Trends in network operator security
batsy at vapour.net
Tue Dec 30 10:00:02 UTC 2003
So I said some things around this time last year
and it's funny how things turned out.
On Thu, 9 Jan 2003, batz wrote:
:Date: Thu, 9 Jan 2003 13:29:52 -0500 (EST)
:From: batz <batsy at vapour.net>
:To: Sean Donelan <sean at donelan.com>
:Cc: nanog at merit.edu
:Subject: Re: Trends in network operator security
:On Wed, 8 Jan 2003, Sean Donelan wrote:
::Its 2003 and everyone is making their predictions. What trends are
::network operators seeing for Internet security?
:- Backdoors will be found in every major OS after they have been shipped
: on disk.
Alright, this was wrong, except for a few breakins discovered
at sourceforge, debian.org and others. There was no evidence
that compromised code made it to the CD distros. However, in
a discussion about how to most effectively do this, it would
be sneakier to just submit crappy exploitable code than a real
and insidious backdoor. If you are feeling generous, you could
give me this one for indirectly predicting attacks against OS
:- More reports of trojaned packages.
:- Resurgance of the "cc" conspiracy that says all code is backdoored
: by the compiler.
My bad. Variation on the same theme anyway.
:- Dealing with mountains of IDS data. Especially as customers
: and investors demand the use of these kinds of technologies.
Yup. Massive movement on this. Dshields CIDR and ASN queries, the
explosive growth in IDS data mining tools make this a sound
:- Demands from LEO's regarding tracking users of wireless networks.
: General legal attacks on any technology that facilitates anonymity.
Yup. It was near the end of the year, but police are starting to scratch
their heads on how to find users of wireless networks surfing
for nasty things.
:- Blame shifted to the service provider for vulnerabilities, more ISP's
: will get into the managed security business. They will be the next big
: vertical for MSS companies.
Eh, dunno about this. Yes, everyone is a managed security services
provider these days. Your call.
:- Spam will finally be widely recognized as a security issue. My pet
: definition of spam being any message that relies on the lack of
: policy enforcement features in mail protocols for delivery, will be
: widely adopted.
Yup. It isn't just a boring administrative issue anymore,
spammers are writing viruses, worms and hijacking ip address space.
The idea of whitelisting or authenticating email is part of the
:- Lots of new exploits affecting image processing and multi-media
: libraries and applications.
Yup. I got a kick out of this one. Sad but true. MP3 and other player
exploits were popular for the first part of the year.
:Multi-payload and multi-attack vector worms and viruses. More
:hostile code that uses mail and file shares to spread.
Yup. This was an easy one, bordering on a horoscope, but right
:Tunneling protocols and applications to evade firewalls,
Eh, maybe not. At least nothing really mainstream.
:Security, security and more security.
I'll have a new list ready in a bit. I'll try to be more
specific and aim for accuracy.
Happy New Year:)
More information about the NANOG