[91499] in North American Network Operators' Group
Re: gated communities - was Re: mitigating botnet
daemon@ATHENA.MIT.EDU (Edward Lewis)
Wed Aug 2 11:45:01 2006
In-Reply-To: <a06230901c0f661f87f8b@[10.31.32.79]>
Date: Wed, 2 Aug 2006 11:44:20 -0400
To: Edward Lewis <Ed.Lewis@neustar.biz>
From: Edward Lewis <Ed.Lewis@neustar.biz>
Cc: nanog@merit.edu, ed.lewis@neustar.biz
Errors-To: owner-nanog@merit.edu
It was pointed out to me that I'm even less of a historian than a
lawyer...walls became unimportant (security-wise) when warfare
changed. But still, what's being defended has also changed.
At 10:22 AM -0400 8/2/06, Edward Lewis wrote:
>At 6:29 AM +0000 8/2/06, Paul Vixie wrote:
>
>>as was true of spam when i said this about spam ten years ago, it is true
>>now of botnets that the only technical solution is "gated communities". but
>>the internet's culture, which merely mirrors the biases of those who use it,
>>requires the ability for children to go door to door selling girl scout
>>cookies, without necessarily having the key code to every one of the doors.
>
>I agree with this in a number of dimensions.
>
>One, look at mankind's physical security over the centuries. Walled
>cities were once in vogue for defense. (Sieges were a DOS attack.)
>Walled defenses evolved over time, yet there was always a need to
>have gates for commerce. Eventually walls have become unimportant
>(mere tourist curiosities) as wealth has shifted from the physical
>to monetary realm (and then from gold bars to electronic accounts).
>
>The goals of attacks, and the methods of attack shift. Defensive
>strategies must, okay, ought to shift too.
>
>Two, look at the DHS recommendation to secure the Internet via
>DNSSEC and enhancing BGP. What amounts to an unfunded mandate to
>everyone to "protect themselves" hasn't given much impetus to
>everybody pitching in and making a safer Internet. My
>recommendation would have been for the DHS to say to the (US
>Federal) government "the Internet's an unsafe place, protect your
>self in dealing with contractors and bidders but requiring all
>transactions be done with suitable security." Basically protect
>your own first, recommend safer actions for others, and allow those
>that want to be at risk to continue doing so.
>
>What I mean here is that building a gated community is more likely
>to happen around the assets the government needs to protect than the
>government is going to get others to voluntarily spend more
>resources to defend against boogymen that may or may not exist.
>Money is more easily spent to answer a need you know than to follow
>a recommendation from someone you don't.
>
>What is considered an acceptable level of safety is relative. For
>those who get to ride in cars (taxis) around the world, how many
>times have you been in a cab that has done something illegal in your
>home country but is considered safe in another (because the action
>is 'expected')?
>
>Gated communities, wall gardens, same thing. Both are counter to
>the philosophy of which spawned the Internet. But they may also be
>the only way to make the Internet a reliable tool for mankind and
>not just an academic exercise run amok.
>
>--
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>Edward Lewis +1-571-434-5468
>NeuStar
>
>Soccer/Futbol. IPv6. Both have lots of 1's and 0's and have a hard time
>catching on in North America.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Soccer/Futbol. IPv6. Both have lots of 1's and 0's and have a hard time
catching on in North America.
