More on SIPRNet
by Happy Harry
Much has been said in 2600 about the Secret IP Routing Network (SIPRNet).
As an enlisted member of the United States Air Force with a TOP SECRET/Sensitive Compartmented Information (TS/SCI) clearance, I felt I could add some valuable information to the cause.
The two places for the Air Force where computer security is tight is the Tiger Team at Langley AFB, Virginia/Pentagon and the Air Force CERT team at Kelly AFB, Texas. Past that, the Air Force is comprised of mediocre system administrators and young airmen with nothing more than a high school education and nine weeks of official training on how to administrate a network.
To restate much of what has already been told, the SIPRNet is a network used by the government and military to access and transfer classified information. Everything found on this network is classified secret due to the fact that everything must be classified at the highest level of classification existing on the network.
The SIPRNet is run on UNIX-based systems; every computer connected to the SIPRNet that I have ever seen was a Digital Alpha 400-450 MHz system, running Digital UNIX with an X-Windows interface. The routers I have seen were Cisco 4500s.
Contrary to popular belief, there are still dial-up accounts to access the SIPRNet, more specifically, Intelink-S, a classified secret network running on the HTTP protocol used by the intelligence community. To access a dial-up account, you must have a STU-III (Secure Telephone Unit, 3rd Generation), a KSD-64A (a.k.a. Crypto Ignition Key or STU-III Key), and a dial-up account.
To the best of my knowledge, the dial-up accounts are to an 800 number with a maximum connect speed of 9600 baud due to the heavy encryption/decryption devices in effect. STU-III phones are produced by many different manufacturers and include NEC and, most commonly, Motorola.
To gain an account to the SIPRNet, you must first register through SIPRNet Support Center (SCC) WHOIS Database, fill out the proper forms, and wait to be added. With that in mind, it would be virtually impossible for someone "on the outside" to get an account unless they could social engineer or brute-force their way in.
There are several security considerations that have not been addressed regarding the SIPRNet and Intelink. The major problem is IP multicast. Because most government computers are located behind a firewall, there is an inability to track the actual recipient of the data being sent. Just as packet sniffing is a problem on any network, the same holds true for the SIPRNet on LANs.
Another major security concern is the use of anonymous FTP accounts. For some reason the government thinks that nobody who is allowed access is going to get curious. I've been able to find lists of authorized IPs to specially categorized info on Pentagon computers by FTP'ing to pentagon.sgov.gov (SIPRNet account required), port listings for services running, and non-shadowed password files.
The SIPRNet is full of opportunities.
I hope some of the information I have provided can be used to help someone explore, answer some questions, and promote new thought.