Re: [WISPA] NCIC, FIPS, and wireless
In our area the police use EVDO broadband cards over the open internet. Access to their network is over a IPSEC VPN. Not sure if that is technically in compliance or not but they have been running like that for over a year. On Wed, Jul 22, 2009 at 11:47 AM, Rogelioscubac...@gmail.com wrote: I'm planning out a wireless network, and the police want a piece of the action. I'm also guessing that FIPS compliancy addresses NCIC concerns, and I was wondering if anyone could comment on that being sufficient. I'm also wondering if a dual form of authentication adequately addresses the security issues. From what I can tell, if the police do any of the following things (listed in the URL below), then they have to follow NCIC http://www.fbi.gov/hq/cjisd/ncic.htm A contact of mine who works for the police tells me the following interesting things about NCIC, which I'd love feedback on... --if you use PtP links (e.g. T1 lines) between sites, requirements are very lax --if you don't use PtP links, then you'll likely need two form authentication (not necessarily two on separate bands) --everyone assumes that a police network *will* be in compliance --people often build police networks with compliance, as someone will inevitably put secure stuff on top of it later --the penalty for not being compliant is getting shut down until everything is reviewed --only police departments can ask the DOJ for clarification on what is and isn't compliant (vendors can't ask directly) WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] NCIC, FIPS, and wireless
I provide some service to the local PD. You provide transport, and transport only. The PD and their IT guys should do all of the encryption... You REALLY don't want to be responsible for the security of their data. Does the telco provide encryption? No way.. Easy and cheap to do, but the risk! If you are the contracted IT guy then do it as a separate part of the contract.. Then have a third party certify your system. The higher up LEO will probably do this for you. (sheriff or state patrol) Hope this helps, ryan ryan -Original Message- From: Jon Auer j...@tapodi.net Sent: Wednesday, July 22, 2009 9:51 AM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] NCIC, FIPS, and wireless In our area the police use EVDO broadband cards over the open internet. Access to their network is over a IPSEC VPN. Not sure if that is technically in compliance or not but they have been running like that for over a year. On Wed, Jul 22, 2009 at 11:47 AM, Rogelioscubac...@gmail.com wrote: I'm planning out a wireless network, and the police want a piece of the action. I'm also guessing that FIPS compliancy addresses NCIC concerns, and I was wondering if anyone could comment on that being sufficient. I'm also wondering if a dual form of authentication adequately addresses the security issues. From what I can tell, if the police do any of the following things (listed in the URL below), then they have to follow NCIC http://www.fbi.gov/hq/cjisd/ncic.htm A contact of mine who works for the police tells me the following interesting things about NCIC, which I'd love feedback on... --if you use PtP links (e.g. T1 lines) between sites, requirements are very lax --if you don't use PtP links, then you'll likely need two form authentication (not necessarily two on separate bands) --everyone assumes that a police network *will* be in compliance --people often build police networks with compliance, as someone will inevitably put secure stuff on top of it later --the penalty for not being compliant is getting shut down until everything is reviewed --only police departments can ask the DOJ for clarification on what is and isn't compliant (vendors can't ask directly) WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] NCIC, FIPS, and wireless
It's been several years, but a 128 bit encrypted Citrix over 128 bit PPTP VPN passed FCIC/NCIC audits several years ago, as well as Web based FCIC SSL over 128 bit PPTP XP DUN to Mikrotik VPN is still passing audits via Sprint Wireless (the regular civilian version, not the direct to T1 version that they also sell for large departments). - Original Message - From: D. Ryan Spott rsp...@cspott.com To: WISPA General List wireless@wispa.org Sent: Wednesday, July 22, 2009 2:55 PM Subject: Re: [WISPA] NCIC, FIPS, and wireless I provide some service to the local PD. You provide transport, and transport only. The PD and their IT guys should do all of the encryption... You REALLY don't want to be responsible for the security of their data. Does the telco provide encryption? No way.. Easy and cheap to do, but the risk! If you are the contracted IT guy then do it as a separate part of the contract.. Then have a third party certify your system. The higher up LEO will probably do this for you. (sheriff or state patrol) Hope this helps, ryan ryan -Original Message- From: Jon Auer j...@tapodi.net Sent: Wednesday, July 22, 2009 9:51 AM To: WISPA General List wireless@wispa.org Subject: Re: [WISPA] NCIC, FIPS, and wireless In our area the police use EVDO broadband cards over the open internet. Access to their network is over a IPSEC VPN. Not sure if that is technically in compliance or not but they have been running like that for over a year. On Wed, Jul 22, 2009 at 11:47 AM, Rogelioscubac...@gmail.com wrote: I'm planning out a wireless network, and the police want a piece of the action. I'm also guessing that FIPS compliancy addresses NCIC concerns, and I was wondering if anyone could comment on that being sufficient. I'm also wondering if a dual form of authentication adequately addresses the security issues. From what I can tell, if the police do any of the following things (listed in the URL below), then they have to follow NCIC http://www.fbi.gov/hq/cjisd/ncic.htm A contact of mine who works for the police tells me the following interesting things about NCIC, which I'd love feedback on... --if you use PtP links (e.g. T1 lines) between sites, requirements are very lax --if you don't use PtP links, then you'll likely need two form authentication (not necessarily two on separate bands) --everyone assumes that a police network *will* be in compliance --people often build police networks with compliance, as someone will inevitably put secure stuff on top of it later --the penalty for not being compliant is getting shut down until everything is reviewed --only police departments can ask the DOJ for clarification on what is and isn't compliant (vendors can't ask directly) WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
