Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] Strange request from Air Force

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] Strange request from Air Force


Chronological Thread 
  • From: Frank Seesink <>
  • To:
  • Subject: Re: [Security-WG] Strange request from Air Force
  • Date: Thu, 8 Feb 2018 16:24:22 -0500
  • Ironport-phdr: 9a23:DbtKXhY52nBRcEchpF1qchn/LSx+4OfEezUN459isYplN5qZoMm9bnLW6fgltlLVR4KTs6sC17KP9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCagbb9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjmk8qxlSgLniD0fOjA57G7YhdF+gqxVoBy/pRNxwInabZqPO/Zie6PQZ9MaSXZDU8tXSidPApm8b4wKD+cZPehYtZPyp10NrRCjGAejGv3gyiRJhn/w3q0xzuMsEQ/c3AM6GdIOs2/ZrdvrNKcUT++10LPEwiveYPNLwDrw7pXDfB4mofGJR71wcMzRxFE0FwPYlFWQqJDqMCmJ1usXqmSb7vdvVfm1h24gsQFxrT6izdovhInRno8Z107I+CFjzIs3ONG0UlB3bcS5HJdNqy2WL5Z6Tt0mTm1yuis216cKtJGlcCQQ1Zgr2x3SZvqaeIaS+B3jTvyeITJgiXJlZr2/gxGy/FClyuLmWcm01UxFojBLk9nSsHACyQDT5tKZRfRg40etwTeP1wbN5eFYOU04iLTXJpo7zrMyi5Yfq1rPEjXrlEnrkKOabkAk9fKp6+TjbLXmvJicN4pshwHwKKQhgMq/AecjPwkAQWib//qz1KH58ULnXbpKk+U6krPFv5DCOcQbuqm5DhdO0ok99xm/Ei2m0NUEnXgHNV5Edh2HgpPtO1HPO/D4Eey/j0q2nDdqwfDGIqPuAo/LLnfdjLftY6xx5FBBxwounphj4MdPB7ocOvPvSwruu/TZCAM0KQq537yhBdlgha0EXmfaLLWQNqCailKF/eMpIKHYapUcvjXVNOYj6uKogHMkzwxONZK11IcaPSjrVs9tJF+UNCLh

Have not experienced this with the Air Force per se, but a few years back we were approached by the WV Office of Technology (WVOT)—the state gov’t dept. responsible for the MAN in Charleston and our sister org on the gov’t side so to speak—if we’d be willing to install the MS-ISAC folks' “Albert sensors” in our network  with the intention to share information gleaned.  (MS-ISAC being the Multi-State ISAC or state gov’t variant of REN-ISAC.)

At the time I did my research into these and determined that what these “Albert sensors” were was pretty much appliances running the open-source Suricata software ( https://suricata-ids.org/ ) with some secret sauce most likely, and from their own description these appliances “phoned home to mommy” as it were, thus aggregating all the “Albert sensor" info collected to find threats/attacks/etc. across member state networks.  The sending of network data to who-knows-where was the first red flag.

Being a network provider for everything from higher ed to state/county/local gov’t, K12, public libraries, etc., we’re obviously ideally positioned for such a thing.  But I remember thinking that some of our customers, notably higher ed schools, would balk at the idea, not to mention we’d likely have to determine if this would violate any of the usual suspects (HIPAA, FERPA, COPPA, etc.).  And sure enough, during a meeting less than a month later with one of the higher ed customers, we asked the main IT guy if they’d be ok if we did that, and I believe the response was “No f*ing way in h*ll.”

Needless to say, we have never allowed it, and it died on the vine.  I believe those sensors may exist within the state gov’t network, but that’s it.


On Feb 8, 2018, at 4:09 PM, Karl Newell [!] <> wrote:

Hi all,
 
One of our members experienced the following, I’m wondering if anyone has heard of something similar or what your thoughts are.
 
The Air Force contacted the member’s DNS registrar saying they had information to share about the member’s network.  This request made it to the CISO who called back.  The Air Force wanted to install a device on the member’s network to monitor traffic.  It was assumed there would be information sharing but the member did not agree to work with the Air Force.
 
Thanks,
Karl


Frank Seesink

Telecommunications Networking Specialist III
West Virginia Network (WVNET)
304.293.5192 x241





Archive powered by MHonArc 2.6.19.

Top of Page