SuperWSO Posted June 6, 2015 Posted June 6, 2015 (edited) In my experience, IR is ok, Bluetooth/RF mice and keyboards are not. One mouse hooked to a KVM touching several different level machines is also ok Edited June 6, 2015 by SuperWSO
17D_guy Posted June 6, 2015 Author Posted June 6, 2015 Yeah, I don't understand the Air Force and their ridiculous EMSEC and wireless device policies. Where I work now, we have multiple boxes from multiple agencies spanning all classifications (unclass through SAP) sitting next to each other. They are all hooked up to switch boxes and use the same monitors, mice, keyboards, etc. They also all use the same wireless clicker. It's been the same setup in joint deployed environments, from what I've seen. At my last duty station, which was an Air Force base, we had red tape all over the desks to show you the line you couldn't cross with your mouse or any other equipment. People literally got written up for moving an optical mouse hooked up to NIPR over the SIPR red line. Not only is that too stupid for me to process, they actually employed people who went around checking/monitoring this shit. I had a 2Lt who plugged a wireless mouse into his SIPR workstation once. Asked him to remove it, that per the "rules" it wasn't allowed. We were in a SCIF as well. He asked why, that all it passed was X/Y axis data and there was no information to be gotten off of that. I informed him as a lowly SSgt I didn't have the details as to why he couldn't, but the NSA wrote the rules. He said they didn't know what they were doing. I side that's fine, remove the mouse. There's a lot of cool stuff going on right now with side-channel analysis. Attacking systems and getting information about what's happening in a system from other means. TEMPEST was the start of everything in this realm. I generally try to be cool about these things. Wireless mouse on NIPR? I don't care. I've got a MSgt that I supervise that's got one right now actually. But a lot of the Pilots/Nav's roll into SCIF's here with their iPhones and bricks like it's no big deal. I was going to say Ops dudes since it would cover the back-end Intel guys, Ravens and other folks as well.. but it doesn't. It's mostly front end rated-bros... just thought about that. Not hating, an observation. Some of the rules are stupid. Some asses interpret them their own way to be a pain/powertrip/etc (Gravedigger's 2nd paragraph). But I can assure they're their for a reason when it comes to EMSEC. I've seen the same thing with the stacked classifications. Drives me nuts, but I'm a little older-school. I think a lot of the problem was mitigated with shielded-copper, fiber, and flat screen monitors that don't emit like the old CRT's. Also, the switch boxes should be NSA approved. There were... 2(?) approved when I was at Vandenberg for some of their systems to co-exist. That being said, I've seen images pulled off side-by-side ethernet connections that I didn't think would be there. From where I sit, it looks a bit like the JSF: Some big joint "program" sucking up service-specific funding then returning capabilities that are less than when you started. Without getting to in the weeds, there are some capability gaps that will emerge when we give up on the gateways (16 AFNET exit points for those at-home viewers who are not immersed in the gory pain of the AFNET) and switch to JRSS. JRSS is funny in that it isn't actually a program at all -i.e.... there's no program element that Congress approved. Instead, its all the services throwing money at this based on DoD CIO direction. I see a trend of increasing centralization at DISA, and I'm not sure that's a good thing. Correct JRSS is a unicorn when it comes to DoD programatic function. Army's paying for it, AF's helping with a bunch of stuff. Navy has the NMCI and can sit in the corner until they learn how to cyber like adults. As much as it pains me to say it the move to a joint cyber environment is the right thing to do. It shouldn't be AF NIPR, Army NIPR.. Navy... vomit. Real savings in time, $$ and manpower can be leveraged with that. Security for the DoD networks can be vastly enhanced. The AF no-kidding leads the way in getting this done in some areas (AFNet, 24th AF, security) and the Army in others (DISA Email). Additionally, like the sky we don't (to my knowledge) have Air Force sections, Navy sections, etc. It's all under control of the CFACC. Same should be for Cyber, and JIE/JRSS is going to get us there. I'm tired as hell, so I hope this made sense.
Day Man Posted June 6, 2015 Posted June 6, 2015 TEMPEST was the start of everything in this realm. I generally try to be cool about these things. Wireless mouse on NIPR? I don't care. I've got a MSgt that I supervise that's got one right now actually. Interesting...thanks for the link.
Homestar Posted June 6, 2015 Posted June 6, 2015 So the Chinese made it so we couldn't use USB drives in any or our machines, but they still managed to steal personal data on 4 million federal employees. What's next? https://www.fedsmith.com/2015/06/05/opm-data-breach-what-you-need-to-know/
Dupe Posted June 7, 2015 Posted June 7, 2015 As much as it pains me to say it the move to a joint cyber environment is the right thing to do. It shouldn't be AF NIPR, Army NIPR.. Navy... vomit. Real savings in time, $$ and manpower can be leveraged with that. Security for the DoD networks can be vastly enhanced. The AF no-kidding leads the way in getting this done in some areas (AFNet, 24th AF, security) and the Army in others (DISA Email). Additionally, like the sky we don't (to my knowledge) have Air Force sections, Navy sections, etc. It's all under control of the CFACC. Same should be for Cyber, and JIE/JRSS is going to get us there. I'm tired as hell, so I hope this made sense. It's reasonable that cyber should be a joint function. The problem is DISA: it's like Gotham City is asking for Batman and getting Vinny The Goat instead. By federal law, services are now required to go ask service-CIO for permission to go buy data center infrastructure (in a push to reduce foot print and move to the cloud). DISA was then deputized to be the arbiter of which programs could use commercial services and which had to use DoD funded data centers (manageged....by.....DISA). To date, I don't know of one program that has succeeded in using commercial cloud providers where many other executive departments (including the CIA) have been able to. 17D- I know you know most of that story. The viewing public may not. DISA costs are easily 6x-10x that of commercial cloud providers.
SuperWSO Posted June 7, 2015 Posted June 7, 2015 Sounds like the complaints I've heard about DISA Enterprise Email (DEE). Slow and vastly more expensive.
Gravedigger Posted June 7, 2015 Posted June 7, 2015 TEMPEST was the start of everything in this realm. I generally try to be cool about these things. Wireless mouse on NIPR? I don't care. I've got a MSgt that I supervise that's got one right now actually. Some of the rules are stupid. Some asses interpret them their own way to be a pain/powertrip/etc (Gravedigger's 2nd paragraph). But I can assure they're their for a reason when it comes to EMSEC. I've seen the same thing with the stacked classifications. Drives me nuts, but I'm a little older-school. I think a lot of the problem was mitigated with shielded-copper, fiber, and flat screen monitors that don't emit like the old CRT's. Also, the switch boxes should be NSA approved. There were... 2(?) approved when I was at Vandenberg for some of their systems to co-exist. I don't want to discuss specific organizations and systems, but I think you'll find that most agencies outside the AF have stacked or side-by-side boxes as the norm. I honestly think the Air Force just uses blanket overly restrictive policies because they are accounting for the lowest common denominator, and worst case scenario. Maybe that's a good strategy, maybe not.
brwwg&b Posted June 10, 2015 Posted June 10, 2015 https://www.theguardian.com/technology/2015/jun/04/us-government-massive-data-breach-employee-records-security-clearances OPM hacked
17D_guy Posted June 18, 2015 Author Posted June 18, 2015 (edited) To expand on the OPM hack. Watch the video and realize these are senior gov't employees in all facets of the force. They're the ones making decisions about how to implement cyber. They're in the AF too.. https://www3.blogs.rollcall.com/hill-blotter/opm-breach-includes-congressional-staffers/ Additionally Krebs does a good breakdown of the history of this. CLEARLY targeted, persistent, and skilled. I briefed this to leadership this week, they were not please. https://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/ Edited June 18, 2015 by 17D_guy
JS Posted June 18, 2015 Posted June 18, 2015 Anyone else concerned about the OPM hack? I just read an article that the Chinese acquired every SF-86 that has ever been submitted electronically. I was perusing through the one I just did a few months ago and it has some pretty good stuff - name, social, address, and phone number of me and my wife along with address and work history, etc. This info could be used to start up another life somewhere in a pretty bad case of identity theft.
Champ Kind Posted June 18, 2015 Posted June 18, 2015 Anyone else concerned about the OPM hack? I just read an article that the Chinese acquired every SF-86 that has ever been submitted electronically. I was perusing through the one I just did a few months ago and it has some pretty good stuff - name, social, address, and phone number of me and my wife along with address and work history, etc. This info could be used to start up another life somewhere in a pretty bad case of identity theft. I was trying not to think about it. All of the "safeguards" that we impose on ourselves and make productivity painful at work... And this still happens.
JarheadBoom Posted June 19, 2015 Posted June 19, 2015 Anyone else concerned about the OPM hack? Yep. Also infuriated. Every fucking year we get officially harassed about Information Assurance/Information Protection/Cyber Awareness/etc., and every fucking time I log onto a .mil computer on base I get several popups telling be how I'll be burned at the stake if I let PII out of it's encrypted and access-controlled cage. Then a .gov agency with more of my personal info than the fucking IRS says they didn't bother trying to encrypt because "their hardware is too old". Fat lot of fucking good that one year of credit monitoring will do if the Chinese (or whoever they may sell/trade the data to...) decide 6-9 years from now to get really asymmetric WRT cyber warfare. 1
Guest LumberjackAxe Posted June 19, 2015 Posted June 19, 2015 "The OPM has been trying to send vital information to its hundreds of thousands of employees, and many mistook these emails for malicious phishing campaigns." Oops. https://www.businessinsider.com/federal-employees-are-mistaking-official-government-emails-for-phishing-scams-2015-6#ixzz3dUgHwP7e
11F Posted June 22, 2015 Posted June 22, 2015 So I get notified on 5-Jun that I'm deploying on a 365 on 01-Jul. My commander gives me 22-29 Jun to knock out all of my deployment training...ADLS is down 22-29 Jun. This is the best situation ever! I don't have to do a single CBT. Boom!
17D_guy Posted June 22, 2015 Author Posted June 22, 2015 So I get notified on 5-Jun that I'm deploying on a 365 on 01-Jul. My commander gives me 22-29 Jun to knock out all of my deployment training...ADLS is down 22-29 Jun. This is the best situation ever! I don't have to do a single CBT. Boom! You're welcome, I'm waiting on the check.
11F Posted June 23, 2015 Posted June 23, 2015 You're welcome, I'm waiting on the check. It's in the mail. 1
stract Posted June 23, 2015 Posted June 23, 2015 so at work today, I could access gmail on the interwebs, but every other non-mil/gov site I tried to visit gave me the big FU. Displayed error message was that my profile or workstation had been restricted to viewing only .mil/.gov websites. WTFU? If it matters, my IA just expired but since ADLS is down, can't rehack that. I know that the CS was given guidance not to disable accounts for that reason while ADLS is down, so seems an odd coincidence. Thoughts?
17D_guy Posted June 25, 2015 Author Posted June 25, 2015 (edited) Hrm.. Interesting. I don't think it was the local CS, as the process for restricting accounts is automated. Your profile gets kicked to a naughty boy/girl list and you're restricted from the glory of the web. I'm not sure on the technical specifics. Did you try a different workstation? I imagine the same result. If you contact your CFP they might be able to help, but no promises. I just wonder because they're always rolling out new software for security, both locally and in the ether, that will do strange things. So, at some point if your local workstation isn't patched, you could get the same error. Which would be good for us Cyber types in making sure vulnerabilities are mitigated. 4+ months after the vendors release the patches and they've finally percolated through DISA and AFCYBER. I wish I was kidding. Oh, then AFCYBER backdates the due date for the CS to the vendor release date. Then passes that list of overdues to the MAJCOM A6. Edited June 25, 2015 by 17D_guy
stract Posted June 25, 2015 Posted June 25, 2015 (edited) well it ended up being moot, b/c on Tues morning they put me in the penalty box (kiosked) for the overdue IA, thus not following their own guidance. "oh, ADLS is down? Hmm, I didn't know that..." Took an entire 3 days (until this afternoon) for an override to go through so I wouldn't be locked out, and I expect to be locked out again tomorrow afternoon since the override is apparently only good for 24 hrs. The best part is the popup I've been getting for the last three days "Your IA is overdue, would you like to complete it now?" becomes 4 popups when you click it (it's like being rickrolled), and the phone number listed is for the Enterprise helpdesk that no longer exists (DSN 510 something). ETA: now that I can go somewhere other than the portal/ADLS, I could knock out the training on the DISA website, but that wouldn't update ADLS, and ADLS can't be manually updated because it's down... #catch22 Edited June 25, 2015 by stract
17D_guy Posted June 28, 2015 Author Posted June 28, 2015 well it ended up being moot, b/c on Tues morning they put me in the penalty box (kiosked) for the overdue IA, thus not following their own guidance. "oh, ADLS is down? Hmm, I didn't know that..." Took an entire 3 days (until this afternoon) for an override to go through so I wouldn't be locked out, and I expect to be locked out again tomorrow afternoon since the override is apparently only good for 24 hrs. The best part is the popup I've been getting for the last three days "Your IA is overdue, would you like to complete it now?" becomes 4 popups when you click it (it's like being rickrolled), and the phone number listed is for the Enterprise helpdesk that no longer exists (DSN 510 something). ETA: now that I can go somewhere other than the portal/ADLS, I could knock out the training on the DISA website, but that wouldn't update ADLS, and ADLS can't be manually updated because it's down... #catch22 First - this is hilarious. For me, not you. Second - 3 days: normal. Sorry, welcome to the efficiency of operation in an enterprise system. I'm not proud saying that. When your senior leaders (both Cyber and Fliers) say they're leveraging automated systems to blah, blah, blah. This is what they're talking about. Third - Your CFP/CSL (pronounced Sizzle, we think of the cool names in Cyber) should be able to update your IA date, or put in a ticket (+3 more days!) to have it manually updated. I haven't heard of that process being a complete automated lock down.. and it wouldn't make sense if they did. So.. they probably did. Fourth - The ESD is gone, long live the vESD. Try putting in a ticket for something that isn't on their little app. You can't. You have to call your CFP for the ticket. Did you get notified ADLS was going down, then it wasn't, then it was again? i don't know your situation, so I'm not trying to accuse. Thankfully we don't seem to have many people at my location stuck in your boat, but I would be interested if your training/QA/C4I got the info out to you. I'm still surprised at the number of individuals in senior positions w/ Masters degree in business/management who can't figure out strategic communication. Ex - new ESS roadshows. Break break - I got moved out of my DO position to a career-building staff job. So my (cyber) front line info will start to lag and I'm lobotomized by being taught how to build staff meeting slides. Overall, I'm not sure how much good info I'm bringing, but if you've got particular questions I can still bro-network a solution.
stract Posted June 28, 2015 Posted June 28, 2015 The CSL got my days pushed to the 30th. Because ADLS will definitely come back up on time, right? Yes, I knew of ADLS down week getting pushed right. Not sure why the CS didn't have any idea ADLS was down, tho.
JS Posted July 3, 2015 Posted July 3, 2015 I was trying not to think about it. All of the "safeguards" that we impose on ourselves and make productivity painful at work... And this still happens. https://warontherocks.com/2015/07/the-9-scariest-things-that-china-could-do-with-the-opm-security-clearance-data/
17D_guy Posted July 3, 2015 Author Posted July 3, 2015 Here's a good Cyber Security Podcast that actually interviews a Airbus pilot about the ongoing "scare" about hackers on planes. https://risky.biz/RB372
17D_guy Posted September 17, 2015 Author Posted September 17, 2015 I've been dreaming about this for years, finally happening - Wireless Hacking In Flight: Air Force Demos Cyber EC-130 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now