Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

Sean Donelan sean at donelan.com
Sun Feb 11 04:40:47 UTC 2007


On Tue, 6 Feb 2007, Roy wrote:
> Its amazing how reporters has to butcher technology information to make it 
> understood by their editors
>
> http://www.cnn.com/2007/TECH/internet/02/06/internet.attacks.ap/index.html?eref=rss_topstories

Do we keep missing opportunities?

Yes, it was a minor incident, just like a minor earthquake, the hurricane 
that doesn't hit, the fire that is exitinguished. But it was also an 
opportunity to get the message out to the public about the things they 
can do to take control.

We remind people what to do in a tornado, earthquake, flood, hurricane, 
etc.  This on-going education does help; even though some people still
drive their cars through moving water or go outside to watch the tornado.


Instead of pointing fingers at South Korea, China, etc, every country
with compromised computers (all of them) are the problem.  The United 
States may be slow as far as broadband, but it makes up for it in the 
number of compromised computers.

We may know the drill, but it doesn't hurt to repeat message everytime
we have the public's attention for 15 seconds.

1. Turn on Automatic Update if your computer isn't managed by a full-time 
IT group.

    Microsoft Windows, Apple MAC OS/X, and several versions of Linux
    have Automatic Update available.  Most vendors make security patches
    available to users whether or not the software is licensed or
    un-licensed.

    Zero day exploits may be sexy and get the press attention, but the
    long-term problem are the computers that never get patched.  The VML
    exploit on the football stadium websites was patched last month; but
    its not how fast a patch is released, its how fast people install it.

2. Use a hardware firewall/router for your broadband connection and turn 
on the software firewall on your computer in case you ever move your
computer to a different network.

     Use Wireless security (WEP, WPA, VPN, SSL, etc) if using a WiFi access
     point, or turn off the radio on both your home gateway and computer
     if you are not using WiFi.

3. Even if your computer is secure, miscreants depend on your trust. Be 
suspicious of messages, files, software; even if it appears to come from a 
person or company you trust.

    Anti-spam, anti-spyware, anit-virus, anti-phishing tools can help.  But
    don't assume because you are using them, you can click on everything
    and still be safe.  The miscreants are always finding new ways around
    them.

    It may just be human nature, but people seem to engage in more risky
    behavior when they believe they are protected.

4. If your computer is compromised, unplug it until you can get it fixed.

     Its not going to fix itself, and ignoring the problem is just going
     to get worse.



More information about the NANOG mailing list