Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] DOD fights 'Net

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] DOD fights 'Net
Date: Mon, 24 Jan 2005 03:39:49 -0600 (CST) 
Forwarded from: William Knowles <wk@c4i.org>

http://www.fcw.com/fcw/articles/2005/0117/web-wolf-01-21-05.asp

By Frank Tiboni 
Jan. 21, 2005

The second-highest public official at the Pentagon considers computer
security so important to military operations that he sent a memo last
year to department leaders telling them they must "Fight the Net."

"Protection of DOD computer network systems is a key priority. Leaders
at every echelon must be personally involved in the defense and
protection of our computer networks," said Deputy Defense Department
Secretary Paul Wolfowitz in the memo, "DOD Network Defense."

The Pentagon's top information assurance official said Wolfowitz
issued the memorandum because he wants all department personnel who
use a computer to take a personal responsibility in protecting the
Global Information Grid, the network of DOD business and war-fighting
systems. "Everybody must understand the importance of practicing good
computer security," said Robert Lentz, director of information
assurance in the Office of the Assistant Secretary of Defense for
Networks and Information Integration and Chief Information Officer.

Wolfowitz offered five tips to improve computer security
department-wide:

* Employ information assurance best practices for proper network
  configurations.

* Use accepted password management practices.

* Minimize access privileges through need-to-know criteria.

* Increase awareness of cross-domain file transfer security
  procedures.

* Eliminate unauthorized use of readily exploitable software such as
  peer-to-peer file sharing and remote access applications.

In the two-page memo dated Aug. 15, he acknowledged the hacking of
military systems. "Recent exploits have reduced operational
capabilities on our networks," Wolfowitz said. "Failure to secure our
networks will weaken our war-fighting ability and potentially put
lives at risk."

He cited poor network management and vigilance as the culprit. "While
great strides have been made in a number of areas, we continue to be
negatively impacted when deficiencies in our information systems are
successfully exploited," Wolfowitz said. "In most cases, proper
vulnerability management would have prevented this."

Lentz declined comment on the hackings mentioned in the memo citing
operational concerns. "Take it [the memo] at face value," he said.
 
 

*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] DOD fights 'Net, InfoSec News <=
Previous by Date:  [ISN] Call for Papers - PHRACK #63, InfoSec News
Next by Date:  [ISN] IRS underestimates IT security weaknesses, InfoSec News
Previous by Thread:  [ISN] Call for Papers - PHRACK #63, InfoSec News
Next by Thread:  [ISN] IRS underestimates IT security weaknesses, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]