North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: layered security for the modern Internet
- From: E.B. Dreger
- Date: Sun Mar 07 16:17:14 2004
CJW> Date: Sun, 7 Mar 2004 12:56:35 -0700
CJW> From: Christopher J. Wolff
CJW> My favorite idiom is; "You're either part of the problem or
CJW> part of the solution."
Thanks for your contribution.
CJW> What's your solution?
There's no one single answer. That's the whole point. The
closest thing to a single answer would be "shift the cost of
failure to the responsible party", but that's still insufficient.
One must use many tactics -- prefix-list, filter-list, customer
education, SAV, etc. -- and expect the same from upstreams,
peers, and downstreams. Note that it's much easier to ask
something of others when one has demonstrated willingness to do
Software vendors should be held more accountable for exploitable
bugs that go unfixed. Admins should be held more accountable for
systems that go unpatched. I realize not every car owner is a
mechanic, but car owners who drive oil-burning, tailpipe-dragging
jalopies with no headlights quickly learn that's no excuse.
What about using a non-executable stack segment in $os on
platforms where that's possible/necessary? Teaching about buffer
overruns and race conditions in elementary programming classes
sounds worthy to me, too.
In short: My solution is for all these _parts_ of the answer to
receive the attention and action they deserve. It's a bit harder
than griping on NANOG about the lack of turnkey answer every
three weeks, but probably at least effective enough to warrant a
bit of attention.
People gripe about the cost of exploits and attacks, yet complain
about the costs of preventative measures. If the preventative
measures are too expensive, then evidently the consequences are
That said, I'm eagerly awaiting your silver bullet. (Or are you
part of the problem?)
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
DO NOT send mail to the following addresses :
email@example.com -or- firstname.lastname@example.org -or- email@example.com
Sending mail to spambait addresses is a great way to get blocked.