Forgot your password?
typodupeerror
Security

Building Secure Computers? 628

Posted by Cliff
from the even-keyboard-adccess-won't-make-it-easy dept.
maotx asks: "Growing into the job of a system administrator, I've been tasked with something I'm not quite prepared for: purchase or build a computer that meets DoD compliance for classified 'Secret' information. Several vendors, including Dell our primary supplier, offers computers that will work, but being new to the criteria I want to make sure the right computer is purchased. The computer will be used to create secure CAD drawings (Solidworks, OrCAD, etc) and must have, from what I can tell, a removable hard drive and security stickers to prevent tampering. What is you're experience in setting up a secure computer and is it better to have a vendor do it, or yourself?"
This discussion has been archived. No new comments can be posted.

Building Secure Computers?

Comments Filter:
  • by Anonymous Coward on Wednesday August 24, 2005 @10:33PM (#13394630)
    So sayeth the editors of Slashdot.
  • by SEWilco (27983)
    Prepare for "I could tell you, but..." comments.
  • Don't ask Slashdot (Score:5, Interesting)

    by kevlar (13509) on Wednesday August 24, 2005 @10:34PM (#13394638)
    Ask the Dept of Defense. Asking Slashdot about DoD guidelines is like asking an elementary school for details about the space shuttle. No offense to /. community.
    • by Anonymous Coward on Wednesday August 24, 2005 @10:38PM (#13394670)
      "Asking Slashdot about DoD guidelines is like asking an elementary school for details about the space shuttle."

      True. But we ARE good with law, business, and economics.
      • You know the line about how if you put a bunch of monkeys in a room with a typewriter long enough they'll produce Shakespere? Except the Shakespere is Mad© Magazine... and the monkeys... Yeah... that's Slashdot.
    • by maotx (765127) <maotx.yahoo@com> on Wednesday August 24, 2005 @10:40PM (#13394687)
      Our facility security officer has a stack of papers that I have been reading over but it is pretty slim in details when it comes to the specifics. Network is a definate no, floppies and CDs are ok, but what about USB harddrives? Etc.

      The only reason I asked Slashdot was for a jump start. My manager says we need to have something, at least a plan, by next week.
      • by TripMaster Monkey (862126) * on Wednesday August 24, 2005 @10:49PM (#13394751)

        My suggestion would be to disable floppy as well as USB, and only allow transmission of information to and from this system via CD. USB is right out...don't let anyone try to convince you otherwise...it's an unacceptable security risk. Also, only allow data to be transferred to and from a protected 'sandbox' area on the system, and make certain that autorun of CD-ROMs is disabled in the registry. One more thing: keep the system in a locked room, and personally supervise, if not actually conduct, all data transfers.

        Sure, it sounds paranoid...bit is it paranoid enough?
        • by maotx (765127)
          My suggestion would be to disable floppy as well as USB, and only allow transmission of information to and from this system via CD. USB is right out

          We weren't going to add a floppy drive not only for security, but because of how outdated and unusued it is here. CDs and printing are going to be to the most common methods of transmitting the data. USB is still thrown up in the air. I'm very uncomfortable with it but our client uses it quite often to transfer data. I'm sure the line on that is somewhere
          • by CyberSp00k (137333) on Thursday August 25, 2005 @12:32AM (#13395314)
            You cannot use the machine in both a classified and a non-classified environment. You will get the machine certified for a specific level of classified processing and lock it into a room that is effectively a people-sized safe. Access to the room will be controlled and only cleared and authorized people will be permitted in. They will log their entrances and exits. Each project hard drive and associated backup media will be stored in a separate, individually lockable and differently keyed drawer of a safe certified for classified processing. Users will log every item in each safe drawer and will log every time they open or close any drawer of the safe. EVERY scrap of out put from the system (optical media, magnetic media, or hardcopy) will have to be logged and controlled at both creation and destruction - destruction requires special handling and facilities.

            Issues of bootable CD-ROMS, USB data sticks, and product licensing are trivial housekeeping compared to the work you are going to have to undertake to create and maintain a secure processing facility. By the way, printers have memory and printer ribbons retain images - you have to address those items, too. Certified print required.

            If you already have a secure processing facility, you also have a certified site security officer (SSO) who has been trained in the use and requirements of the NISPOM. You should be talking to this person, not us.
          • by HD Webdev (247266) on Thursday August 25, 2005 @12:56AM (#13395409) Homepage Journal
            USB is still thrown up in the air. I'm very uncomfortable with it but our client uses it quite often to transfer data.

            Lots of stuff WILL be thrown up in the air if someone connects a USB wireless adapter.
        • by ktulu1115 (567549)
          I agree with your comments but I think it's highly dependant upon how secure the system needs to be. Find it very unlikely it will be running a trusted OS [cmu.edu](classification A, B, or C) since it will be doing CAD work - I'm not familiar with Solidworks or OrCAD but I'm willing to guess they run on Windows... which is far from a trusted OS environment as we all know. However to give MS credit, do recall a professor who was a former NSA employee stating that a version of Windows NT achieved a C2 trusted rating
          • by nzkbuk (773506) on Wednesday August 24, 2005 @11:47PM (#13395100)
            You give that version of windows too much credit.
            it wasn't "Windows NT" that got the rating (as much as M$ hyped it, and I don't remeber the exact spec, but the spec gave the EXACT make and model of computer (and hence hardware spec (that didn't include a network card)) as well as the exact patch level of NT and it specified the applications installed.

            In short it wasn't generically Windows NT, or even Windows NT4 sp2. it was much better defined than that, but that being said, yes M$ has achieved a security rating, and I'd have to agree (unlike a bunch of the posts on this topic I've seen), the security model has to fit with the company. if they are asking as a DoD contractor, the question is in the wrong place. If the question is from a company that management feels they need to secure their computing enviroment, then it's all good.
          • by CyberSp00k (137333) on Thursday August 25, 2005 @09:40AM (#13396840)
            Sigh!

            The link you refer to points to material that is up to two decades old. The assurance levels you refer to (A, B, and C) are from the Orange Book, the seminal work of the Rainbow Series of security development manuals produced for the U.S. DoD.

            The Rainbow Series was superceded in 1996 by the Common Criteria, an international agreement about security functional requirements, assurance requirements, and the processes needed to evaluate the security characteristics of IT products. Products that have met the requirements and undergone the process are listed in an Evaluated Products List. Among operating systems that have met the Common Criteria requirements are Mac OS X, Red Hat Enterprise Linux AS/WS 3, Solaris 9, SuSE Linux Enteprise Server V8, and Windows 2000 Server. All of these must be run on specific hardware configurations and with specific software configurations to retain their certified status in an operational environment. A recent project I was working on needed an HTML-based interface - imagine creating that on a Linux box that could not run X or even activate the frame buffer!

            Secure systems are not just platforms that resist the latest script kiddie 'sploit. A system includes people, processes, hardware, software, development methodologies, and the operational environment. This is what makes a secure, assured SYSTEM, not just an expensive doorstop.

            Links of (possible) interest:

            Orange Book
            http://csrc.ncsl.nist.gov/secpubs/rainbow/std001.t xt [nist.gov]

            Rainbow Series
            http://csrc.nist.gov/secpubs/rainbow/ [nist.gov]

            Common Criteria
            http://www.commoncriteriaportal.org/ [commoncriteriaportal.org]

            U.S. "Scheme"
            http://niap.nist.gov/cc-scheme/ [nist.gov]

            Evaluated Products List (EPL)
            http://niap.nist.gov/cc-scheme/vpl/vpl_type.html#o peratingsystem [nist.gov]
        • by Creepy Crawler (680178) on Wednesday August 24, 2005 @11:27PM (#13394986)
          ---My suggestion would be to disable floppy as well as USB, and only allow transmission of information to and from this system via CD.

          And I'd have the CD drive read lines under a hardware lock (like the old machines used) and have it shut off unless required.

          ---USB is right out...don't let anyone try to convince you otherwise...it's an unacceptable security risk.

          Agreed. Have only PS/2 mouse and keyboard available. Also make sure that Firewire, serial, paralell, audio jacks on CD-ROM and sound card, and all peripherial devices are GONE, removed or jacks destroyed by one incapicating method or another. Super-glue in serial ports make an awful mess to "recover".

          I, a long time ago, made an attack in which I recorded audio on a cd player through the audio jack. I was able to reconstruct the data from the "static sound". I'd call that an attack as much as hooking up a data casette to a Commie 64.

          ---Also, only allow data to be transferred to and from a protected 'sandbox' area on the system,

          I would call that "Printouts".

          ---and make certain that autorun of CD-ROMs is disabled in the registry.

          You ASSume Windows. Nobody running a secure environment would use windows, unless it's just confidential.

          ---One more thing: keep the system in a locked room, and personally supervise, if not actually conduct, all data transfers.

          Double-lock the room, use mag-locks to determine when door is opened. Record open-close actions.

          Have 2 video cams that record on any motion to a remote system (just as secure, as it could record confidential data). Have each room record the others' cameras while NEVER under any circumstances allow anybody from one get into the other room.

          Also have a 10 minute delay safe for open events to even get to the hard drive. Set up a hypergolic charge in the safe in case of tampering. Also have safe monitor open-close events.

          I also have a few ideas on unbeatable object-detection schemes, but I believe they're actually used in real Secure environments. I will not mention them.

          Still, the good ol standard of having 2 "Armed to the teeth" guards at the door always suffice as a first precaution. If you can afford this, you can have double-locking doors that 2 seperate entities must open.

          Example: To get in, you flash badge to 2 officers. You enter 1'st set of doors. You then submit to scans/checks of whatever to open 2'nd doors. To get out, you walk out the 2'nd doors, and ONLY 2 guys can open 1'st doors from outside. Very secure.

          ---Sure, it sounds paranoid...bit is it paranoid enough?

          Nope.
          • There is a simple fix for CDROM&all lock-out: lock the computers away in a secure room and use a KVM extender. With no physical access, there are far fewer things to worry about and makes centralized control of data transfers that much more convenient.
          • by Anonymous Coward

            You ASSume Windows. Nobody running a secure environment would use windows, unless it's just confidential.

            Rubbish. Why wouldn't you use windows in a secure environment? Windows is no less secure than any other item of equipment in those situations. Ok, it may get a viral infection which hoses the system, or it may crash more frequently. Other than that nothing is likely to be a problem.

            ---One more thing: keep the system in a locked room, and personally supervise, if not actually conduct, all data transfe

      • by Anonymous Coward on Wednesday August 24, 2005 @11:41PM (#13395066)
        OK... here's the basics... Excuse the AC post, but the fewer people that know you have a security clearance, the better.

        Yes, you can order from Dell, Gateway, HP, etc. The removable hard drive is employed so that when the computer is not in use the hard drive can be locked in a DoD approved container (a pretty heavy duty safe or filing cabinet, normally) that only authorized users can access. If you didn't have a removable hard drive, then the entire room the computer was housed in would need to be classified as a DoD secure space. As it is, while the computer is in use it will need to be out of sight of anyone not cleared to use it. Sometimes something as simple as a curtain is used, while others might keep the computer in a separate room or closet.

        The stickers are not for tamper proofing. Rather, they are used to remind you that you are dealing with a classified system and should treat it as such. You can use them across seals, but they aren't required. At the least, they will need to be put on the hard drive, hard drive caddy, computer case, and monitor.

        For the drives, it's probably a good idea to disable anything that you won't be using. You can leave floppy drives intact if you want, just be aware that as soon as a non-write-protected floppy goes in the drive, it is required to immediately be labeled as a classified disk and logged. You can take material from unclassified to classified systems, but not vice versa (duh, I know, but it needs to be said). Since this system will be stand-alone, you might consider disabling all the USB ports via the BIOS and just using PS2 for the mouse/keyboard. That will help prevent USB thumb drives from being used. Remember, if the system can write to it, then it has just become classified material. CDs are safe, but floppies, thumb drives, etc. are not unless they are in write-protect mode.

        Hope that helps!
  • by jayhawk88 (160512) <jayhawk88@gmail.com> on Wednesday August 24, 2005 @10:34PM (#13394642)
    What is you're experience in setting up a secure computer and is it better to have a vendor do it, or yourself?

    ....but my gut says "vendor", if for no other reason than a little CYA.
    • CYA is exactly why you'd want a vendor to do the build. They have E&O insurance to cover their asses if they screwed something up -- you just lose your job. Also much less work & worry for you if someone does tamper with the equipment as they will have already designed a methodology to review the break-in/tampering to determine the amount of data lost. If the company doesn't have that, don't use them.
  • by jrockway (229604) <jon-nospam@jrock.us> on Wednesday August 24, 2005 @10:34PM (#13394643) Homepage Journal
    Buildings secure computers? Computers secure building? What?

    Oh, you meant "building secure computers".
    • by Basehart (633304) on Wednesday August 24, 2005 @10:39PM (#13394677)
      I was halfway through building a lego house next to my computer to make it more secure before I realized it was a typo.

      Duh
    • > Buildings secure computers? Computers secure building? What?
      >
      > Oh, you meant "building secure computers".

      In Soviet Russia, security clearance loses you!

      Seriously. To the original poster, you are probably asking the wrong audience, and you are definitely risking your clearance by doing so.

      Find the guidelines. Read the guidelines. Learn the guidelines. Think of things you would do in order to circumvent those guidelines.

      And then, even if it's possible to do it yourself, do not do

      • by maotx (765127)
        Good luck. Because if you're asking here, you'll need it. :)

        Ha. I'm asking here to hear a unique POV. From the trolls to the pros. From the "use SeLinux and not windowz" to "see DoD". I can meet the standards requested without a problem rather through a vendor or self built, I'm just here for perhaps a little more insight or ideas of well tested methods. We can already create a machine that will have a removable hard drive and meet the standards, but I wanted to hear if anyone had any unique way of
    • Sneaky Hobbittesses, afters my preciousss CAD worksstationssss...
  • Secure computer (Score:3, Insightful)

    by AVazquezR (906094) on Wednesday August 24, 2005 @10:35PM (#13394646)
    Build it yourself. I wouldn't rely on any manufacter.
  • by rbarreira (836272) on Wednesday August 24, 2005 @10:35PM (#13394647) Homepage
    I heard that the first step towards building secures computers is to be attentive to small details such as spelling and grammar.
    • by Mazem (789015) on Wednesday August 24, 2005 @11:11PM (#13394899)
      That grammar is so bad it has to be intentional. I just don't get the reference.

      Ask Slashdot: Building Secures Computers?
      Security
      Posted by Cliff on Wednesday August 24, @07:32PM
      from the even-keyboard-adccess-won't-make-it-easy dept.
      maotx asks: "Growing into the job of a system administrator, I've been tasked with something I'm not quite prepared for: purchase or build a computer that meets DoD compliance for classified 'Secret' information. Several vendors, including Dell our primary supplier, offers computers that will work, but being new to the criteria I want to make sure the right computer is purchased. The computer will be used to create secure CAD drawings (Solidworks, OrCAD, etc) and must have, from what I can tell, a removable hard drive and security stickers to prevent tampering. What is you're experience in setting up a secure computer and is it better to have a vendor do it, or yourself?"
  • by TripMaster Monkey (862126) * on Wednesday August 24, 2005 @10:36PM (#13394658)

    Wow...where to begin...

    First of all, soliciting advice on the construction of a computer that meets DoD compliance on Slashdot , of all places, is probably not the brightest of ideas...you might want to keep this from your employers if you are interested in keeping your job.

    Second, security stickers on their own simply aren't adequate to the task at hand. Remember, you're looking for tamper-proof, not merely tamper-evident...
    • any employer which is backward thinking enough to consider asking for advice from the wider community a bad thing, well i sure wouldn't care to work for them. next thing you will be suggesting posting to a mailing list should get you fired.
      • I wouldn't say it that way.

        I see too many posts on other forums where people have jobs in which they should be qualified enough to either know how to do what they are doing, or know how to find that information without having to ask about it in a public forum.

        I'd say it is like someone that claims to be a UNIX developer asking about the basics of how to use 'tar'. It just doesn't look like a swift idea, and the person holding that job shouldn't be asking basic questions that show they don't deserve said jo
      • Because there are very specific and well-documented protocols for procuring and securing a computer to deal with "secret" level material. Consulting with Slashdot is not one of those methods.

        If you have a job in a secure environment and your job is to procure computers, you SHOULD know these... if you don't you need to talk to your security officers... he is violating protocol, and when you are dealing with secret information this is a Very Bad Thing.

        -everphilski-
    • by Anonymous Coward
      Actually, most DoD requirements are for tamper-evident rather than tamper-proof. DoD physical security requirements have no illusion that tamper-proof is even possible, but tamper-evident is well within reach.
    • by maotx (765127) <maotx.yahoo@com> on Wednesday August 24, 2005 @11:11PM (#13394900)
      First of all, soliciting advice on the construction of a computer that meets DoD compliance on Slashdot , of all places, is probably not the brightest of ideas...you might want to keep this from your employers if you are interested in keeping your job.

      I don't see a problem with it. Information on how to classify a computer is not classified.

      Second, security stickers on their own simply aren't adequate to the task at hand. Remember, you're looking for tamper-proof, not merely tamper-evident.

      The stickers are DoD required to prove that the system has not been tampered with. They are not a means of securing the computer.
  • "Security stickers" don't prevent tampering, they only indicate possible tampering.
  • How does this building secure the computers? Does it use laser cutty things like on Resident Evil?
  • Talk to your FSO (Score:4, Informative)

    by ostrich2 (128240) on Wednesday August 24, 2005 @10:39PM (#13394686)
    If you have to set up a secured computer and your Facility Security Officer can't direct you how (roughly), then there's no way you'll get classified information on the system. It's not like you can set up a computer and all of a sudden the government will trust you to put secure information on it. You need to have a written, approved procedure for doing so. Your DIS rep has to authorize you to put stuff on the system.

    At I place I used to work, we just bought Dells. (Heck, I think we even leased them!) When they were delivered, we'd put a standard image on them that did things like warn the users before they logged on, and turned on auditing on certain directories.
  • by xenomouse (904937)
    ...I've been tasked with something I'm not quite prepared for...

    ...is it better to have a vendor do it, or yourself?

    If you have to ask the question, i think you already know the answer. I'm sure there are tons of great DIY methods of securing a computer, but if you are new to it (and you are), leave it to someone who has done it before.

    It would be great to get some first-hand, practical experience on the matter when you have a proper guinea pig, but a classified DoD computer is not said guinea pig.
  • The computer will be used to create secure CAD drawings (Solidworks, OrCAD, etc) and must have, from what I can tell, a removable hard drive and security stickers to prevent tampering.

    My advice- Don't buy from Dell. Not because they don't have good business computers (They frequently treat businesses ok) but because even within the same exact model number, different motherboards/video cards/sound cards are used because of price fluctuations. And we all know Dell buys the cheapest stuff possible. Pull

    • I doubt that putting the hard drive in another computer is an issue. The reason the hard drive has to be removable is so that it can be taken out and put in a safe overnight.
  • BYO (Score:2, Insightful)

    by unixbugs (654234)
    Easy as that. If you don't know enough to lock down a computer from the ground up having a vendor supply the service is not going to do you any good because you won't know how it works and you will be at the mercy of Tech Support during a crisis. We have spent years building our own linux distro with what most might consider an over-kill in RBAC and other model implementation. When the latest greatest exploits/bugs/worms hit the scene we go right in and rip up the source and its fixed on the spot that morni
  • Surely the Department of Homer Simpson, er, Homeland Security, will now outlaw naptha. Should go well with the duct tape.

    (naptha dissolves the adhesive on most stickers, making them easy to remove cleanly)

  • ouch (Score:2, Informative)

    by lmeyerov (878511)
    There are various levels of Gov. approved hardware/software security. The specifications are public.. but it'd be a waste of your time to figure out how to comply on your own. Furthermore, for most interesting levels, you need to go through a few cycles with outside verification. I think you should start making phone calls.
  • by Anonymous Coward on Wednesday August 24, 2005 @10:45PM (#13394724)
    I'm involved in IA (Information Assurance) on VA Class subs... for Voyage Management and Radar.

    A sticker and removable hard drive complying with IA is like saying that a power cord is what's needed to make a computer.

    At one point we had a meeting and reviewed the full blown DoD requirements for secure computing. Our estimation was that the resulting system would A) be unusable for anything due to the insane lockdown policies, and B) cost around a $million to configure and test to their specs.

    It's all about configuration.

    Ok, on the non-sensational side... other computers where I work, for dealing with classified data, are to be located in a certified secure room (forget the name of the certifying authority), and yes there is a "class" / "unclass" sticker on the PC, and yes, the hard-drive is removable, and yes must be stored in an approved safe while not being used. And access to the room is by approval only, with both a horribly hard to use combo lock, and a cipher door lock on top of that. Oh yeah, connection to the house-net is verboten. Any-net for that metter.

    And my facility is a low-brow Secret only site. Travel to certain DoD contractors with only a Secret clearance and you're treated like a second class citizen.

    It's all about configuration. (repeated intentionally)

    Be prepared for mind-numbing configuration, test and audit sessions.

    I am light on details because I do my best to stay at arms-length from IA at work... it's teh suxor

    w
    • if the system is sec/unclass, then yes, network is forbidden. If it is sec only, it can be connected to a sec high network. Not going to get into those details though.
    • Generally good advice.

      First, foremost, and always - consult your facilities security officer (FSO), read your SSAA (Site Security A.. A.. ?).

      Before you fire anything up or - heaven forefend - put any classified data on.. GET YOUR FSO TO INSPECT AND TEST.

      Configuration - ensure that you follow the CERT/NSA (http://www.cert.mil/ [cert.mil]) configuration guidelines (STIGs, http://iase.disa.mil/stigs/index.html [disa.mil]), and employ, to whatever extent possible, the SRR (Security Readiness Review??) scripts.

      On a practical level,
  • Two words (Score:3, Funny)

    by digitalgimpus (468277) on Wednesday August 24, 2005 @10:48PM (#13394740) Homepage
    Two words:

    Duct Tape

    add some plastic wrap, and it's Dept. Homeland Security Approved as well. /sad, but true.
  • I'm not a sysadmin, but there are certain universal constants...

    a) Get ahold of the standards that will actually be applied to test the system and what it actually needs to have/means to be in compliance. Understanding that comes first - make sure you understand it as well as you can (ideally at least as well as the vendor you're buying from.) A.K.A Operation Build BS Detector. ;-)

    b) Find out your responsibility - can you hand off responsibility for the computer being built to specs to the vendor, or will
  • If you build a computer that is compliant, then found out that it is not, and the shit hits the fan, you could be in big trouble. If HP or IBM builds that computer, and it is found out it is not compliant, but they state it is, and sell it as one, the shit hits the fan, and you are in trouble, but not the "get fired, and never work for the government again" kind like the building your own might do.
  • Anonymous FTP access. Saves the hacker a lot of time and trouble, ya know?
  • Too strong a word. (Score:5, Insightful)

    by Dan East (318230) on Wednesday August 24, 2005 @10:55PM (#13394797) Homepage Journal
    Editor is too strong a word for what is done by Slashdot staff. Person who clicks button to approve story is far more accurate, although lacking a certain panache.

    Dan East
  • There are two ways of securing the computers, but first you need to make a choice:

    1. Use the computers in an unsecured (unclassified) area
    2. Classify the entire area the computers are in

    If #1, you will need to make sure that the area has no uncleared personnel while the classified info is processed and that the drives on the computer are removable and lockable and can be placed into a secure area (like a Mosler safe) for storage when not in use.

    If #2, you will secure an area of the building. The advantages
  • by jinx90277 (517785) on Wednesday August 24, 2005 @10:58PM (#13394811)
    Most of what you need to know is contained on the Defense Security Services (DSS) Information Assurance website: http://www.dss.mil/infoas/ [dss.mil] The guiding document for DoD contractors is the National Industrial Security Program Operating Manual (NISPOM). Classified systems have to go through a formal certification and accreditation process before they will be approved for classified processing. Since your ultimate goal is to satisfy the accreditor, you should contact him/her as soon as possible to have them explain what will be required and to hear their particular areas of concern so that you can address them early in your design. Security paperwork requires considerable time to fill out, and mistake can result in long delays in accreditation, or even the rejection of your system.

    However, it isn't enough to just build a system with the proper hardware and software configuration -- you also have to make sure that the physical environment and users will meet the requirements of the NISPOM. If you don't already have a facility clearance, then you have a significant issue to tackle before you can even build your system. I'm hoping that you are simply building a new computer to add to an existing classified network or house in an existing DoD closed area -- if not, you may find this to be a very daunting task.
  • I heard the Chinese will sell you a real nice 100% DoD compliant computer for really cheap. The only caveat is that you have to use their ISP for network connections.
  • You could use a RAID 0 for the drives to make it less likely to steal the drives out of it. That you couldn't just walk out with just one drive and have all the info. Especially if you are working with large files and the system writes to both to keep speed hight. That someone would have to take all the drives to have all the info. This could last line of defense for what the person has to get out of the building with. And if they try for one drive one day, another the next, the PC will crap out on the
    • That is not secure, there are tomes of regulations determining data security, including secure erasure levels and this won't cut it without some kind of integrated hardware encryption in the raid controller (these things are fucking expensive, and sold for a reason). Generally it's just easier to have a single small harddrive and good written procedures. Also, anti-tamper (tamper evident minimum) seals on the case to ensure it hasn't been comprimised internally, etc.
  • Your company should have a security officer who knows the current regulations and requirements, and can provide you with reliable information and training in how to handle classified information.
  • If you can't get your / you're right, how do you hope to get top class security right?

    If your computer skills are anywhere near your writing, you're going to cock up something bigtime, and you DON'T want to be working for the DoD when that happens. I might even be so extreme as to suggest a change in career, for the safety of all involved.

  • I've been tasked with something I'm not quite prepared for:

    Quite.

    Security level?
    FOUO, Secret, Top Secret, Other

    Physical security?
    Is the actual room secure, or just the hardware?

    What platform?
    Win/Lin/Mac/Other?

    Fingerprint scanner? SmartCard reader?

    Some sort of secure LAN, or standalone workstations?

    And this is just scratching the surface. You need to find out these answers, and far more. But don't ask in here.

    Call your person who set up the contract, the DoD program manager, and your building security m

  • See the National Industrial Security Program Operating Manual [fas.org] for basic information, and then talk to your company's security officer.
  • A lot of the guidelines are already published. You can find recommendations to software that can be installed to government encryption algorithms. Try this: http://iase.disa.mil/policy.html [disa.mil] and http://www.nist.gov/ [nist.gov]
  • First, I'm not sure you understand all that's entailed in building a terminal for handling secure information. There are basic docs you can pick up at the .mil sites that should give you and idea where to start, and after that I'd go with a Dell/HP because they have experience doing these builds and can give you a box to start with, but there are mandated OS configurations, permissions, auditing that fill filling cabinets. Also there are restrictions on access and other things that will have to be managed (
  • Get the book (Score:2, Informative)

    The general specifications for DoD computer systems are freely available to all. NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL OPERATING MANUAL [dss.mil]. Specifically, see chapter CHAPTER 8. AUTOMATED INFORMATION SYSTEM SECURITY.

    The actual computer system is pretty trivial, the only difference may be, just as you identified, the removable hard drive. Just get any of the IDE or even SATA removable hard drive kits and you are set. This is definitely something you can do yourself.

    You see the security is in
  • I was once trying to setup a Windows workstation that was reasonably secure. One of the requirements was to prevent removeable media, such as USB Thumb drives, from being used to covertly steal proprietary data. Its been awhile, but disabling this functionality in Windows 2000 was not trivial. After messing with drivers for awhile, a co-worker showed up with super glue! We simply glued the USB ports!

    Low-tech solution to a high-tech problem :-)

  • Yesss....the more secures they are, the betters...

  • Build it yourself.

    If this is for a DOD contractor, you have a security liason somewhere within your company who can requistion the requirements if he or she does not already have them.

    If this is for a government agency, there is an Office of the Inspector General's office connected with that service / agency which can supply the requirements to you.

    I have seen $500,000 non-returnable mistakes made relying on federal suppliers to ensure systems are secure.

    M

  • Drop the Bomb (Score:5, Insightful)

    by Doc Ruby (173196) on Wednesday August 24, 2005 @11:35PM (#13395037) Homepage Journal
    First, get your boss to sign a memo acknowledging that you're not qualified to certify computer systems as "DoD secure". Then, hire a security consultant from an insured firm which does sign a contract saying they are so qualified. Then do your best. Also, don't rely on Slashdotters' advice on how to tell if a system is "DoD secure". We're a bunch of kibbitzers on a huge website full of jokers, posers and saboteurs - indistinguishable from those with a clue.

    If you think that advice means you'll get fired, resign. Better now, than after they blame you for the inevitable security breaches. That's probably their plan anyway, in whichever management layer thought that military security is just a buzzword to get an underqualified admin to comply with.
  • by toadlife (301863) on Wednesday August 24, 2005 @11:47PM (#13395099) Journal
    First of all you'll need a server equipped with tiny C4 charges embedded in each of the hard drives. This is a handy way of deleting data on your hard drives very quickly. I hear HP can furnish these.

    Second, you will need to hire a troupe of security guards to watch over the computer. Equip them with an M16's, and have them work in shifts, escorting users to and from the computers. If you can't afford a humans, several dozen trained monkeys will do the job. Just make sure and keep at least three extra monkeys on hand so you can replace the dead ones. You'll need at least two monkey handlers if you go the monkey route - one to watch over the monkeys and one to fill in when the first one gets shot.

    For a bit of extra security, you can purchase an used electric chair from one of the states that have switched to lethal injection and use it as the chair for the workstation. One armed guard can stand holding the red button, ready to fry to operator in case (s)he mishandles any data, or looks at the guards funny, while another guard stands ready to kill the other in case they refuse to press the red button.

    If you can't afford or find an electric chair on the retail market, submit an "ask slashdot" article and I'm sure you'll get plenty of tips on how to build one yourself.

    Or if you want to save money you could just install the super secure Gentoo Linux operating system and set it to update itself via emerge automatically every hour.

    It's your choice.
  • by Eil (82413) on Thursday August 25, 2005 @12:07AM (#13395205) Homepage Journal
    As a US Air Force member who handles information and uses computers classified as Secret, I can tell you that there's no physical difference between a Secret machine and an ordinary one. If vendors are telling you that they can build a DoD Secret classified computer, then they are simply blowing smoke up your ass.

    DoD classifications are all about policy, paperwork, and regulations. Not fancy computers. Most people, when they hear of DoD classifications and security clearances, are quick to imagine black vans, polygraph tests, and high-tech datacenters protected better than Fort Knox. Honestly, that's all a bunch of nonsense. All of the classified systems that I've used were just ordinary computers from ordinary manufacturers.

    In my current workplace, we have a standard Gateway PC with a removable hard disk and a few Panasonic Toughbooks. Nothing special at all. The only visible difference between these and the regular office PCs is that they have red stickers all over them that say "Secret" and the fact that we are not to process Secret data on the unclassified PCs and vice versa. The Gateway machine can only be connected to SIPRNET (google it) and the Toughbooks are never connected to any network. That's it. No crazy combination case locks, no biometric devices, no odd software. They all run Windows for crying out loud.

    If it is your job to configure a computer to the equivalent of DoD's Secret classification (I know you don't work for DoD or you'd already have people showing you how), I'd recommend getting whatever kind of computer will fit your needs.

    Then start looking at writing mountains of policies. The first thing you have to do is restrict physical access. This can be done by putting the machine in a locked room with no windows. A laptop would be even easier... just get a GSA-approved safe and keep it in there when it's not in use. Obviously, you would never, ever, ever connect it to any network, period. All the data going in and out should be on CDRs or USB keys and should be accountable somehow. Figure out who needs to have access to it and if they can be trusted. Be sure to emphasize that failure to follow proper security procedures is grounds for immediate termination, whether any information was compromised or not. Ensure that whenever the machine is used, there are never less than two people present. Create an emergency checklist of what to do if the building catches fire, for instance.

    That's all I can think of off the top of my head, you'll probably be able to envision a lot more with some careful thought. Good luck.
    • Yes but there is more.

      Let a brit teach you yanks how to make a secure WS.
      Ok dropping the gump, I work for the British MoD and my job is exactaly yours, apart from I oversee (and do) the making of all WS (Work Stations) within the Defence Procurement Agency of the MoD.

      When I started making WS for the DPA they were a little less secure than the ones that Eil is suggesting. However I soon made one improvement, the inroduction of a "Magic Card", a device which returns the HDD (boot sector, fat (and no i dont m
  • by joedoc (441972) on Thursday August 25, 2005 @12:10AM (#13395223) Homepage
    You will probably find, after digging through reams of directives, instructions and memos, that there are about a million ways to do this. I work in a military command and hold a top secret (SCI) clearance. At our site, all our classified work is done on ordinary workstations and laptops. Most of the systems are Dells purchaed off the shelf, and I've built at least one clone.

    None of those systems have removeable drives, though having them is a good idea. It makes securing them easier, something you must do in a government-approved container (i.e., a safe). The space in which the systems are located and used must be secure to the level of classified information (secret, in your case). At our site, this is a window-less room with a large vault-like steel door. The door can be secured with a combination lock and a push-button cypher lock, the latter of whch is in use at all times (the combination lock is secured after hours). All classified material (papers, discs, ect) must be stored when the space is unoccupied.

    The system will probably need to meet DOD C2 requirements, which you'll likely read about. Windows NT was close to C2, and I believe Windows 2000 is as well. The system must have positive authentication for users, appropriate warnings that appear on login, an audit trail, and ways of neutraliziing memory and swap space. Windows has a setting that clears the virtual memory/swap file on each reboot.

    As for networking, if you want to network internally within your spaces, you can set up a normal LAN, but outside access will require using a secure network like the SIPRNET. You won't have access to the outside world (i.e., the Internet). Most DOD components contract for SIPR connectivity through DISA.

    As you already know, labeling the CPU is important. You'll also need to label media, and keeping a log of all storage media in use is a pretty good idea to CYA. In fact, some places require it. You might also want to find out about the need for secondary storage off-site. If this is going to be a requirement, you'll need to find a similarly-classified place that you trust to stow your backup materials.

    You will need to follow the DOD rules on destruction of drives and disks no longer in use...you just can't toss old floppies or hard drives onto the 20-year pile in your office. Research the destruction procedures, and learn to store unused material until you can have it destroyed.

    You can buy shredders that will eat CDs and diskettes, but they have to be classified for the security level. Don't use the $29 Office Max shredder on sale for this.

    The real key is getting users to follow the rules. Users, as you know, are the biggest pain in the ass, and you'll always be on top of them to keep the spaces sanitized. Remind them that once they save any classified material to removable storage, that storage is now classified and cannot be used outside of the environment.

    Aren't you glad you have to do this?
  • by dtfinch (661405) * on Thursday August 25, 2005 @12:16AM (#13395240) Journal
    I'm unfamiliar with the DoD's standards, but I expect there are levels, like the NSA's Common Criteria EAL 1-7 security certifications. From here on I'll be rambling about things I have little or no experience with.

    A password protected encrypted partition for sensitive info, like the user's home directory if you can get it working, no swap file/partition, no sort of CD or USB auto-run, password protected BIOS, and a password protected 1 minute screen saver seem like must-haves. SELinux can restrict permissions on a per-program basis if you're using Linux. Stickers like you mentioned that are damaged when removed are a good idea which I never would have thought of. A file integrity checker like samhain may also detect tampering, at a cost of performance if you have it check everything. Unless also encrypted, backups can pose a security risk, so you'll want a mirrored RAID. If you get two drives of the same model, from the same batch, you'll have a better than average chance of both failing the same day, the second while you're rebuilding the first.

    Of course, if you've gotten this far, you should also worry about emissions [wikipedia.org]. CRT emissions can be picked up and reconstructed from miles away with the right equipment. There's little use in all this other security when anyone with a disk, $100, and some spare time can just look at your screen. Then, someone could always sneak in and plug a key logger into the back of the system without you noticing, so you'll need to some sort of physical security as well to prevent moving the system or accessing the back of the case, and a lock on the door to the room the system is housed in.
  • Seriously (Score:4, Informative)

    by TheCabal (215908) on Thursday August 25, 2005 @01:16AM (#13395468) Journal
    If you're working for the DoD, you'll need a system that has been certified to handle classified material. The certification process means that it has undergone DITSCAP and meets certain criteria such as EMSEC. You really don't want to be homebrewing a machine that is going to be processing classified material, especially if it's not certified.
  • by harmless_mammal (543804) <jrzagarNO@SPAMyahoo.com> on Thursday August 25, 2005 @02:20AM (#13395648)
    As a practicing Information System Security Officer myself, there's two things you need to complete before you install anything:

    Step 0:

    You must get the proper briefings from your site's Information Systems Security Manager.

    At a minimum, you will need to get a Software Validation briefing and possibly an ISSO briefing.

    If you haven't completed an SV briefing, then you are not authorized to install ANY operating system on classified hardware.

    You will need the ISSO briefing if you are responsible for creating user accounts or are responsible for maintaining the audit records for the system.

    Step 1:

    You must have a System Security Plan (SSP). This document tells you how your system must be configured, both in terms of physical security and system/network security.

    Your SSP, and any systems created under it, need an Interim Approval To Operate (IATO) from the Defense Security Service before you can begin processing classified information.

    If you have an existing (approved!) SSP, and your ISSM is authorized to self-certify the OS you are using, then things can happen relatively quickly.

    If you do NOT have a pre-existing (approved!) SSP for this new system, then you could be looking at months before your new system is cleared for classified processing.

  • by RaymondRuptime (596393) <raymondNO@SPAMruptime.com> on Thursday August 25, 2005 @02:34AM (#13395685) Homepage
    What you failed to mention in your plea for help is what the location of the system will be, and to what it will be connected. Other posters with similar experience to mine have said that they didn't use anything special... but that they were on a military base, etc.

    The certification process is all about controling access to the data and verifying that access was controled (and knowing who to arrest if it wasn't). People in a well-secured site that may only be accessed by persons with the same or higher clearance as the classification of the data being processed can just about get by with a sticker and be done: the facility is handling all of the physical and electronic access control, the unit will never be allowed to leave its room, and so the work is easy. If you are building this for an office where somebody just needs to "do some classified stuff", you have all that other stuff to handle.

    In that situation, for example, you need removable hard drives, which will indeed be removed (all of them) between uses, and stored in a container like a safe that is certified for that kind of storage. You may need to make sure that there is no way to write data to a medium other than the hard disk or approved local printer, so you may need to remove or permanently disable the floppy drive, CD burner, and so on. And the machine cannot be on your LAN while it is being used for classified work. Even so, you'll need to pay attention to the selection of OS, turn on all of the auditing features. There will be a lot of process and procedures, check-lists that will need to be followed for each use.

    Where you get your hardware is the least of your worries. Buy whatever you want that meets spec, and then expect to do substantial mods to the h/w, OS, etc. If the vendor is willing to remove stuff and do OS mods for you, less work for you.

    Good luck. I've heard of groups taking over a year to get a machine certified for processing on their first time out.
  • by Alain Williams (2972) <addw@phcomp.co.uk> on Thursday August 25, 2005 @03:07AM (#13395763) Homepage
    Please send me a sample of the data that you are trying to keep secret - this will enable me to best work out how to keep it secure ....
  • by StillNeedMoreCoffee (123989) on Thursday August 25, 2005 @12:11PM (#13398190)
    Done, secure computer. Well of course you need to not plug it in inside a bank vault as well. Then its secure, well unless the earth parts so don't use a Bank in California. Then there is the sun expansion that will cover the earth, so you can only set up a secure computer aggrement/expectation for a few hundred million years. By then there may be more portable solutions.

Swap read error. You lose your mind.

Working...