gated communities - was Re: mitigating botnet
Edward Lewis
Ed.Lewis at neustar.biz
Wed Aug 2 14:22:50 UTC 2006
At 6:29 AM +0000 8/2/06, Paul Vixie wrote:
>as was true of spam when i said this about spam ten years ago, it is true
>now of botnets that the only technical solution is "gated communities". but
>the internet's culture, which merely mirrors the biases of those who use it,
>requires the ability for children to go door to door selling girl scout
>cookies, without necessarily having the key code to every one of the doors.
I agree with this in a number of dimensions.
One, look at mankind's physical security over the centuries. Walled
cities were once in vogue for defense. (Sieges were a DOS attack.)
Walled defenses evolved over time, yet there was always a need to
have gates for commerce. Eventually walls have become unimportant
(mere tourist curiosities) as wealth has shifted from the physical to
monetary realm (and then from gold bars to electronic accounts).
The goals of attacks, and the methods of attack shift. Defensive
strategies must, okay, ought to shift too.
Two, look at the DHS recommendation to secure the Internet via DNSSEC
and enhancing BGP. What amounts to an unfunded mandate to everyone
to "protect themselves" hasn't given much impetus to everybody
pitching in and making a safer Internet. My recommendation would
have been for the DHS to say to the (US Federal) government "the
Internet's an unsafe place, protect your self in dealing with
contractors and bidders but requiring all transactions be done with
suitable security." Basically protect your own first, recommend
safer actions for others, and allow those that want to be at risk to
continue doing so.
What I mean here is that building a gated community is more likely to
happen around the assets the government needs to protect than the
government is going to get others to voluntarily spend more resources
to defend against boogymen that may or may not exist. Money is more
easily spent to answer a need you know than to follow a
recommendation from someone you don't.
What is considered an acceptable level of safety is relative. For
those who get to ride in cars (taxis) around the world, how many
times have you been in a cab that has done something illegal in your
home country but is considered safe in another (because the action is
'expected')?
Gated communities, wall gardens, same thing. Both are counter to the
philosophy of which spawned the Internet. But they may also be the
only way to make the Internet a reliable tool for mankind and not
just an academic exercise run amok.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Soccer/Futbol. IPv6. Both have lots of 1's and 0's and have a hard time
catching on in North America.
More information about the NANOG
mailing list