[AusNOG] NBN must avoid becoming 'failed state'
Dobbins, Roland
rdobbins at arbor.net
Sun Sep 19 17:10:05 EST 2010
On Sep 19, 2010, at 8:55 AM, Mark Newton wrote:
> I know it's unfair to tar Roland with this brush,
Thanks.
;>
> but as long as the industry that gets more money by pumping-up irrational security risks continues to
> employ hyperbole to press its case, I'll continue to employ defensive skepticism.
Concur 100%. The 'security' industry as a whole consists largely of snake-oil hawkers, whereas *real* security gets short shrift because it's hard - i.e., it consists largely of things one *does*, rather than of things one merely buys.
> Yet this kind of bullshit is taken seriously by the asshats who dream up "cyber security" responses in our parliaments.
In my experience, non-ironic use of the appellation 'cyber-' is inversely proportional to actual security clue.
;>
> But we're in a world where the vast majority of people live perfectly normal
> lives even though security is abysmal, and where the maximum impact
> that most people feel from a successful "attack" is the minor
> inconvenience of having to reinstall their OS after a virus
> infestation.
Along with being unable to access their bank Web sites to pay their bills, download or upload content, VPN into their offices, buy houses because their credit has been ruined by identity thieves, profit from their intellectual efforts because they've been subject to corporate espionage, et. al.
> The sky is not, and never has been, falling.
It's my contention that the sky fell long ago; what I'm trying to do is to encourage putting it back up, a piece at a time.
;>
> A single NBN attached machine doing that will be shut down in a New York minute.
Only if it's detected, classified, and traced back, and only if the capability to shut it down and keep it down until it's remediated exists. That's why I advocate mandating such capabilities for WSP and RSP NBN-connected infrastructure elements.
> The only reason DoS attacks work is because the originator of the attack is unknown.
This is incorrect. Most DDoS attacks these days aren't spoofed at all, nor have they been for many years.
The reason they work is due to the unpreparedness of the defenders, including not only the attack targets but the operators of the origin and intermediate networks.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Sell your computer and buy a guitar.
More information about the AusNOG
mailing list