Nato warns of strike against cyber attackers

Joe Greco jgreco at ns.sol.net
Wed Jun 9 07:49:24 CDT 2010


> > I'm all fine with noting that certain products are particularly awful.
> > However, we have to be aware that users are simply not going to be required
> > to go get a CompSci degree specializing in risk management and virus
> > cleansing prior to being allowed to buy a computer.  This implies that our
> > operating systems need to be more secure, way more secure, our applications
> > need to be less permissive, probably way less permissive, probably even
> > sandboxed by default, our networks need to be more resilient to threats,
> > ranging from simple things such as BCP38 and automatic detection of certain
> > obvious violations, to more comprehensive things such as mandatory virus
> > scanning by e-mail providers, etc., ...  there's a lot that could be done,
> > that most on the technology side of things have been unwilling to commit
> > to.
> 
> Great comments Joe, and I agree with you that there is a lot more that
> can be done and should be done, but there is a main difference with
> your recount about the auto industry, all those changes were pushed by
> evolving regulation and changes in the law and enforcement.

Oh, good, you GOT my point.

> Going back then to a previous question, do we want more/any regulation ?

We're going to get it, I think, because collectively we're too stupid to
self-regulate.

Locally, for example, we implement BCP38, we screen potential customers,
and we have an abuse desk that will be happy to help.  If you complain to
us that you're getting packets from a customer here that contain the data
octet 0x65, we'll put a stop to it (though you'll probably stop getting
packets entirely), because we feel that it's being a good neighbour to
not send things that we've been told are not wanted.

Most network providers are in the unfortunate position of having allowed
themselves to get too swamped and/or don't care to begin with.  Running a
dirty network is the norm, just as running Windows (sorry Gates) is the
norm, just as running Internet Explorer is something of a norm, just as
running with Administrator privs is the norm, etc.  We've allowed horrible
practices to become the norm.  It's exceedingly hard to fix a bad norm.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.




More information about the NANOG mailing list