gated communities - was Re: mitigating botnet
Edward Lewis
Ed.Lewis at neustar.biz
Wed Aug 2 15:44:20 UTC 2006
It was pointed out to me that I'm even less of a historian than a
lawyer...walls became unimportant (security-wise) when warfare
changed. But still, what's being defended has also changed.
At 10:22 AM -0400 8/2/06, Edward Lewis wrote:
>At 6:29 AM +0000 8/2/06, Paul Vixie wrote:
>
>>as was true of spam when i said this about spam ten years ago, it is true
>>now of botnets that the only technical solution is "gated communities". but
>>the internet's culture, which merely mirrors the biases of those who use it,
>>requires the ability for children to go door to door selling girl scout
>>cookies, without necessarily having the key code to every one of the doors.
>
>I agree with this in a number of dimensions.
>
>One, look at mankind's physical security over the centuries. Walled
>cities were once in vogue for defense. (Sieges were a DOS attack.)
>Walled defenses evolved over time, yet there was always a need to
>have gates for commerce. Eventually walls have become unimportant
>(mere tourist curiosities) as wealth has shifted from the physical
>to monetary realm (and then from gold bars to electronic accounts).
>
>The goals of attacks, and the methods of attack shift. Defensive
>strategies must, okay, ought to shift too.
>
>Two, look at the DHS recommendation to secure the Internet via
>DNSSEC and enhancing BGP. What amounts to an unfunded mandate to
>everyone to "protect themselves" hasn't given much impetus to
>everybody pitching in and making a safer Internet. My
>recommendation would have been for the DHS to say to the (US
>Federal) government "the Internet's an unsafe place, protect your
>self in dealing with contractors and bidders but requiring all
>transactions be done with suitable security." Basically protect
>your own first, recommend safer actions for others, and allow those
>that want to be at risk to continue doing so.
>
>What I mean here is that building a gated community is more likely
>to happen around the assets the government needs to protect than the
>government is going to get others to voluntarily spend more
>resources to defend against boogymen that may or may not exist.
>Money is more easily spent to answer a need you know than to follow
>a recommendation from someone you don't.
>
>What is considered an acceptable level of safety is relative. For
>those who get to ride in cars (taxis) around the world, how many
>times have you been in a cab that has done something illegal in your
>home country but is considered safe in another (because the action
>is 'expected')?
>
>Gated communities, wall gardens, same thing. Both are counter to
>the philosophy of which spawned the Internet. But they may also be
>the only way to make the Internet a reliable tool for mankind and
>not just an academic exercise run amok.
>
>--
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>Edward Lewis +1-571-434-5468
>NeuStar
>
>Soccer/Futbol. IPv6. Both have lots of 1's and 0's and have a hard time
>catching on in North America.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Soccer/Futbol. IPv6. Both have lots of 1's and 0's and have a hard time
catching on in North America.
More information about the NANOG
mailing list