Building Secure Computers? 628
maotx asks: "Growing into the job of a system administrator, I've been tasked with something I'm not quite prepared for: purchase or build a computer that meets DoD compliance for classified 'Secret' information. Several vendors, including Dell our primary supplier, offers computers that will work, but being new to the criteria I want to make sure the right computer is purchased. The computer will be used to create secure CAD drawings (Solidworks, OrCAD, etc) and must have, from what I can tell, a removable hard drive and security stickers to prevent tampering. What is you're experience in setting up a secure computer and is it better to have a vendor do it, or yourself?"
Talk to your FSO (Score:4, Informative)
At I place I used to work, we just bought Dells. (Heck, I think we even leased them!) When they were delivered, we'd put a standard image on them that did things like warn the users before they logged on, and turned on auditing on certain directories.
ouch (Score:2, Informative)
It's not about the hardware (Score:3, Informative)
A sticker and removable hard drive complying with IA is like saying that a power cord is what's needed to make a computer.
At one point we had a meeting and reviewed the full blown DoD requirements for secure computing. Our estimation was that the resulting system would A) be unusable for anything due to the insane lockdown policies, and B) cost around a $million to configure and test to their specs.
It's all about configuration.
Ok, on the non-sensational side... other computers where I work, for dealing with classified data, are to be located in a certified secure room (forget the name of the certifying authority), and yes there is a "class" / "unclass" sticker on the PC, and yes, the hard-drive is removable, and yes must be stored in an approved safe while not being used. And access to the room is by approval only, with both a horribly hard to use combo lock, and a cipher door lock on top of that. Oh yeah, connection to the house-net is verboten. Any-net for that metter.
And my facility is a low-brow Secret only site. Travel to certain DoD contractors with only a Secret clearance and you're treated like a second class citizen.
It's all about configuration. (repeated intentionally)
Be prepared for mind-numbing configuration, test and audit sessions.
I am light on details because I do my best to stay at arms-length from IA at work... it's teh suxor
w
Re:You've already violated protocol... (Score:2, Informative)
Re:Don't ask Slashdot (Score:5, Informative)
My suggestion would be to disable floppy as well as USB, and only allow transmission of information to and from this system via CD. USB is right out...don't let anyone try to convince you otherwise...it's an unacceptable security risk. Also, only allow data to be transferred to and from a protected 'sandbox' area on the system, and make certain that autorun of CD-ROMs is disabled in the registry. One more thing: keep the system in a locked room, and personally supervise, if not actually conduct, all data transfers.
Sure, it sounds paranoid...bit is it paranoid enough?
Re:You cannot do it most likely (Score:4, Informative)
Our company is rated for 'secret' information. We currently have classified information, it is just paper right now. We have been requested to expand our capabilities so we may develop new products to meet the demands. We have a set of papers that are pretty light on the details of what is required for a computer to be certified for secret information, but it does not go into enough details for us to have an open mind about it. If we want a secure computer, thats easy. Case sealed with stickers, operating system and software installed on removable hard drive, no network card, and a paper trail going all the way down to the details of the last person who sneezed on it.
What I was really trying to ask was, "In your experience, is the extra money going into a vendor worth it or, is it better just to by a chassis and setup a machine yourself?"
Not rocket science, but pay attention to detail. (Score:5, Informative)
However, it isn't enough to just build a system with the proper hardware and software configuration -- you also have to make sure that the physical environment and users will meet the requirements of the NISPOM. If you don't already have a facility clearance, then you have a significant issue to tackle before you can even build your system. I'm hoping that you are simply building a new computer to add to an existing classified network or house in an existing DoD closed area -- if not, you may find this to be a very daunting task.
Re:Don't ask Slashdot (Score:3, Informative)
We weren't going to add a floppy drive not only for security, but because of how outdated and unusued it is here. CDs and printing are going to be to the most common methods of transmitting the data. USB is still thrown up in the air. I'm very uncomfortable with it but our client uses it quite often to transfer data. I'm sure the line on that is somewhere though not in the documentation I've been given.
only allow data to be transferred to and from a protected 'sandbox' area on the system, and make certain that autorun of CD-ROMs is disabled in the registry. One more thing: keep the system in a locked room, and personally supervise, if not actually conduct, all data transfers.
Considering licensing is per computer, not install, each secure project will have its own hard drive with Windows and all other required applications installed with it. No need to worry about unauthorized users having access to any cached data. Also, considering the only information going to be rated classified is what is on the hard drive, we're trying to see if we can use the machine in a nonclassified environment as well and only secure it for classified data when needed. That is a question I'm leaving for DoD though. I seriouslly doubt we'll be able to do it without having it audited and certified each time. However, when being used for classified data it will always be in a locked room designed to hold secret data.
Re:You've already violated protocol... (Score:5, Informative)
I don't see a problem with it. Information on how to classify a computer is not classified.
Second, security stickers on their own simply aren't adequate to the task at hand. Remember, you're looking for tamper-proof, not merely tamper-evident.
The stickers are DoD required to prove that the system has not been tampered with. They are not a means of securing the computer.
Get the book (Score:2, Informative)
The actual computer system is pretty trivial, the only difference may be, just as you identified, the removable hard drive. Just get any of the IDE or even SATA removable hard drive kits and you are set. This is definitely something you can do yourself.
You see the security is in the whole system DoD will be looking for security in layers, many layers. How is the building secured, who has access to the building, the same floor, the floor above & below, the room, etc. What kind of security patrol, alarms, alarms response? What kind of physical security? What kind of walls, ceiling, floor, doors? What kind of electrical service, telecommunication service? The last layer will be the actual computer. What will be attached to the computer, a small LAN, a printer? Don't even think about wireless!
Now, I've said that setting up the computer is trivial, but the administration is NOT. The NISPOM specifies a lot of documentation. Something like writing down the serial number of every component, maybe keeping logs of certain types of activities (loging in, loging out, installing software, updating software, etc.). Checking the logs weekly for suspicious acitivity, etc. If you've heard the old adage that good system administrators write everything down, double it
Re:It's not about the hardware (Score:2, Informative)
First, foremost, and always - consult your facilities security officer (FSO), read your SSAA (Site Security A.. A.. ?).
Before you fire anything up or - heaven forefend - put any classified data on.. GET YOUR FSO TO INSPECT AND TEST.
Configuration - ensure that you follow the CERT/NSA (http://www.cert.mil/ [cert.mil]) configuration guidelines (STIGs, http://iase.disa.mil/stigs/index.html [disa.mil]), and employ, to whatever extent possible, the SRR (Security Readiness Review??) scripts.
On a practical level, build your hardware, build your operating systems, harden everything down, validate with STIGs and SRRs, THEN install your applications, loosening security configs as required (WRITE DOWN YOUR VARIANCES), then go back and plug your variances to the extent you can and still have your apps work. Revalidate your STIGs and SRRs, then document remaining variances, check 'em with your FSO, and put 'em in the SSAA binder. Rinse and repeat until your FSO is happy
The extent to which you'll be able to network things together or have fixed hard drives depends on your facility SSAA - generally if you've got a SCIF environment, you'll be able to have a closed LAN (or maybe a SIPR connection), and be allowed to have fixed drive computers. If you don't actually have a full SCIF, then you'll probably have to have removable drives that can be secured overnight.
THINGS THAT ARE RIGHT OUT:
- wireless anything
- dynamic USB devices (esp. storage), though fixed devices (keybd, mouse, certified CAC reader, &c.) are generally OK (don't worry, your config for hardening should take out all the dynamically loadable drivers...)
- MANY SORTS OF PRINTERS - laser printers generally have too long a memory (on the drum) for the security folks - hard drives are right out (unless removed and secured), etc. CONSULT YOUR FSO
- bootable media - never count on being able to boot your secure WS from fixed media - your hardening config should disable this capability (in BIOS)
umm.... talk to other local admins. a lot.
I'm not a certified security officer, but I play one at DISA
Sir please step away from that computer (Score:1, Informative)
Read chapter 8. It sounds to me like you haven't ever handled classified information before. Karl Rove, is that you?
I don't know of any manufacturer who will mark a computer with classified stickers. Do the computers come from Dell with classified information on the hard drives? HELL NO! Three quarters of the NISPOM requirements are designed to make sure idiots like you don't accidentally plug these machines into the internet. The stickers and banners make it clear anyone that this isn't a machine that is to be taken lightly.
Ohh and another thing, would you trust a "secure" machine that showed up in the mail promised by dell, microsoft and china to be secure???? What about after it made it's way through half a dozen loading docks?
It is your job to make sure the computer meets the NISPOM requirments and that it is tamper resistant and set up with the proper restrictions. Please, please, please ask someone where you work.
Re:Don't ask Slashdot (Score:3, Informative)
Re:Don't ask Slashdot (Score:5, Informative)
And I'd have the CD drive read lines under a hardware lock (like the old machines used) and have it shut off unless required.
---USB is right out...don't let anyone try to convince you otherwise...it's an unacceptable security risk.
Agreed. Have only PS/2 mouse and keyboard available. Also make sure that Firewire, serial, paralell, audio jacks on CD-ROM and sound card, and all peripherial devices are GONE, removed or jacks destroyed by one incapicating method or another. Super-glue in serial ports make an awful mess to "recover".
I, a long time ago, made an attack in which I recorded audio on a cd player through the audio jack. I was able to reconstruct the data from the "static sound". I'd call that an attack as much as hooking up a data casette to a Commie 64.
---Also, only allow data to be transferred to and from a protected 'sandbox' area on the system,
I would call that "Printouts".
---and make certain that autorun of CD-ROMs is disabled in the registry.
You ASSume Windows. Nobody running a secure environment would use windows, unless it's just confidential.
---One more thing: keep the system in a locked room, and personally supervise, if not actually conduct, all data transfers.
Double-lock the room, use mag-locks to determine when door is opened. Record open-close actions.
Have 2 video cams that record on any motion to a remote system (just as secure, as it could record confidential data). Have each room record the others' cameras while NEVER under any circumstances allow anybody from one get into the other room.
Also have a 10 minute delay safe for open events to even get to the hard drive. Set up a hypergolic charge in the safe in case of tampering. Also have safe monitor open-close events.
I also have a few ideas on unbeatable object-detection schemes, but I believe they're actually used in real Secure environments. I will not mention them.
Still, the good ol standard of having 2 "Armed to the teeth" guards at the door always suffice as a first precaution. If you can afford this, you can have double-locking doors that 2 seperate entities must open.
Example: To get in, you flash badge to 2 officers. You enter 1'st set of doors. You then submit to scans/checks of whatever to open 2'nd doors. To get out, you walk out the 2'nd doors, and ONLY 2 guys can open 1'st doors from outside. Very secure.
---Sure, it sounds paranoid...bit is it paranoid enough?
Nope.
Here's some advice... (Score:2, Informative)
The hardware on the computer does have to meet certain requirements but they're not really "set in stone". At my work, we typically use off-the-shelf Dell computers and then do some modifications to support removable hard drives on the systems. Additionally, you'll probably need to lock down all writeable removable media drives (think floppy and zip drive locks) as well as disabling USB and any built-in network interfaces, at least in the BIOS but possibly also with some stickers or physical locking devices. You'll have to work with your DIS person who approves the final system configuration to really hammer out the details and get it set the way he/she wants it to be set.
That being said, the only service I've seen Dell offer is their "Custom Factory Integration" program where they will install the removable hard drive chassis for you. Depending on the number of systems you need to support, it may be cheaper to have them do it at the factory than to do it yourself. One issue I had which caused us to do the removable drive install ourselves was the fact that we have multiple drives per system and needed extra drive trays but couldn't get information from Dell regarding the actual manufacturer of the trays nor pricing on additional units. It was just less hassle for us to purchase the removable kits ourselves.
As far as software, I believe another poster already mentioned some of the basic configuration requirements. Yes, you'll need to make sure you're pretty good on locking down Windows (I'm assuming your running Windows since you mentioned SolidWorks - BTW, SW2006 sucks configuring it to run with a non-admin user account). Auditing on certain directories is most likely going to be a requirement as well as a documented review and archive process for the system event logs. Backups are another process that will need to be done on a regular basis. Be prepared for this to eat into alot of your time since all these tasks pretty much have to be done manually since you can't have network connectivity.
If you've got any more questions, feel free to drop me an e-mail and I'll try to help you work through any issues. And don't mind any of the other sarcastic bastards posting here... I've seen the level of documentation the government gives for setting up secure systems and most of it is pretty f'ing obtuse. Best to get advice from someone who's done it before (and obviously double-check with your FSO and DIS officer).
Best of luck...
Re:You cannot do it most likely (Score:1, Informative)
The requirements for classified storage (electronic or otherwise) are not themselves classified. (Mostly.) And we are not being asked about what it takes to get a security clearance, but the relative costs & benefits of buying a system certified for classified information storage vs. building one yourself.
Yes, it needs to be sealed, and yes you need to be able to remove the hard drive and lock it up assuming the computer will not occupy a suitably secure physical location. That part's easy enough. If you have been presented with a set of TEMPEST requirements that are not satisfied by the building you're in, then it's pretty much a given that you'll have to buy the system complete from a vendor. You don't want to have to certify the thing yourself.
There are also requirements for the network; secure ducting and so forth, and restrictions on outside connectivity. Obviously, none of that applies if this is going to be a standalone system.
Re:Don't ask Slashdot (Score:5, Informative)
Yes, you can order from Dell, Gateway, HP, etc. The removable hard drive is employed so that when the computer is not in use the hard drive can be locked in a DoD approved container (a pretty heavy duty safe or filing cabinet, normally) that only authorized users can access. If you didn't have a removable hard drive, then the entire room the computer was housed in would need to be classified as a DoD secure space. As it is, while the computer is in use it will need to be out of sight of anyone not cleared to use it. Sometimes something as simple as a curtain is used, while others might keep the computer in a separate room or closet.
The stickers are not for tamper proofing. Rather, they are used to remind you that you are dealing with a classified system and should treat it as such. You can use them across seals, but they aren't required. At the least, they will need to be put on the hard drive, hard drive caddy, computer case, and monitor.
For the drives, it's probably a good idea to disable anything that you won't be using. You can leave floppy drives intact if you want, just be aware that as soon as a non-write-protected floppy goes in the drive, it is required to immediately be labeled as a classified disk and logged. You can take material from unclassified to classified systems, but not vice versa (duh, I know, but it needs to be said). Since this system will be stand-alone, you might consider disabling all the USB ports via the BIOS and just using PS2 for the mouse/keyboard. That will help prevent USB thumb drives from being used. Remember, if the system can write to it, then it has just become classified material. CDs are safe, but floppies, thumb drives, etc. are not unless they are in write-protect mode.
Hope that helps!
Re:A few too many 's'-es (Score:3, Informative)
Ha. I'm asking here to hear a unique POV. From the trolls to the pros. From the "use SeLinux and not windowz" to "see DoD". I can meet the standards requested without a problem rather through a vendor or self built, I'm just here for perhaps a little more insight or ideas of well tested methods. We can already create a machine that will have a removable hard drive and meet the standards, but I wanted to hear if anyone had any unique way of installing Windows or any other bit of advice. I don't see how I violated OPSEC as it is just really discussion of public knowledge. You can't tie me to which company I may be working for or if I just threw this question out for the hell of it. Nothing of how or which company this is for or even for what customer. You could get more information from press releases.
Re:Nonclassified? (Score:4, Informative)
Don't even talk to this guy! (Score:2, Informative)
You need to talk to people in your own chain of command, not people you meet from an internet broadcast.
You won't like to hear this... (Score:5, Informative)
DoD classifications are all about policy, paperwork, and regulations. Not fancy computers. Most people, when they hear of DoD classifications and security clearances, are quick to imagine black vans, polygraph tests, and high-tech datacenters protected better than Fort Knox. Honestly, that's all a bunch of nonsense. All of the classified systems that I've used were just ordinary computers from ordinary manufacturers.
In my current workplace, we have a standard Gateway PC with a removable hard disk and a few Panasonic Toughbooks. Nothing special at all. The only visible difference between these and the regular office PCs is that they have red stickers all over them that say "Secret" and the fact that we are not to process Secret data on the unclassified PCs and vice versa. The Gateway machine can only be connected to SIPRNET (google it) and the Toughbooks are never connected to any network. That's it. No crazy combination case locks, no biometric devices, no odd software. They all run Windows for crying out loud.
If it is your job to configure a computer to the equivalent of DoD's Secret classification (I know you don't work for DoD or you'd already have people showing you how), I'd recommend getting whatever kind of computer will fit your needs.
Then start looking at writing mountains of policies. The first thing you have to do is restrict physical access. This can be done by putting the machine in a locked room with no windows. A laptop would be even easier... just get a GSA-approved safe and keep it in there when it's not in use. Obviously, you would never, ever, ever connect it to any network, period. All the data going in and out should be on CDRs or USB keys and should be accountable somehow. Figure out who needs to have access to it and if they can be trusted. Be sure to emphasize that failure to follow proper security procedures is grounds for immediate termination, whether any information was compromised or not. Ensure that whenever the machine is used, there are never less than two people present. Create an emergency checklist of what to do if the building catches fire, for instance.
That's all I can think of off the top of my head, you'll probably be able to envision a lot more with some careful thought. Good luck.
Re:Secures computers need Windowsz 95 (Score:1, Informative)
What level of security? (Score:3, Informative)
A password protected encrypted partition for sensitive info, like the user's home directory if you can get it working, no swap file/partition, no sort of CD or USB auto-run, password protected BIOS, and a password protected 1 minute screen saver seem like must-haves. SELinux can restrict permissions on a per-program basis if you're using Linux. Stickers like you mentioned that are damaged when removed are a good idea which I never would have thought of. A file integrity checker like samhain may also detect tampering, at a cost of performance if you have it check everything. Unless also encrypted, backups can pose a security risk, so you'll want a mirrored RAID. If you get two drives of the same model, from the same batch, you'll have a better than average chance of both failing the same day, the second while you're rebuilding the first.
Of course, if you've gotten this far, you should also worry about emissions [wikipedia.org]. CRT emissions can be picked up and reconstructed from miles away with the right equipment. There's little use in all this other security when anyone with a disk, $100, and some spare time can just look at your screen. Then, someone could always sneak in and plug a key logger into the back of the system without you noticing, so you'll need to some sort of physical security as well to prevent moving the system or accessing the back of the case, and a lock on the door to the room the system is housed in.
Re:Don't ask Slashdot (Score:2, Informative)
As far as the hardware goes just about any commercial hardware is okay. Just no USB memory devices and no wireless. Any methods to remove information from the computer (Floppy, CD-burner, etc) need to be controled so only authorized personnel can use it, other than that hardware shouldn't be an issue. We use factory direct Dells all the time. As far as networks go, you can only connect to a network that is of the exact same classification (i.e. Secret->Secret/SCI is a big no-no!).
Re:Talk to your FSO (Score:2, Informative)
It bears repeating: Don't plan on this happening quickly.
In fact it will take long enough that you should take the time to get a hold of the NISPOM and read and understand it before ordering your system. It is not difficult, just painful.
Re:Don't ask Slashdot (Score:5, Informative)
Issues of bootable CD-ROMS, USB data sticks, and product licensing are trivial housekeeping compared to the work you are going to have to undertake to create and maintain a secure processing facility. By the way, printers have memory and printer ribbons retain images - you have to address those items, too. Certified print required.
If you already have a secure processing facility, you also have a certified site security officer (SSO) who has been trained in the use and requirements of the NISPOM. You should be talking to this person, not us.
ATTN: Mods, this guy is a dimwit please mod down (Score:5, Informative)
In the Art world when a piece of Art has a past where the time record has some glitches in it (Read: unaccountable) it is automatically considered a fraud. When things don't have a timeline, like this guys posting record here and the fact that his myspace profile says he is 19, you gotta know something is up.
Congratulations though
Re:Secures computers need Windowsz 95 (Score:0, Informative)
"What is you're experience"
Shall I say it? ok, here it goes:
your: possesive form, as in 'his computer', 'your car'.
you're: contraction of 'you are'.
I guess the first one should've been used in the story. Too bad they fixed the title but not the rest...
PS: I'm not even a native speaker!
MOD PARENT UP (Score:5, Informative)
thomas's Blurbs
About me:
if u really want to know just ask
Who I'd like to meet:
i would like to meet peopl from hawaii but i like meeting other people too.
thomas's Details
Status: Single
Here for: Dating, Serious Relationships, Friends
Orientation: Straight
Hometown: wipahu
Zodiac Sign: Capricorn
Smoke / Drink: No / Yes
Children: Someday
Education High school
Seriously (Score:4, Informative)
Most importantly... (Score:2, Informative)
Re:Don't ask Slashdot, ask an SSO/SSR/IAM/ISSO/IAS (Score:2, Informative)
Re:You won't like to hear this... (Score:1, Informative)
Panasonic Toughbooks are probably the most used laptops for such purposes. Their laptops are designed for military and police use. Your best bet is to always secure your laptop, use something like PGP to keep your drives encrypted, never connect to any network, modem, usb, or floppy. It should be as simple as disabling those devices in the bios and useing a nice long alpha numberic bios password.
http://www.panasonic.com/business/toughbook/solut
Re:You won't like to hear this... (Score:1, Informative)
It will probably never be hooked up to a network. Ever.
It needs to stay in your SCIF.
It will never have anything that touches it that can interact with a computer leave the SCIF unless it's with a courier to another secure area or to an approved destruction site. This includes keyboards, mice, monitors, CDR's, usb-keys, etc.
That being said, it will need to be accredited first before even being able to use this. If you're building it yourself this will take a heck of a lot longer than you probably want. Thus, you're best bet is to buy an off the shelf, already accredited somewhere else system. Then you will just have to convince the powers that be that whatever deltas from the original accrediation on the system do not impact security.
If you want to try to do it yourself, please take a look are DISA's SRR's and the NSA security handbooks. Those will get the software configuration for you.
Inspecting Authority (Score:1, Informative)
Main things:
If the whole room is not a vault (SCIF), the drive will have to be removable to put it in a safe, unless it is a laptop which will fit.
Every thing containing classified data will have to be marked prominently with the highest classification on that system.
A real Answer (Score:2, Informative)
If you're doing CAD work, get a Dell Precision. If you buy the laptop version just stick the whole thing in a GSA secret approved safe when you're not using it. Otherwise with the desktop you'll need a removable hard drive. All the comments about turning off floppies and USB are stupid. You can have all of that stuff enabled...IF YOU NEED IT. When you fill in your security and IS plans you need to be able to justify what you've done.
As a starting point to securing the OS...wipe the drive, do a clean install NOT using those Dell restore disks (they put on a 32 MB FAT partition at the begining of the HD that is unsecure), format using NTFS, install drivers, apply SP2 plus all patches, install anti-virus, disable the NIC, turn off all unneeded services, install the DoD banner (you're gov't rep should give this to you). Document EVERYTHING. Anytime you even login...keep track of who, when, and that all security precautions were taken. Logging needs to be enabled on the OS.
Also, I hope you have a clearance, otherwise you'r enever going to use this computer again.
Here are some links that will get you started.
Defense Security Service (DSS)
http://www.dss.mil/infoas/index.htm [dss.mil]
National Institute of Standards and Technology
http://csrc.nist.gov/ [nist.gov]
If you need more...email me (god help me for putting this on
rjhedgehog@gmail.com
Good Luck!
Re:Don't ask Slashdot, ask an SSO/SSR/IAM/ISSO/IAS (Score:2, Informative)
Seriously, talk to your DOD security officer (Score:2, Informative)
CDs: Pressed Media is OK, but once it enters a classified computer it becomes classified and can not be used in an unclassified system.
CDs: Burned Media is a NONO. A disk must be upgraded to secure, virus scanned, then moved across into the new system. That disk must be destroyed via (No idea, I take them down to the security office first) and can not be placed in any other computer.
Typically we have our CDs disabled (snipped cable) and the microphone plugs on the sound card plugged with epoxy to prevent some really creative hacking attempts.
It's not hard to be compliant with the rules, I just think unless you have the infrastructure to protect that computer you are asking for trouble. Remember- this is now a SECRET system, and as such you will have many problems with the federal government should you inadvertenly disclose (via theft) said computer.
You'll also need a virus scanner and a firewall on the system, even if it's stand alone. If memory serves.
Most computer manufacturers have contracts in place to sell certified hardware.
Oh yeah- no opensource software if it's not approved by your dod security officer and no foriegn owned, controlled, contributed, or looked at, code can run on it. Your situatuion might be different so TALK TO YOUR DOD SECURITY OFFICER.
I mean, it's only jail time for you if you screw up.
Re:Don't ask Slashdot (Score:3, Informative)
Rubbish. Why wouldn't you use windows in a secure environment? Windows is no less secure than any other item of equipment in those situations. Ok, it may get a viral infection which hoses the system, or it may crash more frequently. Other than that nothing is likely to be a problem.
Have you seriously worked in a secure environment or are you making up a load of crap again? You have a code lock and some sort of ID card swipe, so you can identify who has opened the door. People have to swipe out too.
No, you do not have a remote video system anywhere near a secure computer. How secure is the wiring, how secure is the recording device?
Why? You're hardly going to be asked to open the safe at gunpoint, which is the point of time delayed safe locks.
Why, again? They themselves are more a security threat.
It addresses virtually none of the concerns that need to be addressed when dealing with Secret or Top Secret documentation.
My recomendations are:
1. No other eletrical equipment within a 2 metre radius of the computer, this includes telephones, desk lamps, etc
2. Computer is not in a room with windows
3. Computer is enclosed in a faraday cage.
4. Computer is on a desk with no "modesty panel"
5. Door to room where computer is is code lock and id card protected.
6. An independant log is kept of who uses the computer when.
7. Computer is powered on before use and off after use.
8. Harddrive is removed when not in used and kept in a secure safe with a code lock.
9. All staff who have access to the door to the room it is kept have security clearance. (yes, this includes the cleaners)
10. All staff who have access to the door are well paid.
11. the AC inlet to the computer is shielded from other AC cables and is seperated by at least a metre airspace from other cables.
The weakest link in all security is people - keep strict control on those who have access and when, this includes security staff.
Re:Don't ask Slashdot (Score:4, Informative)
The link you refer to points to material that is up to two decades old. The assurance levels you refer to (A, B, and C) are from the Orange Book, the seminal work of the Rainbow Series of security development manuals produced for the U.S. DoD.
The Rainbow Series was superceded in 1996 by the Common Criteria, an international agreement about security functional requirements, assurance requirements, and the processes needed to evaluate the security characteristics of IT products. Products that have met the requirements and undergone the process are listed in an Evaluated Products List. Among operating systems that have met the Common Criteria requirements are Mac OS X, Red Hat Enterprise Linux AS/WS 3, Solaris 9, SuSE Linux Enteprise Server V8, and Windows 2000 Server. All of these must be run on specific hardware configurations and with specific software configurations to retain their certified status in an operational environment. A recent project I was working on needed an HTML-based interface - imagine creating that on a Linux box that could not run X or even activate the frame buffer!
Secure systems are not just platforms that resist the latest script kiddie 'sploit. A system includes people, processes, hardware, software, development methodologies, and the operational environment. This is what makes a secure, assured SYSTEM, not just an expensive doorstop.
Links of (possible) interest:
Orange Book
http://csrc.ncsl.nist.gov/secpubs/rainbow/std001.
Rainbow Series
http://csrc.nist.gov/secpubs/rainbow/ [nist.gov]
Common Criteria
http://www.commoncriteriaportal.org/ [commoncriteriaportal.org]
U.S. "Scheme"
http://niap.nist.gov/cc-scheme/ [nist.gov]
Evaluated Products List (EPL)
http://niap.nist.gov/cc-scheme/vpl/vpl_type.html#
Re:Don't ask Slashdot (Score:1, Informative)
This is a good rule of thumb, but not absolutely true. You can run under both classified and unclassified mode, but you must have removable drives and a sanitization procedure for going from one level to the other.
Your best friend through out this long, cumbersome task will be your facilities Information Security officer. He/she will (hopefully) be able to guide you through this process, or at the least, should be able to direct you to the military branches appropriate documents (e.g. Army = 25-2) as well as DISA for the parent information.
P.s. whomever gave you the timeline of 1 week for a plan should be informed that it will take on the order of 1+ month(s) if you have not done this before.
You need an SSO!!! (Score:1, Informative)
1. The company is really clueless and has no idea what's involved in doing classified computing.
2. Your company already has an SSO but nobody bothered to tell you about it.
The NISPOM is your Bible here, but you shouldn't be trying to follow it. It's a full-time job. One of the jobs of an SSO is often to oversee management of closed areas, which are, as the parent said, basically human-sized safes, and are the only places that classified computing may occur. If your company isn't set up do classified computing already, and you don't have an SSO, then you've been given a task that you can't possibly perform in two weeks, and probably can't correctly perform at all without a lot of help and support (including your company hiring people who do classified computing professionally, or sending you out for lots and lots of training).
(Posting anonymously on purpose, but not from fear of you guys...other reasons.)
From another DoD SysAdmin (Score:1, Informative)
Pay attention to all the posts that tell you to turn to DoD for these answers, and not Slashdot. Depending on where you fall within DoD or the IC, different policies apply. Your boss' requirement to have the Tech Guy go "figure this out" is the wrong approach- start with your security office, and tell your boss to be prepared to wait many moons.
Don't forget the OS (Score:1, Informative)