digg

Facebook Connect Join Digg About

The 60 minute network security guide..by the NSA

treelimb.org Interesting pdf brought to you by the National Security Agency. Yes, THAT NSA… It is an excellent guide for your first steps to securing your network.

Who dugg this? Made popular Jan 4, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

60 Comments

show profanity settings
expand all
  • Wilcox, on 10/12/2007, -3/+137@GabrielS

    Here is my IP address if you would like to hack me - 127.0.0.1
  • surferbill, on 10/12/2007, -2/+63Direct link to pdf: http://www.nsa.gov/snac/support/I33-011R-2006.pdf

    I half expect my PC to be infected by some NSA spying program just by opening this PDF. ;)
  • denomolos, on 10/12/2007, -2/+405 second network security guide:

    unplug your network from the internet. :)
  • Mudbeast, on 10/12/2007, -3/+41GabrialS: I logged in just to digg you down. Children should be neither seen nor heard on Digg. Unless said child is intelligent enough to behave like an adult in a public forum. Go back to your jr high and learn something!

    and
    @surferbill

    Thanks for the direct link i couldn't even find the ***** at all on the article page
  • Phocion55, on 10/12/2007, -3/+35Oh noez! GabrielS is gonna hax0r my CPUs!
  • Malshew, on 10/12/2007, -2/+26@Wilcox

    I'm in your computer, deleting your OH SH-
  • ThePikey, on 10/12/2007, -0/+20@ hirak99
    "This is not security... this is paranoia"

    What part of NSA did you not understand? ;)
  • thelastknowngod, on 10/12/2007, -0/+19"to secure your network properly you MUST install this software. dont worry about what it is... it will make you safer!"
  • Arvenis, on 10/12/2007, -1/+16We've broken the NSA. I expect they'll be knocking our doors down any minute for "terrorist activity"
  • empeethree, on 10/12/2007, -3/+18but he has the orange book and a pirated version of Hackers.. better firewall the gibson.
  • diggsIt, on 10/12/2007, -4/+19Yeah right, Agent shankrabbit.
  • ajdub, on 10/12/2007, -0/+14Gotta love the change log:

    1.1 18 February 2002 These updates where to fixes grammar and syntax

    At least the NSA has a sense of humor.
  • 5thfreedom, on 10/12/2007, -3/+17I never understood why people start their replies with "I logged in just to...". I mean, don't people use cookies anymore?
  • jayhawk88, on 10/12/2007, -1/+14"Minimum Password Length
    12 characters
    god damn"

    Pass-phrases. All the cool kids are using them now.
  • rotten777, on 10/12/2007, -1/+12They didn't pay AT&T extra for using lots of bandwidth. Ha!

    Network neutrality bites THEM in the arse.
  • p5ych0, on 10/12/2007, -2/+11The pdf in html: http://pdfdl.oceighty.net/pdf2html.php?url=http://www.nsa.gov/snac/support/I33-011R-2006.pdf
  • wm2010russ, on 10/12/2007, -3/+12"Minimum Password Length
    12 characters "

    god damn
  • Portwineboy, on 10/12/2007, -2/+10I'm d/l'ing that PDF from the direct link at .7KB/sec.

    NSA supercomputers my ass! You got dugg!
  • shankrabbit, on 10/12/2007, -1/+8Despite all the jokes we could make about this being a setup and a portal to the NSA's ultimate directive: mind control....

    There is actually some pretty good stuff in that document.
  • hirak99, on 10/12/2007, -1/+7Enforce password history of 24 passwords, minimum 12 characters, should meet complexity requirements, and must be replaced every 1-90 days. This is not security... this is paranoia.
  • TexMurphy, on 10/12/2007, -0/+5The NSA would never break in your computer...........
    The smart thing would be to install or turn on a
    packet sniffer at your dslam........
    reroute your packets through there servers.........
    log all DNS requests...........

  • cynicist, on 10/12/2007, -0/+4Unix Systems and Networks covers it
  • tyme, on 10/12/2007, -0/+3And here's some more guides/checklists: http://iase.disa.mil/stigs/checklist/index.html - most developed by DISA-FSO
  • blizzok, on 10/12/2007, -1/+4@theone3

    no numbers, special characters, no bang.

    3 hours in john, at most.
  • Filksinger, on 10/12/2007, -0/+3Does it concern anybody else that this appears to make your computer network "SNAC" compliant?

    Seriously, though, they do some good stuff. Their guides to securing Linux are also decent.

    The NSA has always had a bit of a split-personality, since half their job is to grab information, and the other half is to protect it. Sometimes even the same information. I think it makes them dizzy.
  • jayhawk88, on 10/12/2007, -0/+2NSA puts out a lot of good network security related stuff, lots of whitepapers and various security policy templates that can be used.
  • PathDaemon, on 10/12/2007, -1/+3I lol'd at the alt text for the homepage image — "Image: National Security Agency Insignia disappearing into a dark blue background." No idea why that was funny. It just was.

    Anyway, the NSA has several nonclassified security guides. I've had one for OS X for a while. They aren't that useful. Pretty much a detailed description of the system made for a security professional who's never used it. Way too many lines in that one about "go to a technician to find out about physically disabling the microphone/camera/bluetooth/airport..."
  • PathDaemon, on 10/12/2007, -0/+2> 802.11 owns you yet again.

    Don't worry, the other guides ask you, the security dude, to bring the computer to have it neutered.
  • yoshihama, on 10/12/2007, -1/+3This made me laugh, because at my last company, IT distributed a script called 'XPneuter' that configured WinXP to be secure enough to run on the company network.
  • GenericNumber1, on 10/12/2007, -0/+2You forgot "Curl up into a ball"

    happens every time my internet tubes are clogged :(
  • niqhil, on 10/12/2007, -0/+2Words of wisdom from the guide -

    DO NOT OPEN E-MAIL ATTACHMENTS OR RUN PROGRAMS UNLESS THE SOURCE AND INTENT ARE CONFIRMED AND TRUSTED. Always run Outlook.. .

    /thunderbird user
  • minimaximus, on 10/12/2007, -1/+3unclassified? that's useless. Someone should leak the classified ones. That's where the good stuff lies.
  • tyme, on 10/12/2007, -0/+2NSA and DISA-FSO are responsible for most of the network and other security guides (STIGs) used by the DoD. They don't put security holes in them, because they use them. It would kind of defeat the purpose.
  • theone3, on 10/12/2007, -1/+2Speaking of passwords, the keyboard is actually a damn good randomisation tool - for instance, i might remember my password as 'the quick brown fox jumps over the lazy dog', but then offset everything by one character to the left and remove the spaces, i.e. 'rgwqyuxjveiqbdizhynoaicwergwkaztsif'.
  • mike503, on 10/12/2007, -0/+1nice to see the NSA using coldfusion
  • PathDaemon, on 10/12/2007, -0/+1(edit time just expired)

    ...but this guide is starting to look quite nice.
  • Hercules, on 10/12/2007, -0/+1Real network security comes when you take into consideration ease of use and balance it against the thought of security.

    If you have an overly complex or annoying system, your own users will find ways to make their lives easier, and your network more insecure. If you want 12 character passwords that's fine -- just don't be surprised when you look under a keyboard of your user and it's written on a post-it note.

    Common sense with security knowledge. Don't go nuts -- 90% of penetrations attacks occur because of social engineering, not outside factors. And DDOS attacks are almost impossible to defend unless you have the infrastructure. And you're not going to get DDOSed directly unless you're eBay or Yahoo, so relax and don't get so uptight :)
  • xZeddx, on 10/12/2007, -1/+2Where's the part where I install the backdoor?
  • inactive, on 10/12/2007, -0/+1Here are all of the NSA's unclassified security configuration guides:
    http://www.nsa.gov/snac/
    http://www.nsa.gov/snac/downloads_all.cfm
  • theone3, on 10/12/2007, -0/+1... ok. I think removing the spaces would do the same thing, but why not shift up and left, or add some numbers in, like you would with any other password.
  • buzzedlightyear, on 10/12/2007, -0/+1are these part of the documents that were just unclassified January 1st?
  • CoreBurn, on 10/12/2007, -1/+1Bad link, somebody got their account suspended.
  • tgui, on 10/12/2007, -0/+0@yoshihama
    Did you also work for Sun Microsystems? :-)
  • glenneroo, on 10/12/2007, -2/+2mind you, every IP that downloads the PDF will be forwarded to the RIAA and MPAA lawyers for "processing"

    all your base are belong to us
  • sancho, on 10/12/2007, -0/+0Probably not. The NSA has been providing guides to securing your computer for years.
  • widman, on 10/12/2007, -2/+1You mean pretty obvious stuff? At least people will hear this a bit more as it comes from NSA. It's very ironic.
  • inactive, on 10/12/2007, -2/+1im in ur electomagnetics, scanning ur verticals

    Yeah right, as if unplugging the network cable would stop the NSA from spying into your computer.
  • SteveSgt, on 10/12/2007, -5/+3It's interesting that there is no mention whatsoever of Mac-OS or Apple in the entire document.
  • tyme, on 10/12/2007, -3/+1NSA doesn't work much with Mac. See my comment further up about DISA-FSO STIGs.
  • jjb123, on 10/12/2007, -4/+2Mabey people will stop being so paranoid about the nsa now.
  • Fetching more discussions...
    Show 51 - 60 of 60 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.