.

Pentagon unblocks social networking sites

<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Tue Mar 02, 2010 4:24 pm

Pentagon unblocks social networking sites

http://www.informationweek.com/news/gov ... d_IWK_News

http://www.msnbc.msn.com/id/35611063/ns ... -security/

The new directive means that YouTube, MySpace and more than a dozen sites blocked by the Pentagon in May 2007 will be unblocked, he said. The Pentagon said at the time that the use of video sites in particular was straining its network and using too much of its bandwidth. But Wennergren said Friday that the move failed to stem the use of bandwidth because people just went to alternate sites.


I saw this in the SANS news bites feed some days after the news was released and I'm surprised nobody has commented on it. 

Being a DoD employee I got the word a little preemptively in the form of a message saying something to the effect of "even though this is being released to the AP, the changes are not immediate so don't call the helpdesk if you can't get to facebook..."

Some units already don't block all of these sites and some block more than what was required by overarching policy so I still doubt that DoD will have a uniform policy (pardon the pun).  What I fear this will lead to is additional required annual training in acceptable use of IT resources.  While some IT education is a necessity you always have to deal with the bottom 2% of employees who either don't understand or don't care.  The top 10% or so of employees simply proxy around blocked sites.  The folks in the middle go somewhere else (smaller sites probably == lower security, although admittedly a smaller target).

The move to re-open access to YouTube is particularly concerning since software updates happen at the speed of molasses on government computers.  I can already feel the coming wave of flash delivered malware coming to a NIPRNet machine near me.

Anyway, I'll stop rambling.  I have mixed feelings about the move only because I've been dealing with the DoD IT folks since 1995 (heck, I was one until until 2004).  Ultimately I think that until you are willing to back policy violations with "teeth", policy is meaningless.  Reminds me of something I heard a Navy officer opine a couple of years ago:

If I'm at the helm of a ship and brush the ground or another ship, even with no damage or injuries to anyone, my career is over.  If I bring in trojan software from home, install it on my work computer and DoD loses sensitive information I have to go to a refresher class.  Until we correct this disparity of consequences DoD IT security is a joke.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

CadillacGolfer

Newbie
Newbie

Posts: 36

Joined: Thu Dec 14, 2006 1:58 pm

Post Wed Mar 03, 2010 3:36 pm

Re: Pentagon unblocks social networking sites

wonder how the pentagon will feel after this

http://thelede.blogs.nytimes.com/2010/0 ... book-leak/

Unfortuantely no manner of training will help people like this
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Wed Mar 03, 2010 4:59 pm

Re: Pentagon unblocks social networking sites

That is very true.  The big difference here that bodes even worse for the pentagon is that the Israeli's actual know who their enemy is and are much more savvy when it comes to OPSEC.

If a U.S. soldier posted that on his facebook page, how many of his civilian friends would contact the authorities?
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

nightmare44

Newbie
Newbie

Posts: 10

Joined: Mon Jul 13, 2009 7:19 am

Location: Maryland

Post Thu Mar 04, 2010 8:19 am

Re: Pentagon unblocks social networking sites

Time for the koobface crew to step up their game....

Such a bad idea to allow twitter/facebook for reasons other than opsec.
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Thu Mar 04, 2010 7:42 pm

Re: Pentagon unblocks social networking sites

Well, there are some sound OPSEC arguments to open up these sites.  The first would be that DoD personnel are simply going to "alternative" sites that are not being blocked.  These lower density sites, while being less attractive targets for hackers, are likely to have a lower security posture.  OPSEC may actually be increased by soldiers visiting these sites.  Of course, the ideal would be not to use any of the sites for non-mission reasons.  However, that involves actually enforcing policy with punitive measures for violators.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software