Originally Posted by BleepBleep
Mike,
Forgive my naivety, but JPA can only be accessed by someone on the DII or RLI; ie closed netwoks so there is a measure of security already - added to the fact that even authorised users can not gain access so we have total security!!
Ahhh the DII/RLI closed networks (or woks if you prefer), now do you or does a colleague at work have an IGS account? Well the IGS account is a secure(ish) way of using the Internet via the RLI Intranet. See where I am going here.
Such that the packets that you send out and recieve are passed through a series of Firewalls, but our system does not use SSL, however; there are far more intelligent persons outside of the RAF playing in hacking clubs etc... just for the thrill of getting into the Government/Military domains, for nothing than mere kicks. They brag about their achivements to each other and other Hackers via secure e-mail systems (more secure than we use in some cases) and share the information. At present the most secure way of operating a web based environment is using SSL or S-HTTP.
Now do we as a military work in a web based environment?
Now a geek explanation;
Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers.By convention, URLs that require an SSL connection start with https: instead of http:.
Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies.
Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard.
Where as HTTP code is written and encoded and decoded in plain text as it were (look at is as transmitting in clear if you will), this is what the backbone of all our systems operate on. Yes this still requires someone to get into the RLI but as 591 have proved it is not hard to do. They are constantly attacking our own systems to prove our own defences (and sterling job they are doing too).
Again however; the Pentagon, NASA and our dear old UK Gov have proved to be vulnerable to attack and have hackers knocking at their doors all the time normally to show up and embariss said Company/Gov etc..., eventually one will get in and if he/she wishes can wreak havoc in our systems and we will be none the wiser, now if they get in and are intent on doing harm to us or our systems, ??????????????