Reader Comments (rss)

(Flattened / Threaded)

1.  

   Wow

   

   bt garner, Aug 14th, 2007 @ 11:05am

   
   

   Have we as a society become so shallow that stuff like this just happens without the uproar it deserves?
   
   How about this: Corporate policy the forbids P2P activity. Block the P2P ports on the firewall you are using (you are using a firewall, right? right? RIGHT?) and if anyone is found trying to circumvent and use P2P software, they are terminated.
   
   That might be a bit extreme, but this is nothing that needs regulatory oversight.

   [ reply to this | link to this | view in thread ]

2.  

   This is

   

   Unknowledgeable Geek, Aug 14th, 2007 @ 11:18am

   
   

   This is such a no-brainer I am sure the gov't will screw it up somehow. I am the network administrator on several dozen networks, you know how easy it is to not allow P2P traffic and monitor for people trying to circumvent? Now, spelling that ain't my fortay. But, stopping P2P (which at the gov't level, I have no clue why this isn't done already) is simple.

   [ reply to this | link to this | view in thread ]

3.  

   

   Anonymous Coward, Aug 14th, 2007 @ 11:19am

   
   

   a HUGE problem is that the good folks in congress don't understand technology - but of course they are qualified to regulate it...

   [ reply to this | link to this | view in thread ]

4.  

   Flag level officers chase dollars

   

   CatBandit, Aug 14th, 2007 @ 11:23am

   
   

   Clark is no different than others with high military rank - or high GS ratings - who find ways to "milk" the enlisted people or the public who they are supposed to "lead".
   
   Look at any military installation for any service. The "civilian" dry cleaners, tailors, restaurants and bars and on and on are owned by senior enlisted or officers - sometimes retired but often not. These guys pass the regulations and then get wealthy providing the goods and services required by those very regulations.
   
   Clark has just found a technical twist to a very old game.

   [ reply to this | link to this | view in thread ]

5.  

   not to mention something that wouldn't work

   

   Matt, Aug 14th, 2007 @ 11:36am

   
   

   BT Gamer: "block p2p ports" I sincerely hope that is satire. However in the wonderfulness of the internet lets try to add some assumptions that its not. How is that going to work when any bit torrent program can be assigned to any port. Also if you just go around only allowing certain ports (without same lack of knowledge), you'd be amazed at the legitimate things you'd block and/or can't. Also you can't just "block encryption" since torrent programs use encryption as does VPN. It is easy to find a high amount of upstream/downstream coming to 1 pc. But it's equally unlikely anyone torrents for work other than for legitimate reason (universities sharing lectures for one). You're not going to see it visually (minimize the program). And when it all comes down to it, someone can bring a program on a USB drive to get by all the blocking. So it's kinda hard to secure stuff like that.

   [ reply to this | link to this | view in thread ]

6.  

   

   GoblinJuice, Aug 14th, 2007 @ 11:50am

   
   

   I respect General Clark, but I think he's gone the shill. Sad, very sad.
   
   A BOFH can handle P2P. A private corp, with a multi-million dollar solution that'll be circumvented quicker than you can google "pr0n", can't.

   [ reply to this | link to this | view in thread ]

7.  

   Re: not to mention something that wouldn't work

   

   Chronno S. Trigger, Aug 14th, 2007 @ 12:03pm

   
   

   You make a valid point. P2P programs are too hard to block so this regulation must be passed. Unless you take into account that firewalls can block or allow specific programs. In a military installation I'd expect to see those firewalls in effect. but then I'd also expect to see some personal restraint on the part of the employees.
   
   "you'd be amazed at the legitimate things you'd block and/or can't. Also you can't just "block encryption" since torrent programs use encryption as does VPN."
   
   Again this is a military installation. Please tell me how many places these people need to be other than other military computers that probably already have a dedicated VPN set up in the routers or even a hard line.

   [ reply to this | link to this | view in thread ]

8.  

   Clark was transparent about the affiliation

   

   Greg Piper, Aug 14th, 2007 @ 12:28pm

   
   

   It should be noted that Wesley Clark was up front with the committee about his interest in this security company. His statement isn't on the committee website (odd because everyone else's is), but the print handout at the press table noted his affiliation, on the first page if I remember correctly. You can watch the archived video yourself at the Oversight Committee site.
   
   http://oversight.house.gov/story.asp?ID=1424

   [ reply to this | link to this | view in thread ]

9.  

   Re: Wow

   

   Anonymous Coward, Aug 14th, 2007 @ 12:31pm

   
   

   "Have we as a society become so shallow that stuff like this just happens without the uproar it deserves?"
   
   Yes: Iraq.

   [ reply to this | link to this | view in thread ]

10.  

    

    t, Aug 14th, 2007 @ 12:44pm

    
    

    not a tech geek, but -- if you don't allow people to install software on their own machines at gov't installations, which seems prudent, then no p2p software should get on the machines. That, along with other reasonable care, including the threat of discipline if personnel are caught using p2p software would seem to make sense.
    
    I've been at companies with tight security around software installation connecting to anything outside the LAN and use of company computers. The funny thing is, people actually wind up working instead of shopping EBAY, tracking their fantsy foot ball teams or building their music collections.

    [ reply to this | link to this | view in thread ]

11.  

    Solutions

    

    Fat Tony, Aug 14th, 2007 @ 12:46pm

    
    

    The way to block p2p programs is to block installations. Not every idiot in an organization requires rights to install. So restrict those rights and anyone who circumvents the system gets one warning. Second warning = fired
    If you can't respect the rules of your organization you shouldn't be in it.

    [ reply to this | link to this | view in thread ]

12.  

    groan

    

    Dave, Aug 14th, 2007 @ 12:48pm

    
    

    Wow, and I thought that guy was actually reasonably intelligent.
    
    You know, nothing's constant in the universe except for one thing - politicians are unerringly stupid about regulating technology, and should not be trusted to do so without a HUGE amount of help from smart people. Like that's ever going to happen.
    
    They'd screw it up even if they weren't listening to lobbyists with an ax to grind.

    [ reply to this | link to this | view in thread ]

13.  

    

    Anonymous Coward, Aug 14th, 2007 @ 1:10pm

    
    

    As plenty of people have stated, blocking p2p traffic, especially in a military institution (shouldn't security be their top priority?) is not that difficult. I've worked in corporate environments where we enforced policies that are apparently 10x more strict than the government/military. Even if someone managed to get a p2p app installed (why oh why can a user install ANYTHING), they wouldn't get through the perimeter defenses.
    
    Unfortunately I am not surprised by this. Attempting to regulate an 'industry' that's impossible to regulate since anyone with some decent programming knowledge can write and release a p2p app just gives a false sense of security and completely ignores the core issue. Hire some competent infosec admins, listen to their advice and enforce the policies they create. That includes the people at the top of the food chain.

    [ reply to this | link to this | view in thread ]

14.  

    

    anonymous coward, Aug 14th, 2007 @ 1:28pm

    
    

    I have yet to hear of one single government employee ever being terminated because of a data breach no matter how stupid or avoidable it was.
    
    You don't penalize everyone because one person does something wrong. You punish that person. If we go down that road, cars should be outlawed tomorrow.

    [ reply to this | link to this | view in thread ]

15.  

    I'm confused...

    

    John, Aug 14th, 2007 @ 2:16pm

    
    

    Maybe someone can explain it better, but I'm confused about why people in government offices, and who deal with secure data, need p2p software installed on their computers?
    Like one of the posters already said, don't they have a VPN set up? And even if they really, really do need a p2p software program, who installed the program and allowed it share everything on the computer?
    
    But, it's better to put in government regulations instead of holding the IT people and the government worker accountable for their actions.
    (Yes, that was sarcasm)

    [ reply to this | link to this | view in thread ]

16.  

    Clark is a moron....

    

    Guy who thinks Clark is a moron, Aug 14th, 2007 @ 3:02pm

    
    

    'nuff said...

    [ reply to this | link to this | view in thread ]

17.  

    Re:

    

    R3d Jack, Aug 14th, 2007 @ 5:04pm

    
    

    Or reading TechDirt

    [ reply to this | link to this | view in thread ]

18.  

    P2P a threat to national security???

    

    Dragon Spirit, Aug 14th, 2007 @ 5:17pm

    
    

    Wouldn't it be cheaper and easier to either A) Train the incompetent government staff in setting up P2P properly, or B) simply block the ports used by P2P software on the Government Servers???
    
    Why should the entire free world be penalised because of some incompetent government employees? GET REAL!!!!! Teach them how to use it properly, or block them from being able to use the P2P software on Government Computers. SIMPLE SOLUTION, that does not encroach on the rights and civil liberties of everyone else on the planet! Dead set these wankers in Government and politics seem to think that everything is an opportunity for them to bullshit their way in to making more money for themselves, whilst telling us all that "This is for your own good and for national security". What a crock.

    [ reply to this | link to this | view in thread ]

19.  

    not employees

    

    jammerman79, Aug 14th, 2007 @ 6:43pm

    
    

    If you notice, the security breach examples provided are all from contractors... maybe they should be looking at that.

    [ reply to this | link to this | view in thread ]

20.  

    Communication is the threat

    

    eris23, Aug 15th, 2007 @ 1:13am

    
    

    Stories of p2p, unsecured ftp sites, etc, being a threat to National Security blind the public to the underlying problem: Communication is the threat.
    
    To prevent any potential enemy from finding out things all we have to do is make any form of communication illegal. Muzzle mouths, bind up hands, etc.
    
    With no communication possible, no information can be stolen.

    [ reply to this | link to this | view in thread ]

21.  

    Re: Wow

    

    Sanguine Dream, Aug 15th, 2007 @ 6:09am

    
    

    Well considering a guy can be fired (and sued) if a woman hears him tell a dirty joke (which is not directed at her but she just happens to be in earshot of it) I don't think instant termination for trying to install any restricted software is too extreme. In fact I'll go as far as to say that is one of the few rules that I would support at any company.
    
    But here's the trick. If a simple rule like that were to be passed and enforced then that means that there's no big corporation getting paid to do a job that they created themselves and we cannot have that.

    [ reply to this | link to this | view in thread ]

Add Your Comment