Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: The Backhoe: A Real Cyberthreat?

  • From: Robert E.Seastrom
  • Date: Thu Jan 19 16:45:29 2006


Jim Popovitch <jimpop@yahoo.com> writes:

> Jerry Pasker wrote:
>> The point is:  What's more damaging?  Being open with the maps to
>> EVERYONE can see where the problem areas are so they can design
>> around them? (or chose not to) or pulling the maps, and reports, and
>> sticking our heads in the sand, and hoping that security through
>> obscurity works.
>
> Let's look at this from another point of view:  Should we remove all
> keylocks from backhoes so that everyone can have access to them?  :-)

This analogy is faulty, but illuminating insofar as it illustrates the
fallacy of putting up low bars to access that don't actually stop
people who're willing to put a little bit of effort into beating it.

Keylocks only work when your threat model is drunk fratboys or bored
teenagers (which is not necessary a disjoint set).  They aren't a
significant part of the threat model for intentional fiber cuts.

Any John Deere dealer will be able to supply you with a key that
operates the vast majority of John Deere equipment of a certain type.
Anyone who can plan ahead enough to order from eBay is in like Flynn.

http://cgi.ebay.com/12-JD-Keys-3-John-Deere-Equipment-Key-Sets-NEW_W0QQitemZ7581349645QQcategoryZ41507QQrdZ1QQcmdZViewItem


> I'm all for openness, but sometimes some things only need to be accessed
> and used by the professionals that need those things.  I fully trust
> that the big network operators, the ones that really really do need
> this data, have all the info they need to plan their network
> expansions, etc. I don't need to see this data, even though I might
> want to.

Then don't look at it.  :)

                                        ---Rob





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.