How to secure the Internet in three easy steps
Sean Donelan
sean at donelan.com
Fri Oct 25 17:14:22 UTC 2002
Assuming no time, money, people, etc resource constraints; securing the
Internet is pretty simple.
1. Require all providers install and manage firewalls on all subscriber
connections enforcing source address validation.
2. Prohibit subscribers from running services on their own machines. Only
approved provider managed servers should provide services to users.
3. Prohibit direct subscriber-to-subscriber communication, except through
approved NSP protocol gateways. Only approved NSP-to-NSP proxied traffic
should be exchanged between network providers.
Are there some down-sides? Sure. But who really needs the end-to-end
principle or uncontrolled innovation.
"No, the electric telegraph is not a sound invention. It will always be
at the mercy of the slightest disruption, wild youths, drunkards, bums,
etc.... The electric telegraph meets those destructive elements with
only a few meters of wire over which supervision is impossible. A
single man could, without being seen, cut the telegraph wires leading
to Paris, and in twenty-four hours cut in ten different places the
wires of the same line, without being arrested."
- Dr. Barbay, Paris France, 1846
More information about the NANOG
mailing list