US House Passes P2P Ban On Federal Networks 91
An anonymous reader writes "Recently, the US House of Representatives passed a bill in an attempt to ban peer-to-peer file-sharing applications on federal computers and networks. Similar bills have been proposed before, apparently in response to confidential government documents being found on LimeWire. The text of the bill, however, provides a very broad definition of 'peer-to-peer file sharing software,' and may extend to more than they intend (SMB? LDAP?)."
Whitelist, not blacklist! (Score:5, Insightful)
This is an issue of what can be installed on federal computers? I believe there should be a list of what is allowed and everything else is disallowed. And NO ONE has admin access to their computer.
Come on people - federal security! Why the hell are they running MS OSes anyway?
IT department's nightmare (Score:2, Insightful)
People shouldn't be making servers out of their company desktops... it's the nightmare of the IT department to have other departments starting Access databases on their PCs, and then inviting other users to use the file. Eventually this becomes unworkable and the user installs a smaller version of MS-SQL, and then you've got a patching nightmare which leads to a worm and then...
Re:How will the government botnets run!?!? (Score:1, Insightful)
Don't worry, federal law is ignored by TLAs left and right. Our safety is secure!
Perfectly reasonable (Score:5, Insightful)
The term ‘open-network’, with respect to software, means a network in which--
(A) access is granted freely, without limitation or restriction; or
(B) there are little or no security measures in place.
What part of this is unreasonable in any controlled environment? Can you think of any corporation that would allow such a thing?
I wouldn't even let my kids run such a thing.
N.B. This clearly does not cover things bittorrent since you have to explicitly publish individual files to it.
Re:Whitelist, not blacklist! (Score:3, Insightful)
Come on people - federal security! Why the hell are they running MS OSes anyway?
The answer is yes. Though if you do a full audit I'm sure you'll probably find a working copy of just about every operating system ever developed.
That being said I'd be very surprised if Windows is anything less than 90% of the market.
Re:Whitelist, not blacklist! (Score:3, Insightful)
Computer security is, surprise surprise, a technical enterprise(albeit with some organizational dynamics thrown in) WTF is congress doing in there? Should we start holding elections for sysadmins, just to make sure that the will of the people is there to defend the network?
The idea of a room full of subject-matter nonexperts writing overbroad and dubiously sensible mandates just so that they can describe themselves as "strong on security" makes me throw up in my mouth a little. Hopefully nobody tells them how much "p2p" is going on in a DFS or AFS setup, or a failover system...
Code is Law (Score:2, Insightful)
Why is this being done as a federal law which regulates network users?
It seems to me that this is a policy that ought to be enforced by federal government sysadmins on their own networks, rather than by the government legislaors on the users of the network.
To use Lessig's parlance, this is a job for architecture, not law.
Re:Bad law (Score:1, Insightful)
Presumably, government law-drafters will call on experts to clarify finer points.
You spelled experts wrongs, its spelled lobbyists.
Re:Whitelist, not blacklist! (Score:1, Insightful)
However even then it is a people problem, the local base level admin and security people total ignore this and install almost anything they want.
That tends to happen when the chain of command breaks as badly as it has here...
Re:IT department's nightmare (Score:2, Insightful)
People shouldn't be making servers out of their company desktops... it's the nightmare of the IT department to have other departments starting Access databases on their PCs, and then inviting other users to use the file. Eventually this becomes unworkable and the user installs a smaller version of MS-SQL, and then you've got a patching nightmare which leads to a worm and then...
Yeah, but the problem is precisely too much locking down: workers have always tinkered with their tools trying to improve them and the more locked down the environment the more frustrating their experience will likely be. People turn their workstations into servers because the alternatively of wrestling with the company bureaucracy to arrive at an unsatisfactory solution isn't very appealing. It would be better for all involved to provide an easy way for people to do these things in a safe environment where it can be monitored.
Re:But everything on the net is peer to peer! (Score:3, Insightful)
So in essence they are banning all connections that have a source and a target ip adress at the same time.
Or you could read the full article, and find out what they are really doing.
Wow. EPIC FAIL
So is a snap judgment based on a slashdot headline and reading the first few knee jerk responses.
Is it a good move by congress? No, not really. But did they really just ban connecting to the office network printer? No.
Re:Whitelist, not blacklist! (Score:5, Insightful)
That's pretty much the way it is. They actually have a pretty secure MS ecosystem. Between DISA, NIST and USAF and Microsoft, they've come up with the Federal Desktop Core Configuration (FDCC) [nist.gov] (which is an outgrowth of the USAF 'Standard Desktop Computer' (SDC)).
Various security settings, GPO's, etc. If you use a standard FDCC image, it is pretty well locked down, AND can be administered from anywhere. Having said that...'locked down' as much as XP or Vista can be. But the VAST majority of users do not need much more than Office and the base OS. No real need for 8 zillion extra little tools, which may or may not have their own vuln's.
But there is quite a lot on the approved list. Installed on a case by case eval. Wireshark or Firefox, for example. It is up to each department to further refine that list. For instance, the USAF (mostly) bans Firefox in favor of IE7.
Why the hell are they running MS OSes anyway?
Changing the US fed govt infrastructure from MS to 'something else', Linux for example, will take an extremely long time, and may well end up worse than it is now. Take the Munich example and multiply the problems by 500. For better or worse, an org of that size can't just switch.
Re:Completely useless (Score:4, Insightful)
It's also really a pity that Slashdot admins don't think before posing sweeping accusations. As the number of political articles continues to grow and the way we rely on only reading the summary to understand the article almost certainly prevent users from being able to determine what is sensationalized ... and probably won't be adjusted or repealed when proven biased.
Re:Whitelist, not blacklist! (Score:3, Insightful)
Come on people - federal security! Why the hell are they running MS OSes anyway?
I'm a career US federal government employee.
Right after the then-Governor of Texas became President, my employer (a federal agency) "standardized" on computers from a vendor headquartered in Round Rock, Texas. We were no longer allowed to purchase computers from any other company. This decision was made by a political appointee, appointed by the President.
Right after the same Administration settled the MS anti-trust suit, our agency "standardized" on MS-Software -- Windows is the only operating session we were allowed to run, our email was moved over to Exchange, our websites were moved to MS-platforms, we were forced to move to only MS applications (Word, Powerpoint, Excel), etc. While this sounds bad, it actually used to be worse - for a while, we could only buy PDAs that ran Windows/CE.
Although the political appointees who made these choices left in early January 2009, my agency continues to lock more and more of our data into proprietary MS formats - we are now moving as much of our internal data as possible into Sharepoint.
The current administration seems to be big fans of "the cloud". From where I sit, this means that instead of just overpaying for crappy software and crappy hardware, we are going to start overpaying for crappy network services and the bandwidth to support those services.