Santa Fe city government computers knocked out by worm

• Previous message (by thread): Santa Fe city government computers knocked out by worm
• Next message (by thread): Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 16 Nov 2003, Jamie Reid wrote:
> There was a comment (maybe even mine) in a previous thread
> about accepting a base level of potentially compromised hosts
> on a network, as the costs of rooting out every last one becomes
> unwieldly. Networks are large enough that security must be
> viewed as an economy of controls and risks instead of as a binary
> state of secure or compromised.

If your policy is not to root out every last one, then you need to
beef up your network so a single compromised host doesn't bring down the
whole network.  The Internet is evidence that a network can continue to
operate even with a very large number of compromised machines on a daily
basis. On the other hand, if a single user downloading a music file on
your network can take your entire network off the air for several
days, you may have a problem.

I've often tried to explain that ISPs generally view worms as a "capacity
planning" issue.  Worms change the "eco-system" of the Internet and ISPs
have to adapt.  But ISPs generally can't "fix" the end-users or their
computers.

System admins were able to completely eradicate the Morris worm.  But
most modern worms like Nimda, Code Red I/II, Slammer stick around.
Sometimes a new worm like Nachi supplants an older worm like Blaster.
Even if the ISP tries to be the great network firewall, we have mobile
computers with mobile code.  Laptops are too common, connecting to
multiple networks.

• Previous message (by thread): Santa Fe city government computers knocked out by worm
• Next message (by thread): Worm Bandwidth [was Re: Santa Fe city government computers knocked out by worm]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]