<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body><div>Security is normally talked about with regards to Confidentiality, Integrity and Accessibility. Encryption, Cryptography (and other methods for Non-repudiation) and Service availability are all very much in the class of "solved problems" for those that care, and in many cases solved on behalf of those that don't. <br></div>
<div><br></div>
<div>Leaving local file sharing services open to the internet, not patching critical vulnerabilities (nearly two months to the day) and wondering why things get onto your network? Anyone that doesn't build a roof over their head is going to get wet when it rains. That's not even having your pants on the right way around at this point.<br></div>
<div><br></div>
<div>Every current operating system has a host-based firewall which is either on by default or easy to enable. SSL's entirely free, and unless you go out of your way to turn off updates or these other systems, then you're fine. I know a couple of environments which haven't patched, but the only way for this to hit them is for a bunch of other simple-to-implement-but-hard-to-bypass controls to be manually disconnected.<br></div>
<div><br></div>
<div>What security could we build into the protocol that isn't already in the layers available? I'd love to know, so I can start helping to make it work.<br></div>
<div><br></div>
<div>James<br></div>
<div><br></div>
<div>On Sat, 13 May 2017, at 12:31, Paul Wilkins wrote:<br></div>
<blockquote type="cite"><div dir="ltr"><div><div><div><div>In light of today's ransomware attack, (74 countries/with demands translated in 28 languages), I'm tempted to take a step back and take a longer optic on the gap between what the internet was meant to be, and what exists today. The OSI model which built the net was built on implicit trust between each layer and the one above. It was never anticipated that in a couple of milliseconds, a few hundred packets from Kazakhstan could span the globe to hard drives around the world, and a ubiquitous operating system would then lock up people's data with hard cryptography.<br></div>
</div>
<div>You don't even need to play Cassandra to realise there's a genuine risk sooner or later, someone will sign a driver (ala Stuxnet), and significant portions of the global internet population will lose their data. Actual costs could run to billions of dollars. Unfortunately it will likely take an event of such magnitude before there's broad recognition that the trust model of the internet built on ipv4 is fundamentally broken, and we need a new network protocol that supports integrated security, and this would be a more worthwhile exercise than replacing ipv4 with ipv6.<br></div>
<div><br></div>
</div>
<div>Kind regards<br></div>
</div>
<div>Paul Wilkins<br></div>
</div>
<div><u>_______________________________________________</u><br></div>
<div>AusNOG mailing list<br></div>
<div><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br></div>
<div><a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br></div>
</blockquote><div><br></div>
</body>
</html>