Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!agate!helios.ee.lbl.gov!nosc!tetra!budden
From: budden@tetra.NOSC.MIL (Rex A. Buddenberg)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Virus - did it infect "secure" machines
Message-ID: <713@tetra.NOSC.MIL>
Date: 16 Nov 88 00:40:56 GMT
References: <881107224915.20c01427@Sds.Sdsc.Edu> <10846@ulysses.homer.nj.att.com>
Reply-To: budden@tetra.nosc.mil.UUCP (Rex A. Buddenberg)
Organization: Naval Ocean Systems Center, San Diego
Lines: 30

Steve,

Your observation that the B1 criteria, by itself, would
not have stopped the worm is probably correct (sounds plausible
to me) as far as you've taken it.  But a real security system
goes farther.

The secure portion of Defense Data Ne is currently segregated from the
rest of the internet, and will remain so indefinitely.  In the near
future, the access control system will use an authentication node
who checks to see who you are upon connection opening; then orders
a key distribution node to issue you and your other party a
unique end-to-end password which evaporates at the conclusion
of your session.  

More important than the technical aspects are the personnel management
ones.  If you have a job that does not require access to a secure
system, then you lack a need to know and hence do not get in.
Regardless of clearance level.  Every time I've had a clearance
issued, recertified, upgraded or terminated, I get some indoctrination
regarding the importance of classified information and system integrity
for the structure that we use to contain it (sometimes I give
the indoctrination).

Link encryption, end-to-end encryption, multi-level secure systems,
necessary segregation and personnel management/training/leadership
are all important parts of a classified system and none can do the
job alone.

Rex Buddenberg