large organization nameservers sending icmp packets to dns servers.

Steve Gibbard scg at gibbard.org
Tue Aug 7 22:09:58 UTC 2007


On Tue, 7 Aug 2007, Donald Stahl wrote:

> It has nothing to do with judging how one runs their network or any other 
> such nonsense. The RFC's say TCP 53 is fine. If you don't want to follow the 
> rules, fine, but have the temerity to admit that it is stupid.

I don't want to wade into this particular argument, which doesn't seem to 
be going anywhere useful.  But I think the style of the argument causes 
some problems that trickle into network operations, and should be 
addressed.

The problem with this argument is that, while it may be entirely correct, 
it's unlikely to convince the people who matter.  The people who matter 
are the people who write the checks for the networks we work on.

Successful managers (and successful engineers) generally get pretty good 
at doing cost benefit analyses.  Since there are many decisions where 
there isn't one obvious answer, they learn instead to think in terms of 
each choice providing some benefits and having some costs, and doing the 
things where the benefits outweigh the costs.

In the firewall case, as Kevin said, there are probably people going to 
the decision makers and talking about the importance of keeping things 
closed up.  Every open firewall rule, they'll say, creates the potential 
for an attack.  Any attack could cause down time, unauthorized sharing of 
confidential data, loss of files people have spent the last several years 
working on, and more.  Therefore, the cost of an open firewall rule could 
potentially be millions of dollars.  The value of any service enabled by a 
hole in the firewall had better be more than that.

Is this argument valid?  Maybe not.  But the money people who make the 
decisions probably don't have the technical expertise to analyse it. 
Even if they suspect that the case for the policy is overstated, they'll 
associate some cost with ignoring the advice of their security people, as 
they probably should.

So, what's somebody who objects to such an argument to do?

You could go to management and say, "the security people are wrong.  The 
standard says we must open more ports.  To not do so would be wrong." 
But you may not like the choice this presents management with.  On one 
side, they've got you telling them to follow an arbitrary standard, 
because not doing so would be wrong.  On the other side, they're being 
told that taking your advice could cost millions of dollars.  Losing 
millions of dollars as a result of a refusal to heed warnings would 
probably get them fired, or worse.  Pointing at an arbitrary standard 
after things had gone wrong probably wouldn't get them very far.

Alternatively, you too could start speaking their cost benefit language. 
You could assail the security peoples' cost figures, although at that 
point you'd be asking them to distrust other employees and they might 
wonder if they should distrust you instead.  Or you could point out the 
costs of leaving the port closed, or possible benefits of leaving it open. 
If you can tell them that some fraction of their customers aren't able to 
get to them because of the closed port, and that those would be customers 
represent some large amount of revenue, you'll show that there's actual 
benefit to having the port open.  If that benefit is greater than the 
potential loss they're being told about, you might actually win the 
argument.  If you have some evidence to back up your numbers, you may have 
more credibility, and be able to win the argument with lower numbers.

Or, you may find that you're not as right as you thought you were.  You 
may find that what you were advocating doesn't seem to have any concrete 
benefit, and that what the other side was saying has some merit.  That may 
not happen in this case, but sooner or later you'll probably find one 
where it does.

-Steve



More information about the NANOG mailing list