Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: GRC rides again...

  • From: Stephen Kowalchuk
  • Date: Mon Jul 02 11:43:33 2001

There are some basic protections an ISP can take, but really what Gibson is
crying about is an end-node security problem.

What can ISPs do?  Doesn't their ability to add value to the security equation
revolve around each ISP performing its role in the process of routing and
distributing packets, no more and no less?  Aside from removing spoofed packets,
performing ingress and egress filtering, and responding to direct customer and
supplier needs, I don't see anything else an ISP itself can do.

One caveat to the above:  I don't buy all this bullshit about "peering" vs.
"customer/supplier" relationships.  If you send a packet to a network, you are
that network's supplier and should be willing to act in a supplier's capacity. 
If you receive a packet from a network, you are that network's customer and
should be willing to act as a customer.  If you are doing both, then you have to
put on both hats as needed and step up to take responsibility for the business
arrangement as it is.  Hiding behind peering agreements to ignore problems or
blame the other party solves nothing.

Lack of security clue on the part of an end-node is an end-node's problem.  If
all the people who run Windows boxes suddenly went to RedHat 7, we'd have a mass
of lpd, wu-ftpd, rpc.statd and similar problems.  The solution lies with
education of the ignorant masses on the basics of security.  While this is not
an ISP's responsibility, those immediately upstream of end-nodes may want to
offer it as a value-added service.  It would appear there is certainly a market. 

My $0.02.


-- 
--------------------------------------------------------------------------
Stephen Kowalchuk                                  skowalchuk@diamonex.com
Diamonex, Incorporated                             

Letting go does not mean you stop making decisions.  
You simply stop fighting where the decisions lead you.
--------------------------------------------------------------------------




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.