Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How to secure the Internet in three easy steps

  • From: Paul Vixie
  • Date: Fri Oct 25 14:14:05 2002

> Assuming no time, money, people, etc resource constraints; securing the
> Internet is pretty simple.
> 
> 1. Require all providers install and manage firewalls on all subscriber
> connections enforcing source address validation.
> 
> 2. Prohibit subscribers from running services on their own machines.  Only
> approved provider managed servers should provide services to users.
> 
> 3. Prohibit direct subscriber-to-subscriber communication, except through
> approved NSP protocol gateways.  Only approved NSP-to-NSP proxied traffic
> should be exchanged between network providers.
> 
> Are there some down-sides? Sure.  But who really needs the end-to-end
> principle or uncontrolled innovation.

i can see how the end to end principle applies in cases 2 and 3, but not 1.
-- 
Paul Vixie




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.