Attacks/Breaches
12/22/2010
02:43 PM
50%
50%

Fidelis Snags Anti-WikiLeaks Contracts

Security vendor is working with several federal agencies to prevent classified information on the Web from reaching unclassified government networks.

The federal government is working with a security company to help block Wikileaks and other classified content from being accessed by unclassified government networks.

Boston-based Fidelis Security Systems, which among other things makes security software to prevent data breaches, said it's working with several federal agencies to prevent employees from being able to access confidential U.S. documents that are leaked to the Internet.

"That information is classified and the fact that it's in the public domain does not declassify it," said Kurt Bertone, Fidelis' vice president and security strategist. He said he was not permitted to name the agencies that are asking for the technology.

Fidelis has been working with the federal government since 2005 to prevent data breaches and provide other security solutions.

However, in the wake of a data breach known as Cablegate, in which 250,000 confidential diplomatic cables were published on Wikileaks and other websites, federal agencies have refocused some of their work with the firm, he said. Now they are using Fidelis software to keep classified information that reaches the Web from traveling back onto government networks that aren't authorized for classified data.

In a controversial move, the Air Force already has taken similar action by preventing its personnel from accessing the global news agencies -- including the New York Times, the United Kingdom's Guardian and France's Le Monde -- that published the Wikileaks cables.

However, Bertone said this kind of measure doesn't solve the entire problem for a couple of reasons. One, it blocks access to unclassified information that doesn't need to be filtered; and two, it doesn't prevent access to classified information that may be present on other websites.

Fidelis' technology, called deep session inspection, sets policies that search data for keywords and other identifiers to separate classified information from nonclassified information, he said.

"Basically we look at the content and make a content-based decision," Bertone said. He added that there are keywords and certain character sequences in the confidential data posted on the Wikileaks site that makes it identifiable with a high rate of accuracy.

Once the technology is in place, it's up to the agency whether they want to block someone's access to the classified information, or merely send an alert to the user and to network administrators that the information is being accessed.

While the focus of the current project is on Wikileaks content, ostensibly the company's work with the feds is to prevent any classified content from traveling on unclassified networks, Bertone said.

"The general problem is classified information -- not just Wikileaks, not just cables, but any classified information that leaks out in the public domain and goes flying all over the place," he said.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0279
Published: 2015-03-26
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

CVE-2015-0635
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device an...

CVE-2015-0636
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine,...

CVE-2015-0637
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315.

CVE-2015-0638
Published: 2015-03-26
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.