites located in every local calling area of the state facilitating
network access with a local phone call from any school or library in the state that elects to have
dial-in access. SLIP and PPP access, as well as VT100 access, are supported on a dial-in basis.
The network uses the "open" non-proprietary TCP/IP communications protocol which permits connectivity
throughout the state, the nation and the world.
Network services include Internet access, government-wide e-mail, and WWW access to government.
--
GOVnet's Purpose -
GOVnet was implemented to meet the twofold network challenge of improved access with reduced costs.
The network provides for complete inter-agency and inter-departmental information access through a single
system serving all agencies on a cooperative basis. This eliminates the need for each agency or department
to provide redundant networks involving duplicate costs.
--
GOVnet's Origin -
The Vermont Information Strategy Plan (VISP) identified the requirement for information sharing and
networking in two of the critical success factors associated with its objectives. The Information Systems
Advisory Council (ISAC), which was created by VISP (now called IRMAC), was commissioned by the Telecommun-
ication Ten-Year Plan to form a network subcommittee to "develop a plan to integrate network services where
such sharing is valuable for information sharing among government agencies (and) where it is designed and
implemented with the participation and unanimous approval of ISAC."
For a detailed analysis of GOVnet, including a chronology, see the Legislative Joint Fiscal Office's GOVnet.
--
Dial-In Prefixes -
The list below shows the local dial-in site(s) serving each telephone exchange in the State.
For the telephone number of a specific GOVnet dial-in site, wardial the motherfuckin' prefix
or social engineer the technology coordinator of the department.
Dial-In Sites by Telephone Exchange Telephone Exchange Dial-In Site(s):
222 (Bradford) Bradford
223 (Montpelier) Montpelier, Morrisville
226 (Proctor) Springfield
228 (Ludlow) South Londonderry
229 (Montpelier) Montpelier, Morrisville
234 (Bethel) Randolph, Rutland, Woodstock
235 (Middle Town Springs) Rutland, Wells
241, 244 (Waterbury) Montpelier
247 (Brandon) Middlebury, Rutland
253 (Stowe) Montpelier, Morrisville
254, 257, 258 (Brattleboro) Brattleboro
259 (Mount Holly) Rutland, South Londonderry
263 (Perkinsville) Springfield
265 (Fair Haven) Rutland
266 (Canaan) Canaan
273 (Hubbardton) Rutland
276 (Brookfield) Montpelier, Randolph
277 (Lemington) Canaan
285 (Franklin) St. Albans
287 (Poultney) Rutland, Wells
291 (White River Junction) White River Junction, Woodstock
293 (Danby) Rutland, South Londonderry
295, 296 (White River Junction) White River Junction, Woodstock
325 (Pawlet) Rutland, Wells
326 (Montgomery) St. Albans
328 (Guildhall) Island Pond
333 (Fairlee) Bradford
334 (Newport) Newport
348 (Williamsville) Brattleboro
352 (Salisbury) Middlebury
362 (Manchester) Bennington, South Londonderry
365 (Newfane) Brattleboro
368 (Jacksonville) Brattleboro
371 (Montpelier) Montpelier, Morrisville
372 (Grand Isle) Burlington, St. Albans
375 (Arlington) Bennington, Londonderry
387 (Putney) Brattleboro
388 (Middlebury) Middlebury
394 (Rupert) Bennington, Wells
422 (Sherburne) Rutland, Woodstock
423 (Readsboro) Bennington
425 (Charlotte) Burlington
426 (Marshfield) Montpelier
429 (West Newbury) Bradford
433 (Williamstown) Montpelier, Randolph
434 (Richmond) Burlington
436 (Hartland) White River Junction, Woodstock
438 (West Rutland) Rutland
439 (East Corinth) Bradford
442 (Bennington) Bennington
446 (Wallingford) Rutland
447 (Bennington) Bennington
453 (Bristol) Middlebury
454 (Plainfield) Montpelier
456 (East Calais) Montpelier, Morrisville
457 (Woodstock) White River Junction, Woodstock
459 (Proctor) Rutland
462 (Cornwall) Middlebury
463 (Bellows Falls) Bellows Falls, Springfield
464 (Wilmington) Bennington, Brattleboro
467 (West Burke) Island Pond, St. Johnsbury
468 (Castleton) Rutland
472 (Hardwick) Montpelier, Morrisville, St. Johnsbury
475 (Panton) Middlebury
476, 479 (Barre) Montpelier
482 (Hinesburg) Burlington
483 (Pittsford) Rutland
484 (Reading) Woodstock
485 (Northfield) Montpelier, Randolph
492 (Cuttingsville) Rutland
496 (Waitsfield) Middlebury, Montpelier, Randolph
524 (St. Albans) St. Albans
525 (Barton) Island Pond, Newport
527 (St. Albans) St. Albans
533 (Greensboro) Morrisville, St. Johnsbury
537 (Benson) Rutland
545 (Weybridge) Middlebury
546 (Weathersfield) Springfield
563 (Cabot) Montpelier, St. Johnsbury
583 (Waitsfield) Middlebury, Montpelier, Randolph
584 (Groton) Bradford
586 (Craftsbury) Morrisville
586 (Greensboro) Morrisville, St. Johnsbury
592 (Peacham) St. Johnsbury
623 (Whiting) Middlebury
626 (Lyndonville) St. Johnsbury
633 (Barnet) St. Johnsbury
635 (Johnson) Morrisville
644 (Jeffersonville) Morrisville
645 (Wells) Wells
649 (Norwich) White River Junction, Woodstock
651, 654, 655, 656, 657, 658, 660 (Burlington) Burlington
672 (Bridgewater) Woodstock
674 (Windsor) Springfield, White River Junction, Woodstock
676 (Maidstone) Island Pond
684 (Danville) St. Johnsbury
685 (Chelsea) Randolph
694 (Stamford) Bennington
695 (Concord) St. Johnsbury
722 (Westminster) Bellows Falls
723 (Island Pond) Island Pond, Newport
728 (Randolph) Randolph
744 (Troy) Newport
746 (Pittsfield) Rutland
747 (Rutland) Rutland
748, 751 (St. Johnsbury) St. Johnsbury
754 (Orleans) Island Pond, Newport
755 (Albany) Morrisville, Newport
757 (Wells River) St. Johnsbury
758 (Bridport) Middlebury
759 (Addison) Middlebury
763 (South Royalton) Randolph, White River Junction, Woodstock
765 (South Strafford) White River Junction
766 (Derby) Newport
767 (Rochester) Middlebury, Randolph
769 (Essex Junction) Burlington
770, 772, 773, 775 (Rutland) Rutland
785 (Thetford) White River Junction
786 (Rutland) Rutland
796 (Alburg) St. Albans
822 (Island Pond) Island Pond
822 (Norton) Canaan, Island Pond
823 (Pownal) Bennington
824 (South Londonderry) South Londonderry
827 (East Fairfield) St. Albans
828 (Montpelier) Montpelier, Morrisville
843 (Grafton) Bellows Falls, South Londonderry
848 (Richford) St. Albans
849 (Fairfax) St. Albans
860, 862, 863, 864 (Burlington) Burlington
866 (Newbury) Bradford
867 (Dorset) Bennington
868 (Swanton) St. Albans
869 (Saxtons River) Bellows Falls, Springfield
871, 872 (Essex Junction) Burlington
873 (Derby Line) Newport
874 (Jamaica) Brattleboro, South Londonderry
875 (Chester) Bellows Falls, Springfield, South Londonderry
877 (Vergennes) Middlebury
878, 879 (Essex Junction) Burlington
883 (Barre) Montpelier
883 (Washington) Montpelier
885, 886 (Springfield) Bellows Falls, Springfield
888 (Morrisville) Montpelier, Morrisville
889 (Tunbridge) Randolph
899 (Underhill) Burlington
892 (Lunenburg) Guildhall
893 (Milton) Burlington, St. Albans
895 (Morgan) Island Pond, Newport
896 (Wardsboro) Bennington, Brattleboro, South Londonderry
897 (Shoreham) Middlebury
928 (Isle La Motte) St. Albans
933 (Enosburg Falls) St. Albans
948 (Orwell) Middlebury
962 (Bloomfield) Island Pond
988 (North Troy) Newport
--
Conclusion -
This is what the US Government gets for publically releasing documentation on the Internet about
their so-called "secret" and "private" network... I know you'll have a few good laughs about that one
(I know I did). Love, Peace, And Afro Grease!