bloomberg on supermicro: sky is falling

Naslund, Steve SNaslund at
Thu Oct 4 21:36:07 UTC 2018

>> Classified networks do not connect to other networks unless they are 
>> equally or higher classified.  No internet connection.
>> Period.

Not quite but there are at least application level gateways.  For example, there are usually gateway that can let unclassified email flow into classified systems.  However there is an application gateway to allow ONLY email protocols and only in the desired direction.

>Well, if your classified network is connecting to a higher classified net, then
>*that* network is connecting to a lower classified net, right?

In a very highly controlled manner.  The lower classified network may only be allowed to send data to the higher classified network.  If the higher level network is multilevel capable it will be allowed to move documents to the lower level network if they are at the right level of classification.  Again this is application layer security and all levels below that would not be trusted between the two networks.  A gateway with a specialized application would have vetted connectivity to both networks.

>That, plus I think the Snowden escapade was ample proof that security rules will get bent when needed to get work done - it turned out that Snowden was able to walk off with terabytes of data because >security restrictions had been disabled because they were putting a crimp in the analysts' style...

That is completely different.  We are talking HUMINT instead of ELINT or SIGINT.  Snowden flat out stole the data as an insider.

Steven Naslund 
Chicago IL

More information about the NANOG mailing list