US House Passes P2P Ban On Federal Networks 91
An anonymous reader writes "Recently, the US House of Representatives passed a bill in an attempt to ban peer-to-peer file-sharing applications on federal computers and networks. Similar bills have been proposed before, apparently in response to confidential government documents being found on LimeWire. The text of the bill, however, provides a very broad definition of 'peer-to-peer file sharing software,' and may extend to more than they intend (SMB? LDAP?)."
How will the government botnets run!?!? (Score:5, Funny)
Re: (Score:1, Insightful)
Don't worry, federal law is ignored by TLAs left and right. Our safety is secure!
Re: (Score:1)
Next up, a law against hiring stupid people to work for any level of gov't. If we're lucky, they'll word it poorly enough that it will include running in any election.
Re:How will the government botnets run!?!? (Score:5, Informative)
Nah, the government will just contract that stuff out to the likes of Halliburton and Xe (formerly Blackwater).
Ron
Re: (Score:3, Informative)
Re: (Score:1)
Whitelist, not blacklist! (Score:5, Insightful)
This is an issue of what can be installed on federal computers? I believe there should be a list of what is allowed and everything else is disallowed. And NO ONE has admin access to their computer.
Come on people - federal security! Why the hell are they running MS OSes anyway?
Re: (Score:1, Funny)
Re:Whitelist, not blacklist! (Score:5, Funny)
Clearly there are only two options:
Re: (Score:3, Informative)
Re: (Score:2)
You mean Linux isn't written in ADA?
*ducks*
Re: (Score:1)
Were they ADA up?
Re:Whitelist, not blacklist! (Score:4, Informative)
It use to be that a base could keep its own list and the local people could control it, however a few years ago that was removed and now there is a central office that does all approvals. This office takes an average around 1 year to approve major software releases,aka Microsoft, and if it not then it takes longer.
However even then it is a people problem, the local base level admin and security people total ignore this and install almost anything they want.
Re: (Score:1, Insightful)
However even then it is a people problem, the local base level admin and security people total ignore this and install almost anything they want.
That tends to happen when the chain of command breaks as badly as it has here...
Re: (Score:3, Interesting)
Centralized control and admin. Used to be, a base would control its own network. No more. Even your local proxy server is now being admined from elsewhere.
Re: (Score:2, Funny)
Even your local proxy server is now being admined from elsewhere.
Likely the system administration has been outsourced, and is now run from a CSC guy in Bangalore.
Re: (Score:1)
Re: (Score:1)
We have almost the same problem in the Army... there is a standard approval process that can take months or year to get something approved.. even basic things like a patch... and it doesn't even address things like do I need to get a webpart for SharePoint approved and if so what is someone really checking when it goes through the approval process
I kind of wish we had centralized censorship... as it is now someone may have access to one post but not another... and who knows when my post will get around to a
Re: (Score:2)
But really, certain classes of application are just too dangerous and easy to screw up that they should be completely banned from the network. This is one of the rare areas where those stupid palladium chips could be an
Re: (Score:3, Insightful)
Come on people - federal security! Why the hell are they running MS OSes anyway?
The answer is yes. Though if you do a full audit I'm sure you'll probably find a working copy of just about every operating system ever developed.
That being said I'd be very surprised if Windows is anything less than 90% of the market.
Re: (Score:3, Insightful)
Computer security is, surprise surprise, a technical enterprise(albeit with some organizational dynamics thrown in) WTF is congress doing in there? Should we start holding elections for sysadmins, just to make sure that the will of the people is there to defend the network?
The idea of
Re: (Score:2)
This is an issue of what can be installed on federal computers? I believe there should be a list of what is allowed and everything else is disallowed. And NO ONE has admin access to their computer.
Come on people - federal security! Why the hell are they running MS OSes anyway?
ECHO.
Re: (Score:1)
Re: (Score:2)
That's basically one more rule than what is there now for most employees. I can't speak for all, but my wife works for a federal agency, and she has no control over what happens to her computer. The whole building came in a few months ago, for example, to find they had been upgraded from XP to Windows 7 without any notice. Hilarity ensured! They have been switched back and forth between Exchange and Lotus Notes several times. And I can't send her any email attachments, they are usually and somewhat capricio
Re: (Score:2)
Because Microsoft lobbyists are in bed with congress critters.
Re:Whitelist, not blacklist! (Score:5, Insightful)
That's pretty much the way it is. They actually have a pretty secure MS ecosystem. Between DISA, NIST and USAF and Microsoft, they've come up with the Federal Desktop Core Configuration (FDCC) [nist.gov] (which is an outgrowth of the USAF 'Standard Desktop Computer' (SDC)).
Various security settings, GPO's, etc. If you use a standard FDCC image, it is pretty well locked down, AND can be administered from anywhere. Having said that...'locked down' as much as XP or Vista can be. But the VAST majority of users do not need much more than Office and the base OS. No real need for 8 zillion extra little tools, which may or may not have their own vuln's.
But there is quite a lot on the approved list. Installed on a case by case eval. Wireshark or Firefox, for example. It is up to each department to further refine that list. For instance, the USAF (mostly) bans Firefox in favor of IE7.
Why the hell are they running MS OSes anyway?
Changing the US fed govt infrastructure from MS to 'something else', Linux for example, will take an extremely long time, and may well end up worse than it is now. Take the Munich example and multiply the problems by 500. For better or worse, an org of that size can't just switch.
Re:Whitelist, not blacklist! (Score:5, Funny)
Re: (Score:1)
If you use a standard FDCC image, it is pretty well locked down, AND can be administered from anywhere.
Gee, I can't imagine any problems with that aspect of the situation...
Re: (Score:2)
Anywhere = the next desk over, or 3 states away. The trick is getting inside the network in the first place, and having the correct rights once you are in. If you want to require physical access to do any admin functions, let's go back many years.
Re: (Score:2)
Don't be dense. "Anywhere" being "anywhere that a valid administrative user is logged onto an authenticated machine."
It becomes a necessity when the helpdesk is located five states away, or on another continent.
Re: (Score:1)
That is a problem, and it needs to be addressed. We cannot allow any piece of our infrastructure to be so dependent on a single company, especially not the OS.
Re: (Score:2)
Now there is a rock solid example of proprietary lock in, it is too hard to change to something else regardless of whether it is better because the implementation might be worse. Once you get to that stage, the wisest thing to do, is an immediate swap, it breaks the lock in, it provides expertise in system changes and implementation, it breaks all existing security holes and it forces competition in supply contracts.
As for banning P2P software, that is really pointlessly dumb. Only approved software for
Re: (Score:1)
Changing the US fed govt infrastructure from MS to 'something else', Linux for example, will take an extremely long time, and may well end up worse than it is now. Take the Munich example and multiply the problems by 500. For better or worse, an org of that size can't just switch.
The other question is how did Windows become so entrenched? At one time, nearly all Government computers would have been running IBM's MVS, VM, DOS (the mainframe OS, not PC/MS DOS) etc, CP/M, VMS or some flavour of Unix. For many, especially clerical and 'call centre' like roles, users does a Windows PC offer better productivity and make the job easier than using a 3270 terminal connected to the mainframe to fill in forms and get back the responses.
Re: (Score:2)
They use MSFT OSs to avoid training users,
FWIW, migration could be as easy as giving the order. When the USAF went from terminals to PCs, it was simply a matter of telling them to adapt.
Re: (Score:3, Insightful)
Come on people - federal security! Why the hell are they running MS OSes anyway?
I'm a career US federal government employee.
Right after the then-Governor of Texas became President, my employer (a federal agency) "standardized" on computers from a vendor headquartered in Round Rock, Texas. We were no longer allowed to purchase computers from any other company. This decision was made by a political appointee, appointed by the President.
Right after the same Administration settled the MS anti-trust suit, our agency "standardized" on MS-Software -- Windows is the only operating se
Re: (Score:2)
And NO ONE has admin access to their computer.
I have another genius idea. The doors to the buildings should be LOCKED at night!
(You know, the idiom "It goes without saying" is meant to be taken literally.)
IT department's nightmare (Score:2, Insightful)
People shouldn't be making servers out of their company desktops... it's the nightmare of the IT department to have other departments starting Access databases on their PCs, and then inviting other users to use the file. Eventually this becomes unworkable and the user installs a smaller version of MS-SQL, and then you've got a patching nightmare which leads to a worm and then...
Re: (Score:2)
Re: (Score:2, Insightful)
People shouldn't be making servers out of their company desktops... it's the nightmare of the IT department to have other departments starting Access databases on their PCs, and then inviting other users to use the file. Eventually this becomes unworkable and the user installs a smaller version of MS-SQL, and then you've got a patching nightmare which leads to a worm and then...
Yeah, but the problem is precisely too much locking down: workers have always tinkered with their tools trying to improve them and the more locked down the environment the more frustrating their experience will likely be. People turn their workstations into servers because the alternatively of wrestling with the company bureaucracy to arrive at an unsatisfactory solution isn't very appealing. It would be better for all involved to provide an easy way for people to do these things in a safe environment where
Re: (Score:1)
Yeah, but the problem is precisely too much locking down: workers have always tinkered with their tools trying to improve them and the more locked down the environment the more frustrating their experience will likely be. People turn their workstations into servers because the alternatively of wrestling with the company bureaucracy to arrive at an unsatisfactory solution isn't very appealing. It would be better for all involved to provide an easy way for people to do these things in a safe environment where it can be monitored.
Also it would be even better with a pony.
Re: (Score:2)
I actually agree with you. However there is a major problem that has to be overcome: folks don't know what they want in advance and the process for getting it all working right later is difficult even if the IT department cooperates fully. Either the IT department is in control of the design of the db needed for some in-house tool or you are stuck back with the idea that folks (with no training in database management, formal or otherwise) are doing their db design in access and then moving the data over
Re: (Score:2)
Generally, the job is not to dick around with the computer, but rather to produce something using the computer. Read and approve a report, produce a presentation, crunch some numbers in Excel.
I rail against the lockeddownness too. But in an org of that size, if you give people free reig
Re: (Score:2)
Re: (Score:1)
Not when your using active directory. You can't use your desktop to share with other users without the admin's permission.
what are ping times like over seas? and WOW may us (Score:2)
what are ping times like over seas? and WOW may use to much bandwidth to be download big updates like that.
Re: (Score:2, Interesting)
Re: (Score:2)
Hey, if I'm paying taxes for people to play games on the Social Security mainframe, they damn well be updated games with the latest patches to detect botting. We don't want our civil servants to slack on the job, automatically accruing gold and experience points while they sit back and read a book or something. Earn those achievements, government, or the Tea Party will vote you out!!
Bad law (Score:4, Interesting)
Re: (Score:1, Insightful)
Presumably, government law-drafters will call on experts to clarify finer points.
You spelled experts wrongs, its spelled lobbyists.
Perfectly reasonable (Score:5, Insightful)
The term ‘open-network’, with respect to software, means a network in which--
(A) access is granted freely, without limitation or restriction; or
(B) there are little or no security measures in place.
What part of this is unreasonable in any controlled environment? Can you think of any corporation that would allow such a thing?
I wouldn't even let my kids run such a thing.
N.B. This clearly does not cover things bittorrent since you have to explicitly publish individual files to it.
Re: (Score:2)
Samba (SMB aka Microsoft Networking) qualifies as open-network by this definition.
Samba can be secured. ANY unsecured distributed file system would qualify, any secured one would not.
Re: (Score:2)
This might be perfectly reasonable, but why does this have to be written into the law? Agency/Department rules seem like a more appropriate way to handle this.
Re: (Score:2)
I would say it's a reaction to ACTA. They're not an ISP, so have no safe-harbour, and therefore must ban anything like "open" P2P where they could potentially be held responsible.
Re: (Score:2)
Completely useless (Score:1)
It's really a pity that politician don't think before they pass sweeping laws. As the net continues to grow and the way that we share data changes this law will almost certainly prevent the gov't from being able to do useful things online ... and will need to be adjusted or repealed.
And how exactly does banning P2P sharing prevent people from leaking classified docs?
Re:Completely useless (Score:4, Insightful)
It's also really a pity that Slashdot admins don't think before posing sweeping accusations. As the number of political articles continues to grow and the way we rely on only reading the summary to understand the article almost certainly prevent users from being able to determine what is sensationalized ... and probably won't be adjusted or repealed when proven biased.
Code is Law (Score:2, Insightful)
Why is this being done as a federal law which regulates network users?
It seems to me that this is a policy that ought to be enforced by federal government sysadmins on their own networks, rather than by the government legislaors on the users of the network.
To use Lessig's parlance, this is a job for architecture, not law.
Re: (Score:1)
The law instructs OMB to (within 90 days)issue guidance to agencies.
Agencies then have an additional 90 days to:
So congress passes law, OMB translates law into guidance, and agencies develop policies and procedures (architecture if you will).
Re: (Score:2)
In fact, the policy will be enforced by federal government sysadmins. Absent direction, those sysadmins (or their bosses) would be free to establish their own policies, possibly varying wildly from agency to agency, or choose to have none. But the only mechanism Congress can use to establish a single consistent policy
But everything on the net is peer to peer! (Score:1, Flamebait)
There are always at least two peers. And one of them, having the port open, is the server. Doesn’t matter if it has a GUI installed or is a laptop.
So in essence they are banning all connections that have a source and a target ip adress at the same time.
Wow. EPIC FAIL.
Re: (Score:3, Insightful)
So in essence they are banning all connections that have a source and a target ip adress at the same time.
Or you could read the full article, and find out what they are really doing.
Wow. EPIC FAIL
So is a snap judgment based on a slashdot headline and reading the first few knee jerk responses.
Is it a good move by congress? No, not really. But did they really just ban connecting to the office network printer? No.
Re: (Score:2)
Only if you interpret things in the same completely wrong and retarded way as those idiots.
But I bet you also took the units of information from your TV host, and now talk in “libraries of congress” and clogging tubes, while referring to a lone display as “the computer”, because you got no fucking spine to stand by what you know (because you are the expert) is right, right?
Lame site... (Score:2)
Here's a better one [loc.gov], and official, too.
smb/ldap (Score:2)
Bill seems to contradict itself (Score:1)
From the bill:
(3) PEER-TO-PEER FILE SHARING SOFTWARE- The term ‘peer-to-peer file sharing software’--
(A) means a program, application, or software that is commercially marketed or distributed to the public and that enables--
(i) a file or files on the computer on which such program is installed to be designated as available for searching and copying to one or more other computers;
(ii) the searching of files on the computer on which such program is installed and the copying of any such file to another computer-- (I) at the initiative of such other computer and without requiring any action by an owner or authorized user of the computer on which such program is installed; and (II) without requiring an owner or authorized user of the computer on which such program is installed to have selected or designated another computer as the recipient of any such file; and
(iii) an owner or authorized user of the computer on which such program is installed to search files on one or more other computers using the same or a compatible program, application, or software, and copy such files to such owner or user’s computer; and
(B) does not include a program, application, or software designed primarily--
(i) to operate as a server that is accessible over the Internet using the Internet Domain Name system;
(ii) to transmit or receive email messages, instant messaging, real-time audio or video communications, or real-time voice communications; or
First off, wouldn't "the Internet Domain Name system" include reverse DNS? Secondly, "Peer-to-peer" software is nothing more than machines acting as both "clients" and "servers" and the broadness of what they believe "peer-to-peer" programs are could include public web servers.
Uh oh, better turn off Windows Update! (Score:1)
Because BITS is a peer-to-peer protocol [microsoft.com]:
This is actually a really, really useful feature for those of us operating networks (on behalf of the federal government) with significant bandwidth cons
Re: (Score:2)
The updates would be downloaded from a central location, and hopefully tested (to see if Microsoft has done yet another screw up or not).
And then they are pushed out to the clients via WSUS or whatever the company has decided to use for patch management.
Once you get to a high enough machine:admin ratio, it's often better to not have the computers self update just because Microsoft thinks it's time.
Re: (Score:2)
BITS peer caching has its place even in environments that use WSUS [wordpress.com].
Ultimately, what's ridiculous is the House's outlawing of a tool irrespective of intent. Sorry, no, it's worse than that. Because of their ignorance, they are attempting to outlaw an entire class of technologies that have great value to the federal government and its programs.