Computer Network Security: Then and Now
Abstract not provided.
Abstract not provided.
Proceedings - International Carnahan Conference on Security Technology
In 1986, this author presented a paper at a conference, giving a sampling of computer and network security issues, and the tools of the day to address them. The purpose of this current paper is to revisit the topic of computer and network security, and see what changes, especially in types of attacks, have been brought about in 30 years. This paper starts by presenting a review of the state of computer and network security in 1986, along with how certain facets of it have changed. Next, it talks about today's security environment, and finally discusses some of today's many computer and network attack methods that are new or greatly updated since 1986. Many references for further study are provided. The classes of attacks that are known today are the same as the ones known in 1986, but many new methods of implementing the attacks have been enabled by new technologies and the increased pervasiveness of computers and networks in today's society. The threats and specific types of attacks faced by the computer community 30 years ago have not gone away. New threat methods and attack vectors have opened due to advancing technology, supplementing and enhancing, rather than replacing the long-standing threat methods.
In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process, this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.
Abstract not provided.
Abstract not provided.
Abstract not provided.
ACM Computer Communication Review
Abstract not provided.
Abstract not provided.
Many possible applications requiring or benefiting from a wireless network are available for bolstering physical security and awareness at high security installations or facilities. These enhancements are not always straightforward and may require careful analysis, selection, tuning, and implementation of wireless technologies. In this paper, an introduction to wireless networks and the task of enhancing physical security is first given. Next, numerous applications of a wireless network are brought forth. The technical issues that arise when using a wireless network to support these applications are then discussed. Finally, a summary is presented.
Motomesh is a Motorola product that performs mesh networking at both the client and access point levels and allows broadband mobile data connections with or between clients moving at vehicular speeds. Sandia National aboratories has extensive experience with this product and its predecessors in infrastructure-less mobile environments. This report documents experiments, which characterize certain aspects of how the Motomesh network performs when obile units are added to a fixed network infrastructure.
Abstract not provided.
New network based authentication mechanisms are beginning to be implemented in industry. This project investigated different authentication technologies to see if and how Sandia might benefit from them. It also investigated how these mechanisms can integrate with the Sandia Two-Factor Authentication Project. The results of these investigations and a network authentication path forward strategy are documented in this report.
A major portion of the Wireless Networking Project at Sandia National Laboratories over the last few years has been to examine IEEE 802.11 wireless networking for possible use at Sandia and if practical, introduce this technology. This project team deployed 802.11a, b, and g Wireless Local Area Networking at Sandia. This report examines the basics of wireless networking and captures key results from project tests and experiments. It also records project members thoughts and designs on wireless LAN architecture and security issues. It documents some of the actions and milestones of this project, including pilot and production deployment of wireless networking equipment, and captures the team's rationale behind some of the decisions made. Finally, the report examines lessons learned, future directions, and conclusions.
Abstract not provided.
Abstract not provided.
Abstract not provided.
This document describes the design, fabrication, and testing of the SNL Data Encryption Standard (DES) ASIC. This device was fabricated in Sandia's Microelectronics Development Laboratory using 0.6 {micro}m CMOS technology. The SNL DES ASIC was modeled using VHDL, then simulated, and synthesized using Synopsys, Inc. software and finally IC layout was performed using Compass Design Automation's CAE tools. IC testing was performed by Sandia's Microelectronic Validation Department using a HP 82000 computer aided test system. The device is a single integrated circuit, pipelined realization of DES encryption and decryption capable of throughputs greater than 6.5 Gb/s. Several enhancements accommodate ATM or IP network operation and performance scaling. This design is the latest step in the evolution of DES modules.
Wireless communication plays an increasing role in military, industrial, public safety, and academic computer networks. Although in general, radio transmitters are not currently permitted in secured areas at Sandia, wireless communications would open new opportunities, allowing mobile and pervasive user access. Without wireless communications, we must live in a ''non-mainstream'' world of fixed, wired networks, where it becomes ever more difficult to attract and retain the best professionals. This report provides a review of the current state of wireless communications, which direction wireless technology is heading, and where wireless technology could be employed at Sandia. A list of recommendations on harnessing the power of wireless communications is provided to aid in building a state-of-the-art communication environment for the 21st century at Sandia.
Abstract not provided.
The next major performance plateau for high-speed, long-haul networks is at 10 Gbps. Data visualization, high performance network storage, and Massively Parallel Processing (MPP) demand these (and higher) communication rates. MPP-to-MPP distributed processing applications and MPP-to-Network File Store applications already require single conversation communication rates in the range of 10 to 100 Gbps. MPP-to-Visualization Station applications can already utilize communication rates in the 1 to 10 Gbps range. This LDRD project examined some of the building blocks necessary for developing a 10 to 100 Gbps computer network architecture. These included technology areas such as, OS Bypass, Dense Wavelength Division Multiplexing (DWDM), IP switching and routing, Optical Amplifiers, Inverse Multiplexing of ATM, data encryption, and data compression; standards bodies activities in the ATM Forum and the Optical Internetworking Forum (OIF); and proof-of-principle laboratory prototypes. This work has not only advanced the body of knowledge in the aforementioned areas, but has generally facilitated the rapid maturation of high-speed networking and communication technology by: (1) participating in the development of pertinent standards, and (2) by promoting informal (and formal) collaboration with industrial developers of high speed communication equipment.
Current copper backplane technology has reached the technical limits of clock speed and width for systems requiring multiple boards. Currently, bus technology such as VME and PCI (types of buses) will face severe limitations are the bus speed approaches 100 MHz. At this speed, the physical length limit of an unterminated bus is barely three inches. Terminating the bus enables much higher clock rates but at drastically higher power cost. Sandia has developed high bandwidth parallel optical interconnects that can provide over 40 Gbps throughput between circuit boards in a system. Based on Sandia's unique VCSEL (Vertical Cavity Surface Emitting Laser) technology, these devices are compatible with CMOS (Complementary Metal Oxide Semiconductor) chips and have single channel bandwidth in excess of 20 GHz. In this project, we are researching the use of this interconnect scheme as the physical layer of a greater ATM (Asynchronous Transfer Mode) based backplane. There are several advantages to this technology including small board space, lower power and non-contact communication. This technology is also easily expandable to meet future bandwidth requirements in excess of 160 Gbps sometimes referred to as UTOPIA 6. ATM over optical backplane will enable automatic switching of wide high-speed circuits between boards in a system. In the first year we developed integrated VCSELs and receivers, identified fiber ribbon based interconnect scheme and a high level architecture. In the second year, we implemented the physical layer in the form of a PCI computer peripheral card. A description of future work including super computer networking deployment and protocol processing is included.
Abstract not provided.
A number of substantive modifications were made from Version 1.0 to Version 1.1 of the ATM Security Specification. To assist implementers in identifying these modifications, the authors propose to include a foreword to the Security 1.1 specification that lists these modifications. Typically, a revised specification provides some mechanism for implementers to determine the modifications that were made from previous versions. Since the Security 1.1 specification does not include change bars or other mechanisms that specifically direct the reader to these modifications, they proposed to include a modification table in a foreword to the document. This modification table should also be updated to include substantive modifications that are made at the San Francisco meeting.