Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: layered security for the modern Internet

  • From: E.B. Dreger
  • Date: Sun Mar 07 16:17:14 2004

CJW> Date: Sun, 7 Mar 2004 12:56:35 -0700
CJW> From: Christopher J. Wolff

CJW> My favorite idiom is; "You're either part of the problem or
CJW> part of the solution."

Thanks for your contribution.

CJW> What's your solution?

There's no one single answer.  That's the whole point.  The
closest thing to a single answer would be "shift the cost of
failure to the responsible party", but that's still insufficient.

One must use many tactics -- prefix-list, filter-list, customer
education, SAV, etc. -- and expect the same from upstreams,
peers, and downstreams.  Note that it's much easier to ask
something of others when one has demonstrated willingness to do
the same.

Software vendors should be held more accountable for exploitable
bugs that go unfixed.  Admins should be held more accountable for
systems that go unpatched.  I realize not every car owner is a
mechanic, but car owners who drive oil-burning, tailpipe-dragging
jalopies with no headlights quickly learn that's no excuse.

What about using a non-executable stack segment in $os on
platforms where that's possible/necessary?  Teaching about buffer
overruns and race conditions in elementary programming classes
sounds worthy to me, too.

In short:  My solution is for all these _parts_ of the answer to
receive the attention and action they deserve.  It's a bit harder
than griping on NANOG about the lack of turnkey answer every
three weeks, but probably at least effective enough to warrant a
bit of attention.

People gripe about the cost of exploits and attacks, yet complain
about the costs of preventative measures.  If the preventative
measures are too expensive, then evidently the consequences are

That said, I'm eagerly awaiting your silver bullet.  (Or are you
part of the problem?)

EverQuick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
          DO NOT send mail to the following addresses : -or- -or-
Sending mail to spambait addresses is a great way to get blocked.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.