본문 바로가기

위키리크스

WHAT IS SIPRNET? - 미국방부 인터넷망 The Secret Internet Protocol Router Network

위키리크스에 미 국무부 비밀전문등을 넘겨준 것으로 알려진 브래들리 매닝은 미 국방부 인터넷망에도 접속해
이라크전과 아프카니스탄전 비밀문서도 빼냈습니다

브래들리 매닝이 접속한 미 국방부 인터넷망이 SIPRNET  입니다
아래는 미 국방부 인터넷망 '시크릿 인터넷 프로토콜 라우터 네트웍'이 무엇인지 설명하고 있습니다

====================================================================================

The Secret Internet Protocol Router Network (SIPRNET) is the Department of Defense's largest network for the exchange of classified information and messages at the SECRET level. It supports the Global Command and Control System, the Defense Message System, and numerous other classified warfighting and planning applications. Although the SIPRNET uses the same communications procedures as the Internet, it has dedicated and encrypted lines that are separate from all other communications systems. It is the classified counterpart of the Unclassified but Sensitive Internet Protocol Router Network (NIPRNET), which provides seamless interoperability for unclassified combat support applications and controlled access to the Internet.

Access to the SIPRNET requires a SECRET level clearance or higher and a need to have information that is available only on the SIPRNET. Because the SIPRNET is an obvious target for hostile penetration, a number of strict security procedures are applied. All users must be approved and registered. Passwords must be changed at least every 150 days and must have at least 10 characters including two upper case letters, two lower case letters, two numbers, and two special characters. When a person is using the SIPRNET, he/she must not leave the workstation unattended.

A computer with a non-removable hard drive used to access the SIPRNET must be located in an area approved for open storage of SECRET information.  A computer with a removable hard drive does not have to be in an open storage location, but the hard drive must be appropriately marked with the classification of the material it contains and, when not in use, must be removed and stored in a container approved for the storage of SECRET information. If physical keys are used, they will be numbered and stored in a container approved for the storage of SECRET material.

Linking a computer with access to the SIPRNET to the Internet or to any other computer or media storage device that has not been approved for use with SECRET information is a serious security violation. Once any media storage device such as a CD, floppy disk, or memory stick has been connected to a computer with access to the SIPRNET, it becomes classified at the SECRET level. It must be protected accordingly and shall not be used on any unclassified computer.  Classified information retrieved from the SIPRNET should not be accessed via NIPRNET 

Technological advances in storage devices are making it easier for classified information to be removed from secure areas. Data-storage devices such as Personal Digital Assistants (PDA), Key-chain drives, Memory watches etc, should not be allowed in an environment where classified information is processed because of their infrared and similar recording capabilities. For computers used to process classified information, it is recommended that infrared (IR) port beaming capability be disabled. If the IR port is unable to be disabled, cover the IR port with metallic tape.

A SIPRNET workstation cannot be attached to a shared or networked NIPRNET printer.  It can only be attached to a local printer directly connected to the workstation in a secure area. You are responsible for ensuring that all classified printed material is properly marked and for complying with appropriate procedures for removing that material from the vaulted or other secure area. Personnel with access to the SIPRNET must receive security awareness training at least once a year tailored to the SIPRNET system and the kinds of information accessed on that system.

The SIPRNET system maintains an audit trail of all users. This includes the identity of all persons accessing or attempting to access the SIPRNET, date and time of logon/logoff, and any noteworthy activities that might indicate an attempt to modify, bypass, or negate security safeguards.