|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: botnets: web servers, end-systems and Vint Cerf [LONG, sorry]
> But suppose you put such a firewall in place. You'll need to > configure the firewall properly -- paying as much attention to > outbound rules as inbound. Sounds like a good thing to document in a best practices document that can be used to certify firewall implementations. When trying to solve a social problem, techniques like the Good Housekeeping seal of approval are quite effective. As recommended by the editors of... > You'll need to add anti-virus software. And anti-spyware software. > Then you need to make sure the "signature" databases for both of those > are updated early and often, What if the guidelines state that subscription and database oriented techniques for virus detection are not adequate and therefore not compliant. Only heuristic, capability-based systems are acceptable. > And you'll need to de-install IE and Outlook, Thus ensuring that Firefox/Thunderbird will be the main target of the malware people. Is this necessarily any better? Note that Windows provides an extensive series of hooks which can be used by an application which wishes to subvert the normal operation of the OS. That subversive application could be the security monitor which is required by the ISP for Internet access because it is recommended in your guidelines. > Something which requires this much work just to make it through its > first day online, while being used by J. Random Person, is hopelessly > inadequate. Which is why systems like this are routinely > compromised in > huge numbers. Which is why we have a large-scale problem on > our hands. We live in a complex world. Computers are more complex than they were. OSes are more complex. Apps are more complex. Networks are more complex. And SOLUTIONS are more complex. But if the designers of computers, OSes, apps and networks can deal with the complexity, why can't security folks do likewise? > This left me with >1.5M observed hosts seen in a month. > They're all sending > spam. (How do I know? Because 100% of the mail traffic sent to that > server is spam.) What you did sounds dumb except that you said this is an experiment. Unfortunately, real live email servers do exactly the same, i.e. talk to all comers, because the email architecture is flat like a pancake. Some people consider this to be a Windows malware problem. I consider it to be an email architecture problem. We all know that you need hierarchy to scale networks and I submit that any email architecture without hierarchy is broken by design and no amount of ill-thought-out bandaids will fix it. > Pop quiz, bonus round: how much does it cost Comcast to defend its > mail servers from Verizon's spam, and vice versa? Heck, how much > does it cost Comcast to defend its mail servers from its own spam? That actually sounds like an answerable question, if a company took it seriously enough. If the senders and receiver are both on your network, your finance department should be able to come up with some cost figures. --Michael Dillon
|