[192384] in North American Network Operators' Group
Re: Spitballing IoT Security
daemon@ATHENA.MIT.EDU (Mel Beckman)
Thu Oct 27 10:02:22 2016
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Mike Meredith <mike.meredith@port.ac.uk>
Date: Thu, 27 Oct 2016 14:02:16 +0000
In-Reply-To: <20161027100455.3fe4cf14@scrofula.eps.is.port.ac.uk>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Requiring manual approval is an excellent idea for the ThingSafe RFC!
-mel=20
> On Oct 27, 2016, at 2:10 AM, Mike Meredith <mike.meredith@port.ac.uk> wro=
te:
>=20
> On Thu, 27 Oct 2016 07:59:00 +0200, Eliot Lear <lear@ofcourseimright.com>
> may have written:
>> Well yes. uPnP is a problem precisely because it is some random device
>> asserting on its own that it can be trusted to do what it wants. Had
>=20
> From my own personal use (and I'm aware that this isn't a general
> solution), I'd like a device that sat on those uPnP requests until I logg=
ed
> into the admin interface to review them. Now if you could automate _me_
> then it might become more generally useful :-
>=20
> uPnP(ssh, for admin access) -> f/w
>=20
> f/w -> uPnP device: Don't be silly.
>=20
>> But if instead of a pet feeder we're talking about a home file sharing
>> system or a video camera where you don't want to share the feed into the
>> cloud? There will be times when people want inbound connections. We
>> need an architecture that supports them.
>=20
> As someone who manages an application-based firewall, every problem looks
> like it would be easier to solve using an application-based firewall :)
>=20
> --=20
> Mike Meredith, University of Portsmouth
> Principal Systems Engineer, Hostmaster, Security, and Timelord!
>=20
