Re: Orange book, the NSA, and the NCSC
Dan Odom clarifies some information about NSA, NCSC, Orange Book series, etc.:
I'm willing to accept that the Orange book doesn't specifically address cryptography, and I appreciate the clarifications on something that is one of the deepest, complex, and most obscure military handbooks, which
Uh, any American citizen is entitled to one (1) free copy of the Orange Book (and every other book in the Rainbow series); all you have to do is ask. The address on the inside of my copy says:
NCSC 9800 Savage Road Fort George G. Meade, MD 29755-6000
I got on this list of automatic books several years ago and now have about a dozen or more different publications, in different colors, from blue to green to the famous orange. All from the National Computer Security Center. Nothing juicy, and not much fun (for me) to read. Unix gurus trying to get better security classifications for their machines and systems have to read this stuff, though.
Since every NSA address I've ever seen is 9800 Savage Road, I assume that it's some sort of secretarial thing. But if you ask them for a copy of the Rainbow Series, they'll send it to you and also put you on the list to receive updates. It is _not_ deep, complex, or obscure;
Savage Road is the actual address of the Agency; Fort Meade per se is huge. NCSC as created in 1984 as part of NSDD-145 (National Security Decision Directive-145, a very important one). Prior to that date it had been called the DoD Computer Security Center, located smack dab in the center of SIGINT City. (I visited in May of 1991, strictly to satisfy my own curiousity. The closest I got was the front gate, with the newly installed "National Security Agency" signs. Signs said "Das Photographen ist Strictly Verboten," but I took a bunch anyway out my car window.)
And before anybody starts forming consipiracy theories, I am not related to Lieutenant General William Odom; we just share a name :-).
I'd long been meaning to ask Dan about this. General Odom once was introduced at a speech he was giving to Jim Bamford. Odom recoiled and said "Sir, I consider you to be an unindicted felon." -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.
I got on this list of automatic books several years ago and now have about a dozen or more different publications, in different colors, from blue to green to the famous orange. All from the National Computer Security Center.
Nothing juicy, and not much fun (for me) to read. Unix gurus trying to get better security classifications for their machines and systems have to read this stuff, though.
I had to wade through all that government stuff a while back. I've got the complete series, but haven't gotten any updates. :( It's all pretty dry and stuffy, but it did have some useful stuff, like the password guidelines and how they figure out which machines can be trusted and which can't.
Savage Road is the actual address of the Agency; Fort Meade per se is huge. NCSC as created in 1984 as part of NSDD-145 (National Security Decision Directive-145, a very important one). Prior to that date it had been called the DoD Computer Security Center, located smack dab in the center of SIGINT City.
Why is Directive 145 important? <curious>
I'd long been meaning to ask Dan about this. General Odom once was introduced at a speech he was giving to Jim Bamford. Odom recoiled and said "Sir, I consider you to be an unindicted felon."
<snicker> I got a good laugh out of that one!! :) :) -- Ed Carp, N7EKG erc@apple.com 510/659-9560 anon-0001@khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever"
I mentioned NSDD-145 and Ed Carp asked for more information:
Savage Road is the actual address of the Agency; Fort Meade per se is huge. NCSC as created in 1984 as part of NSDD-145 (National Security Decision Directive-145, a very important one). Prior to that date it had been called the DoD Computer Security Center, located smack dab in the center of SIGINT City.
Why is Directive 145 important? <curious>
National Security Decision Directive 145 (NSDD-145) was signed by Reagan in 1984 as the "National Policy on Telecommunications and Automated Information Security." It extended the charter of the NSA from just the protection of government information (I'm talking about the COMSEC part of NSA, of course) to commercial, non-gov't information as well. The "Commercial COMSEC Endorsement Program" (CCEP). (I believe COMSEC, Communications Security, has since been changed to INFOSEC. One thing the Agency does is to frequently change the names of groups, departments, functions. Security by bureaucracy I guess.) You may recall that the Feds said around this time that DES was basically dead, that the CCEP would result in a new line of crypto systems...several companies, including Cylink, Intel, etc., developed products for inclusion on the Evaluated Products List (EPL). NSDD-145 also created the NCSC, as noted earlier. As everyone knows, "DOCKMASTER" is a not-especially-secure machine used by NCSC-affiliated researchers and vendors to send mail, etc. The frequent comments about how the NSA/NCSC is "on the Net" are hardly revelatory. Many machines are on the Net, and you can surely bet that the important machines are not. (And of course various nets exist. Milnet (or MILNET, or whatever) is one, and various successors to the old AUTOVON and AUTODIN command and control nets.) The National Computer Security Act came later, circa 1987. I have a lot more stuff in my files, but this ought to satisfy the casually curious. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.
participants (2)
-
khijol!erc -
tcmay@netcom.com