Building Secure Computers? 628
maotx asks: "Growing into the job of a system administrator, I've been tasked with something I'm not quite prepared for: purchase or build a computer that meets DoD compliance for classified 'Secret' information. Several vendors, including Dell our primary supplier, offers computers that will work, but being new to the criteria I want to make sure the right computer is purchased. The computer will be used to create secure CAD drawings (Solidworks, OrCAD, etc) and must have, from what I can tell, a removable hard drive and security stickers to prevent tampering. What is you're experience in setting up a secure computer and is it better to have a vendor do it, or yourself?"
Secures computers need Windowsz 95 (Score:5, Funny)
Re:Secures computers need Windowsz 95 (Score:5, Funny)
"Ask Slashdot: Building Secures Computers?" posted by Cliff @ 7:32PM.
He'll pass out by 10, I bet.
Re:Secures computers need Windowsz 95 (Score:5, Funny)
Re:Secures computers need Windowsz 95 (Score:5, Funny)
Re:Secures computers need Windowsz 95 (Score:3, Funny)
I could tell you (Score:2, Offtopic)
Don't ask Slashdot (Score:5, Interesting)
Don't ask IANA... (Score:5, Funny)
True. But we ARE good with law, business, and economics.
Re:Don't ask IANA... (Score:3, Funny)
Re:Don't ask Slashdot (Score:5, Insightful)
The only reason I asked Slashdot was for a jump start. My manager says we need to have something, at least a plan, by next week.
Re:Don't ask Slashdot (Score:5, Informative)
My suggestion would be to disable floppy as well as USB, and only allow transmission of information to and from this system via CD. USB is right out...don't let anyone try to convince you otherwise...it's an unacceptable security risk. Also, only allow data to be transferred to and from a protected 'sandbox' area on the system, and make certain that autorun of CD-ROMs is disabled in the registry. One more thing: keep the system in a locked room, and personally supervise, if not actually conduct, all data transfers.
Sure, it sounds paranoid...bit is it paranoid enough?
Re:Don't ask Slashdot (Score:3, Informative)
We weren't going to add a floppy drive not only for security, but because of how outdated and unusued it is here. CDs and printing are going to be to the most common methods of transmitting the data. USB is still thrown up in the air. I'm very uncomfortable with it but our client uses it quite often to transfer data. I'm sure the line on that is somewhere
Re:Don't ask Slashdot (Score:5, Informative)
Issues of bootable CD-ROMS, USB data sticks, and product licensing are trivial housekeeping compared to the work you are going to have to undertake to create and maintain a secure processing facility. By the way, printers have memory and printer ribbons retain images - you have to address those items, too. Certified print required.
If you already have a secure processing facility, you also have a certified site security officer (SSO) who has been trained in the use and requirements of the NISPOM. You should be talking to this person, not us.
Re:Don't ask Slashdot (Score:5, Funny)
Lots of stuff WILL be thrown up in the air if someone connects a USB wireless adapter.
Re:Nonclassified? (Score:4, Informative)
Re:Don't ask Slashdot (Score:3, Informative)
Re:Don't ask Slashdot (Score:5, Interesting)
it wasn't "Windows NT" that got the rating (as much as M$ hyped it, and I don't remeber the exact spec, but the spec gave the EXACT make and model of computer (and hence hardware spec (that didn't include a network card)) as well as the exact patch level of NT and it specified the applications installed.
In short it wasn't generically Windows NT, or even Windows NT4 sp2. it was much better defined than that, but that being said, yes M$ has achieved a security rating, and I'd have to agree (unlike a bunch of the posts on this topic I've seen), the security model has to fit with the company. if they are asking as a DoD contractor, the question is in the wrong place. If the question is from a company that management feels they need to secure their computing enviroment, then it's all good.
Comment removed (Score:5, Interesting)
Re:Don't ask Slashdot (Score:4, Informative)
The link you refer to points to material that is up to two decades old. The assurance levels you refer to (A, B, and C) are from the Orange Book, the seminal work of the Rainbow Series of security development manuals produced for the U.S. DoD.
The Rainbow Series was superceded in 1996 by the Common Criteria, an international agreement about security functional requirements, assurance requirements, and the processes needed to evaluate the security characteristics of IT products. Products that have met the requirements and undergone the process are listed in an Evaluated Products List. Among operating systems that have met the Common Criteria requirements are Mac OS X, Red Hat Enterprise Linux AS/WS 3, Solaris 9, SuSE Linux Enteprise Server V8, and Windows 2000 Server. All of these must be run on specific hardware configurations and with specific software configurations to retain their certified status in an operational environment. A recent project I was working on needed an HTML-based interface - imagine creating that on a Linux box that could not run X or even activate the frame buffer!
Secure systems are not just platforms that resist the latest script kiddie 'sploit. A system includes people, processes, hardware, software, development methodologies, and the operational environment. This is what makes a secure, assured SYSTEM, not just an expensive doorstop.
Links of (possible) interest:
Orange Book
http://csrc.ncsl.nist.gov/secpubs/rainbow/std001.
Rainbow Series
http://csrc.nist.gov/secpubs/rainbow/ [nist.gov]
Common Criteria
http://www.commoncriteriaportal.org/ [commoncriteriaportal.org]
U.S. "Scheme"
http://niap.nist.gov/cc-scheme/ [nist.gov]
Evaluated Products List (EPL)
http://niap.nist.gov/cc-scheme/vpl/vpl_type.html#
Re:Don't ask Slashdot (Score:5, Informative)
And I'd have the CD drive read lines under a hardware lock (like the old machines used) and have it shut off unless required.
---USB is right out...don't let anyone try to convince you otherwise...it's an unacceptable security risk.
Agreed. Have only PS/2 mouse and keyboard available. Also make sure that Firewire, serial, paralell, audio jacks on CD-ROM and sound card, and all peripherial devices are GONE, removed or jacks destroyed by one incapicating method or another. Super-glue in serial ports make an awful mess to "recover".
I, a long time ago, made an attack in which I recorded audio on a cd player through the audio jack. I was able to reconstruct the data from the "static sound". I'd call that an attack as much as hooking up a data casette to a Commie 64.
---Also, only allow data to be transferred to and from a protected 'sandbox' area on the system,
I would call that "Printouts".
---and make certain that autorun of CD-ROMs is disabled in the registry.
You ASSume Windows. Nobody running a secure environment would use windows, unless it's just confidential.
---One more thing: keep the system in a locked room, and personally supervise, if not actually conduct, all data transfers.
Double-lock the room, use mag-locks to determine when door is opened. Record open-close actions.
Have 2 video cams that record on any motion to a remote system (just as secure, as it could record confidential data). Have each room record the others' cameras while NEVER under any circumstances allow anybody from one get into the other room.
Also have a 10 minute delay safe for open events to even get to the hard drive. Set up a hypergolic charge in the safe in case of tampering. Also have safe monitor open-close events.
I also have a few ideas on unbeatable object-detection schemes, but I believe they're actually used in real Secure environments. I will not mention them.
Still, the good ol standard of having 2 "Armed to the teeth" guards at the door always suffice as a first precaution. If you can afford this, you can have double-locking doors that 2 seperate entities must open.
Example: To get in, you flash badge to 2 officers. You enter 1'st set of doors. You then submit to scans/checks of whatever to open 2'nd doors. To get out, you walk out the 2'nd doors, and ONLY 2 guys can open 1'st doors from outside. Very secure.
---Sure, it sounds paranoid...bit is it paranoid enough?
Nope.
Re:Don't ask Slashdot (Score:3, Insightful)
Re:Don't ask Slashdot (Score:3, Informative)
Rubbish. Why wouldn't you use windows in a secure environment? Windows is no less secure than any other item of equipment in those situations. Ok, it may get a viral infection which hoses the system, or it may crash more frequently. Other than that nothing is likely to be a problem.
Re:Don't ask Slashdot, ask an SSO/SSR/IAM/ISSO/IAS (Score:3, Funny)
Does this offer only apply to the original poster? Because I require some military assistance as well. I have two areas of concern:
1. My neighbor keeps walking his dog in front of my house and it shits next to the sidewalk. He's supposed to clean it up, but he never does. I was hoping you could take the dog out for me.
2. Gas will probably reach $3/gallon before too long. I know you military types are experts at liberating people, an
Re:Don't ask Slashdot, ask an SSO/SSR/IAM/ISSO/IAS (Score:5, Insightful)
This guys is a bonehead asking for advice on
And to you. Shame on you for replying on
Re:Don't ask Slashdot, ask an SSO/SSR/IAM/ISSO/IAS (Score:3, Insightful)
ATTN: Mods, this guy is a dimwit please mod down (Score:5, Informative)
In the Art world when a piece of Art has a past where the time record has some glitches in it (Read: unaccountable) it is automatically considered a fraud. When things don't have a timeline, like this guys posting record here and the fact that his myspace profile says he is 19, you gotta know something is up.
Congratulations though
MOD PARENT UP (Score:5, Informative)
thomas's Blurbs
About me:
if u really want to know just ask
Who I'd like to meet:
i would like to meet peopl from hawaii but i like meeting other people too.
thomas's Details
Status: Single
Here for: Dating, Serious Relationships, Friends
Orientation: Straight
Hometown: wipahu
Zodiac Sign: Capricorn
Smoke / Drink: No / Yes
Children: Someday
Education High school
Re:Don't even talk to this guy! (Score:3)
There are verification channels for all this to go through and the volunteer can just point the parent to specific documents relating to what they're doing.
There are ways - there are many ways.
Re:Don't ask Slashdot (Score:5, Informative)
Yes, you can order from Dell, Gateway, HP, etc. The removable hard drive is employed so that when the computer is not in use the hard drive can be locked in a DoD approved container (a pretty heavy duty safe or filing cabinet, normally) that only authorized users can access. If you didn't have a removable hard drive, then the entire room the computer was housed in would need to be classified as a DoD secure space. As it is, while the computer is in use it will need to be out of sight of anyone not cleared to use it. Sometimes something as simple as a curtain is used, while others might keep the computer in a separate room or closet.
The stickers are not for tamper proofing. Rather, they are used to remind you that you are dealing with a classified system and should treat it as such. You can use them across seals, but they aren't required. At the least, they will need to be put on the hard drive, hard drive caddy, computer case, and monitor.
For the drives, it's probably a good idea to disable anything that you won't be using. You can leave floppy drives intact if you want, just be aware that as soon as a non-write-protected floppy goes in the drive, it is required to immediately be labeled as a classified disk and logged. You can take material from unclassified to classified systems, but not vice versa (duh, I know, but it needs to be said). Since this system will be stand-alone, you might consider disabling all the USB ports via the BIOS and just using PS2 for the mouse/keyboard. That will help prevent USB thumb drives from being used. Remember, if the system can write to it, then it has just become classified material. CDs are safe, but floppies, thumb drives, etc. are not unless they are in write-protect mode.
Hope that helps!
I've never had to worry about this... (Score:3, Insightful)
Re:I've never had to worry about this... (Score:3, Insightful)
A few too many 's'-es (Score:5, Funny)
Oh, you meant "building secure computers".
Re:A few too many 's'-es (Score:5, Funny)
Duh
Re:A few too many 's'-es (Score:2, Insightful)
>
> Oh, you meant "building secure computers".
In Soviet Russia, security clearance loses you!
Seriously. To the original poster, you are probably asking the wrong audience, and you are definitely risking your clearance by doing so.
Find the guidelines. Read the guidelines. Learn the guidelines. Think of things you would do in order to circumvent those guidelines.
And then, even if it's possible to do it yourself, do not do
Re:A few too many 's'-es (Score:3, Informative)
Ha. I'm asking here to hear a unique POV. From the trolls to the pros. From the "use SeLinux and not windowz" to "see DoD". I can meet the standards requested without a problem rather through a vendor or self built, I'm just here for perhaps a little more insight or ideas of well tested methods. We can already create a machine that will have a removable hard drive and meet the standards, but I wanted to hear if anyone had any unique way of
Re:A few too many 's'-es (Score:3, Funny)
Secure computer (Score:3, Insightful)
Re:Secure computer (Score:3, Insightful)
It still has to be made of parts, and generally those parts are made by manufacturers...
Re:Secure computer (Score:5, Funny)
!?!
I heard that... (Score:5, Funny)
Re:I heard that... (Score:4, Funny)
Ask Slashdot: Building Secures Computers?
Security
Posted by Cliff on Wednesday August 24, @07:32PM
from the even-keyboard-adccess-won't-make-it-easy dept.
maotx asks: "Growing into the job of a system administrator, I've been tasked with something I'm not quite prepared for: purchase or build a computer that meets DoD compliance for classified 'Secret' information. Several vendors, including Dell our primary supplier, offers computers that will work, but being new to the criteria I want to make sure the right computer is purchased. The computer will be used to create secure CAD drawings (Solidworks, OrCAD, etc) and must have, from what I can tell, a removable hard drive and security stickers to prevent tampering. What is you're experience in setting up a secure computer and is it better to have a vendor do it, or yourself?"
Re:I heard that... (Score:2)
What is you're experience in setting up a secure computer and is it better to have a vendor do it, or yourself?"
You've already violated protocol... (Score:3, Interesting)
Wow...where to begin...
First of all, soliciting advice on the construction of a computer that meets DoD compliance on Slashdot , of all places, is probably not the brightest of ideas...you might want to keep this from your employers if you are interested in keeping your job.
Second, security stickers on their own simply aren't adequate to the task at hand. Remember, you're looking for tamper-proof, not merely tamper-evident...
Re:You've already violated protocol... (Score:2, Insightful)
Re:You've already violated protocol... (Score:2)
I see too many posts on other forums where people have jobs in which they should be qualified enough to either know how to do what they are doing, or know how to find that information without having to ask about it in a public forum.
I'd say it is like someone that claims to be a UNIX developer asking about the basics of how to use 'tar'. It just doesn't look like a swift idea, and the person holding that job shouldn't be asking basic questions that show they don't deserve said jo
Because... (Score:2)
If you have a job in a secure environment and your job is to procure computers, you SHOULD know these... if you don't you need to talk to your security officers... he is violating protocol, and when you are dealing with secret information this is a Very Bad Thing.
-everphilski-
Re:You've already violated protocol... (Score:3, Funny)
The myspace account you link to suggests that you may have just recently graduated from high school.
Re:You've already violated protocol... (Score:2, Informative)
Re:You've already violated protocol... (Score:5, Informative)
I don't see a problem with it. Information on how to classify a computer is not classified.
Second, security stickers on their own simply aren't adequate to the task at hand. Remember, you're looking for tamper-proof, not merely tamper-evident.
The stickers are DoD required to prove that the system has not been tampered with. They are not a means of securing the computer.
stickers don't prevent tampering (Score:2, Insightful)
A building that secures computers, interesting. (Score:5, Funny)
Talk to your FSO (Score:4, Informative)
At I place I used to work, we just bought Dells. (Heck, I think we even leased them!) When they were delivered, we'd put a standard image on them that did things like warn the users before they logged on, and turned on auditing on certain directories.
if you have to ask... (Score:2, Insightful)
If you have to ask the question, i think you already know the answer. I'm sure there are tons of great DIY methods of securing a computer, but if you are new to it (and you are), leave it to someone who has done it before.
It would be great to get some first-hand, practical experience on the matter when you have a proper guinea pig, but a classified DoD computer is not said guinea pig.
Not from dell (Score:2)
My advice- Don't buy from Dell. Not because they don't have good business computers (They frequently treat businesses ok) but because even within the same exact model number, different motherboards/video cards/sound cards are used because of price fluctuations. And we all know Dell buys the cheapest stuff possible. Pull
Re:Not from dell (Score:2)
Re:Not from dell (Score:3, Insightful)
(A few things have been slightly edited to either protect my client's identity and/or get past the
Keep in mind the following takes place over an hour after the initial call was placed and I've already been hung up on twice, once by the automated system and once during a transfer between operator and tech.
The session has been accepted.
NAZIM_KHAN 12:51:24 PM
BYO (Score:2, Insightful)
Stickers prevent tampering? (Score:2)
Surely the Department of Homer Simpson, er, Homeland Security, will now outlaw naptha. Should go well with the duct tape.
(naptha dissolves the adhesive on most stickers, making them easy to remove cleanly)
ouch (Score:2, Informative)
It's not about the hardware (Score:3, Informative)
A sticker and removable hard drive complying with IA is like saying that a power cord is what's needed to make a computer.
At one point we had a meeting and reviewed the full blown DoD requirements for secure computing. Our estimation was that the resulting system would A) be unusable for anything due to the insane lockdown policies, and B) cost around a $million to configure and test to their specs.
It's all about configuration.
Ok, on the non-sensational side... other computers where I work, for dealing with classified data, are to be located in a certified secure room (forget the name of the certifying authority), and yes there is a "class" / "unclass" sticker on the PC, and yes, the hard-drive is removable, and yes must be stored in an approved safe while not being used. And access to the room is by approval only, with both a horribly hard to use combo lock, and a cipher door lock on top of that. Oh yeah, connection to the house-net is verboten. Any-net for that metter.
And my facility is a low-brow Secret only site. Travel to certain DoD contractors with only a Secret clearance and you're treated like a second class citizen.
It's all about configuration. (repeated intentionally)
Be prepared for mind-numbing configuration, test and audit sessions.
I am light on details because I do my best to stay at arms-length from IA at work... it's teh suxor
w
Re:It's not about the hardware (Score:2)
Re:It's not about the hardware (Score:2, Informative)
First, foremost, and always - consult your facilities security officer (FSO), read your SSAA (Site Security A.. A.. ?).
Before you fire anything up or - heaven forefend - put any classified data on.. GET YOUR FSO TO INSPECT AND TEST.
Configuration - ensure that you follow the CERT/NSA (http://www.cert.mil/ [cert.mil]) configuration guidelines (STIGs, http://iase.disa.mil/stigs/index.html [disa.mil]), and employ, to whatever extent possible, the SRR (Security Readiness Review??) scripts.
On a practical level,
Two words (Score:3, Funny)
Duct Tape
add some plastic wrap, and it's Dept. Homeland Security Approved as well.
Well, a couple of general comments... (Score:2)
a) Get ahold of the standards that will actually be applied to test the system and what it actually needs to have/means to be in compliance. Understanding that comes first - make sure you understand it as well as you can (ideally at least as well as the vendor you're buying from.) A.K.A Operation Build BS Detector.
b) Find out your responsibility - can you hand off responsibility for the computer being built to specs to the vendor, or will
Culpability (Score:2)
Three words (Score:2)
Too strong a word. (Score:5, Insightful)
Dan East
Depends on the containment (Score:2)
1. Use the computers in an unsecured (unclassified) area
2. Classify the entire area the computers are in
If #1, you will need to make sure that the area has no uncleared personnel while the classified info is processed and that the drives on the computer are removable and lockable and can be placed into a secure area (like a Mosler safe) for storage when not in use.
If #2, you will secure an area of the building. The advantages
Not rocket science, but pay attention to detail. (Score:5, Informative)
However, it isn't enough to just build a system with the proper hardware and software configuration -- you also have to make sure that the physical environment and users will meet the requirements of the NISPOM. If you don't already have a facility clearance, then you have a significant issue to tackle before you can even build your system. I'm hoping that you are simply building a new computer to add to an existing classified network or house in an existing DoD closed area -- if not, you may find this to be a very daunting task.
I Heard.. (Score:2)
Possible way (Score:2)
Re:Possible way (Score:2)
Security Officer (Score:2)
Get someone else to do it (Score:2)
If your computer skills are anywhere near your writing, you're going to cock up something bigtime, and you DON'T want to be working for the DoD when that happens. I might even be so extreme as to suggest a change in career, for the safety of all involved.
Not nearly enough info (Score:2, Redundant)
Quite.
Security level?
FOUO, Secret, Top Secret, Other
Physical security?
Is the actual room secure, or just the hardware?
What platform?
Win/Lin/Mac/Other?
Fingerprint scanner? SmartCard reader?
Some sort of secure LAN, or standalone workstations?
And this is just scratching the surface. You need to find out these answers, and far more. But don't ask in here.
Call your person who set up the contract, the DoD program manager, and your building security m
National Ind. Security Program Operating Manual (Score:2)
Look Online (Score:2)
Dell, HP, etc (Score:2)
Get the book (Score:2, Informative)
The actual computer system is pretty trivial, the only difference may be, just as you identified, the removable hard drive. Just get any of the IDE or even SATA removable hard drive kits and you are set. This is definitely something you can do yourself.
You see the security is in
Use Super Glue (Score:2)
Low-tech solution to a high-tech problem
Secures computers...yessss Precious, we likes them (Score:2)
Build it Yourself (Score:2)
If this is for a DOD contractor, you have a security liason somewhere within your company who can requistion the requirements if he or she does not already have them.
If this is for a government agency, there is an Office of the Inspector General's office connected with that service / agency which can supply the requirements to you.
I have seen $500,000 non-returnable mistakes made relying on federal suppliers to ensure systems are secure.
M
Drop the Bomb (Score:5, Insightful)
If you think that advice means you'll get fired, resign. Better now, than after they blame you for the inevitable security breaches. That's probably their plan anyway, in whichever management layer thought that military security is just a buzzword to get an underqualified admin to comply with.
Comment removed (Score:5, Funny)
You won't like to hear this... (Score:5, Informative)
DoD classifications are all about policy, paperwork, and regulations. Not fancy computers. Most people, when they hear of DoD classifications and security clearances, are quick to imagine black vans, polygraph tests, and high-tech datacenters protected better than Fort Knox. Honestly, that's all a bunch of nonsense. All of the classified systems that I've used were just ordinary computers from ordinary manufacturers.
In my current workplace, we have a standard Gateway PC with a removable hard disk and a few Panasonic Toughbooks. Nothing special at all. The only visible difference between these and the regular office PCs is that they have red stickers all over them that say "Secret" and the fact that we are not to process Secret data on the unclassified PCs and vice versa. The Gateway machine can only be connected to SIPRNET (google it) and the Toughbooks are never connected to any network. That's it. No crazy combination case locks, no biometric devices, no odd software. They all run Windows for crying out loud.
If it is your job to configure a computer to the equivalent of DoD's Secret classification (I know you don't work for DoD or you'd already have people showing you how), I'd recommend getting whatever kind of computer will fit your needs.
Then start looking at writing mountains of policies. The first thing you have to do is restrict physical access. This can be done by putting the machine in a locked room with no windows. A laptop would be even easier... just get a GSA-approved safe and keep it in there when it's not in use. Obviously, you would never, ever, ever connect it to any network, period. All the data going in and out should be on CDRs or USB keys and should be accountable somehow. Figure out who needs to have access to it and if they can be trusted. Be sure to emphasize that failure to follow proper security procedures is grounds for immediate termination, whether any information was compromised or not. Ensure that whenever the machine is used, there are never less than two people present. Create an emergency checklist of what to do if the building catches fire, for instance.
That's all I can think of off the top of my head, you'll probably be able to envision a lot more with some careful thought. Good luck.
Re:You won't like to hear this... (Score:3, Insightful)
Let a brit teach you yanks how to make a secure WS.
Ok dropping the gump, I work for the British MoD and my job is exactaly yours, apart from I oversee (and do) the making of all WS (Work Stations) within the Defence Procurement Agency of the MoD.
When I started making WS for the DPA they were a little less secure than the ones that Eil is suggesting. However I soon made one improvement, the inroduction of a "Magic Card", a device which returns the HDD (boot sector, fat (and no i dont m
Environment is more important than hardware. (Score:3, Insightful)
None of those systems have removeable drives, though having them is a good idea. It makes securing them easier, something you must do in a government-approved container (i.e., a safe). The space in which the systems are located and used must be secure to the level of classified information (secret, in your case). At our site, this is a window-less room with a large vault-like steel door. The door can be secured with a combination lock and a push-button cypher lock, the latter of whch is in use at all times (the combination lock is secured after hours). All classified material (papers, discs, ect) must be stored when the space is unoccupied.
The system will probably need to meet DOD C2 requirements, which you'll likely read about. Windows NT was close to C2, and I believe Windows 2000 is as well. The system must have positive authentication for users, appropriate warnings that appear on login, an audit trail, and ways of neutraliziing memory and swap space. Windows has a setting that clears the virtual memory/swap file on each reboot.
As for networking, if you want to network internally within your spaces, you can set up a normal LAN, but outside access will require using a secure network like the SIPRNET. You won't have access to the outside world (i.e., the Internet). Most DOD components contract for SIPR connectivity through DISA.
As you already know, labeling the CPU is important. You'll also need to label media, and keeping a log of all storage media in use is a pretty good idea to CYA. In fact, some places require it. You might also want to find out about the need for secondary storage off-site. If this is going to be a requirement, you'll need to find a similarly-classified place that you trust to stow your backup materials.
You will need to follow the DOD rules on destruction of drives and disks no longer in use...you just can't toss old floppies or hard drives onto the 20-year pile in your office. Research the destruction procedures, and learn to store unused material until you can have it destroyed.
You can buy shredders that will eat CDs and diskettes, but they have to be classified for the security level. Don't use the $29 Office Max shredder on sale for this.
The real key is getting users to follow the rules. Users, as you know, are the biggest pain in the ass, and you'll always be on top of them to keep the spaces sanitized. Remind them that once they save any classified material to removable storage, that storage is now classified and cannot be used outside of the environment.
Aren't you glad you have to do this?
What level of security? (Score:3, Informative)
A password protected encrypted partition for sensitive info, like the user's home directory if you can get it working, no swap file/partition, no sort of CD or USB auto-run, password protected BIOS, and a password protected 1 minute screen saver seem like must-haves. SELinux can restrict permissions on a per-program basis if you're using Linux. Stickers like you mentioned that are damaged when removed are a good idea which I never would have thought of. A file integrity checker like samhain may also detect tampering, at a cost of performance if you have it check everything. Unless also encrypted, backups can pose a security risk, so you'll want a mirrored RAID. If you get two drives of the same model, from the same batch, you'll have a better than average chance of both failing the same day, the second while you're rebuilding the first.
Of course, if you've gotten this far, you should also worry about emissions [wikipedia.org]. CRT emissions can be picked up and reconstructed from miles away with the right equipment. There's little use in all this other security when anyone with a disk, $100, and some spare time can just look at your screen. Then, someone could always sneak in and plug a key logger into the back of the system without you noticing, so you'll need to some sort of physical security as well to prevent moving the system or accessing the back of the case, and a lock on the door to the room the system is housed in.
Seriously (Score:4, Informative)
The Zeroth and First Steps... (Score:3, Insightful)
Step 0:
You must get the proper briefings from your site's Information Systems Security Manager.
At a minimum, you will need to get a Software Validation briefing and possibly an ISSO briefing.
If you haven't completed an SV briefing, then you are not authorized to install ANY operating system on classified hardware.
You will need the ISSO briefing if you are responsible for creating user accounts or are responsible for maintaining the audit records for the system.
Step 1:
You must have a System Security Plan (SSP). This document tells you how your system must be configured, both in terms of physical security and system/network security.
Your SSP, and any systems created under it, need an Interim Approval To Operate (IATO) from the Defense Security Service before you can begin processing classified information.
If you have an existing (approved!) SSP, and your ISSM is authorized to self-certify the OS you are using, then things can happen relatively quickly.
If you do NOT have a pre-existing (approved!) SSP for this new system, then you could be looking at months before your new system is cleared for classified processing.
it's not just the hardware (Score:3, Insightful)
The certification process is all about controling access to the data and verifying that access was controled (and knowing who to arrest if it wasn't). People in a well-secured site that may only be accessed by persons with the same or higher clearance as the classification of the data being processed can just about get by with a sticker and be done: the facility is handling all of the physical and electronic access control, the unit will never be allowed to leave its room, and so the work is easy. If you are building this for an office where somebody just needs to "do some classified stuff", you have all that other stuff to handle.
In that situation, for example, you need removable hard drives, which will indeed be removed (all of them) between uses, and stored in a container like a safe that is certified for that kind of storage. You may need to make sure that there is no way to write data to a medium other than the hard disk or approved local printer, so you may need to remove or permanently disable the floppy drive, CD burner, and so on. And the machine cannot be on your LAN while it is being used for classified work. Even so, you'll need to pay attention to the selection of OS, turn on all of the auditing features. There will be a lot of process and procedures, check-lists that will need to be followed for each use.
Where you get your hardware is the least of your worries. Buy whatever you want that meets spec, and then expect to do substantial mods to the h/w, OS, etc. If the vendor is willing to remove stuff and do OS mods for you, less work for you.
Good luck. I've heard of groups taking over a year to get a machine certified for processing on their first time out.
Sample of data (Score:5, Funny)
Just Dont Plug it in. (Score:3, Funny)
Re:You cannot do it most likely (Score:4, Informative)
Our company is rated for 'secret' information. We currently have classified information, it is just paper right now. We have been requested to expand our capabilities so we may develop new products to meet the demands. We have a set of papers that are pretty light on the details of what is required for a computer to be certified for secret information, but it does not go into enough details for us to have an open mind about it. If we want a secure computer, thats easy. Case sealed with stickers, operating system and software installed on removable hard drive, no network card, and a paper trail going all the way down to the details of the last person who sneezed on it.
What I was really trying to ask was, "In your experience, is the extra money going into a vendor worth it or, is it better just to by a chassis and setup a machine yourself?"
Re:You cannot do it most likely (Score:5, Interesting)
Re:You cannot do it most likely (Score:2)
It's not that expensive. You just need to be on a secured base performing a legit job function (ie copier repair) have the Captain who is supposed to escort you off base just wave you on which causes you to see something you aren't supposed to at which point you are interrogated for 48 hours at the end of which you are granted Leve...... NO CARRIER.
Re:Mine (Score:2)
Re:security stickers (Score:2)
Re:Secure PC (Score:2)
Once the inside of the case is locked up in steel, leave one external port. Make it a scsi port and replace the connector with some other connector with a similar amount of pins. Its going to be hard enough to find a good scsi dvd burner but once you do, lock it into an enclosure that
Re:Easy (Score:2)
Thats what I keep reading pretty much. Stickers to show tampering on case and a very detailed audit log seems to be the only other addition to the requirements to have a computer rated for classified information.