|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical gated communities - was Re: mitigating botnet
At 6:29 AM +0000 8/2/06, Paul Vixie wrote: as was true of spam when i said this about spam ten years ago, it is true now of botnets that the only technical solution is "gated communities". but the internet's culture, which merely mirrors the biases of those who use it, requires the ability for children to go door to door selling girl scout cookies, without necessarily having the key code to every one of the doors. I agree with this in a number of dimensions. One, look at mankind's physical security over the centuries. Walled cities were once in vogue for defense. (Sieges were a DOS attack.) Walled defenses evolved over time, yet there was always a need to have gates for commerce. Eventually walls have become unimportant (mere tourist curiosities) as wealth has shifted from the physical to monetary realm (and then from gold bars to electronic accounts). The goals of attacks, and the methods of attack shift. Defensive strategies must, okay, ought to shift too. Two, look at the DHS recommendation to secure the Internet via DNSSEC and enhancing BGP. What amounts to an unfunded mandate to everyone to "protect themselves" hasn't given much impetus to everybody pitching in and making a safer Internet. My recommendation would have been for the DHS to say to the (US Federal) government "the Internet's an unsafe place, protect your self in dealing with contractors and bidders but requiring all transactions be done with suitable security." Basically protect your own first, recommend safer actions for others, and allow those that want to be at risk to continue doing so. What I mean here is that building a gated community is more likely to happen around the assets the government needs to protect than the government is going to get others to voluntarily spend more resources to defend against boogymen that may or may not exist. Money is more easily spent to answer a need you know than to follow a recommendation from someone you don't. What is considered an acceptable level of safety is relative. For those who get to ride in cars (taxis) around the world, how many times have you been in a cab that has done something illegal in your home country but is considered safe in another (because the action is 'expected')? Gated communities, wall gardens, same thing. Both are counter to the philosophy of which spawned the Internet. But they may also be the only way to make the Internet a reliable tool for mankind and not just an academic exercise run amok. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Soccer/Futbol. IPv6. Both have lots of 1's and 0's and have a hard time catching on in North America.
|