Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Internet Monitoring Center

  • From: Kuhtz, Christian
  • Date: Fri Jan 31 10:38:27 2003



I very much agree with Vladis here.  

I'm probably stating the obvious, but.. One of the major points visible
during virtually any one of these significant security events is the way
coordination works, how well processes are defined and how well they end up
working in terms of tactical detection & response.  Sure, strategic
preparation is crucial, too, laying the ground work for tactical activities,
but ultimately it matters how well you can execute and communicate.

Question on my mind is just how much more aggressive the impact of a worm
etc can be before it overwhelms the ability to coordinate effectively to
stop it before everything goes critical.  As we gear up on the service
provider side, the other side in this arms race tries to think of new ways
to create maximum damage quickly.  If they fail to beat the their victims to
the punch, they fizzle.

I don't believe that a large scale monitoring center is effective in the
long run as communication becomes evermore pervasive.  I believe a
coordination/communication's facility is far more effective, and we'd all be
better served with that.  But unless we can demonstrate that information
overload along the lines of "more isn't necessarily better" doesn't increase
effectiveness, these knee jerk reactions (with secondary agendas) will
continue ever since they were kicked off post-9/11.  In fact, I don't think
it's all that far off to think that the scale required will tie up
tremendous resources and just be in itself another target for being DoS'ed
by way of information overload.   And I'm not even going to go down the road
of all the concerns of what happens with the massive amount of information
being collected, in a jurisdiction lacking effective privacy protection as
it is.  YMMV.

Thanks,
Christian

-----Original Message-----
From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]

On Thu, 30 Jan 2003 04:21:40 CST, Jack Bates <jbates@brightok.net>  said:

> in this. My question is why large providers couldn't interlink themselves
> and establish guidelines for notification and resolution of network
issues.
> They manage it for peering, why not for overall performance and security
> issues?

"I'll get back to you Tuesday or when NANOG posts embarrass me" works for
peering issues, but not for security issues.
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech



*****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.