[65250] in North American Network Operators' Group
Re: Cisco, Anti-virus Vendors Team on Network Security
daemon@ATHENA.MIT.EDU (Laurence F. Sheldon, Jr.)
Tue Nov 18 15:53:43 2003
Date: Tue, 18 Nov 2003 14:52:50 -0600
From: "Laurence F. Sheldon, Jr." <larrysheldon@cox.net>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Sean Donelan wrote:
>
> On Tue, 18 Nov 2003 Valdis.Kletnieks@vt.edu wrote:
> > > Without the secret handshake Mac OS, Linux, Solaris and other operating
> > > systems will not be able to connect to a Cisco Self-Defending Network
> > > which limits its usefullness for ISPs.
> >
> > A *nix without a secret handshake is like a fish without a bicycle.
> >
> > Yes, viruses *are* theoretically possible on these platforms, but let's
> > be honest here - even if you included all of the platforms, you'd only
> > intercept another 1% or so viruses, tops.
>
> Well, if you let systems on the network without the secret handshake,
> what's to stop people from connecting Windows boxes with the "security"
> software disabled so it doesn't answer the "I'm Infected" question? Or
> the next virus can take over the Cisco secret handshake port and always
> answer "I'm Ok" when ever the network asks it a question.
>
> How does the Self-Protecting Network tell the difference between a
> non-infected Mac or Unix machine from a Typhod Mary Windows bo if you are
> depending on software on the system to answer the question?
>
> Yes, some level of security works when every obeys the rules. But the
> current problem ISPs have is not everyone obeys the rules.
Or maybe the problem is yet another single-vendor impostion of a
"global" protocol standard.
