[AusNOG] NBN must avoid becoming 'failed state'
Mark Newton
newton at internode.com.au
Tue Sep 21 10:33:46 EST 2010
On 21/09/2010, at 5:09 AM, Richard Pruss wrote:
> As for the scalp in hand DDOS scenario, NBN is a layer 2 service and I think we can expect them to deliver their CIR (unpublished, but they said they had one), so with some relatively straightforward
> network design we should be able to keep the two theatres running (assume one keeps them off the Internet) when other things around the network are under duress.
See, this is one of the things that's missing from this doom-and-gloom
conversation about consequences.
The way I was taught, one of the first and most important prerequisites
in formulating a countermeasure is a risk analysis. What are you
trying to protect? From whom are you trying to protect it? What is
the likelihood of the realization of the risk? Is there a realistic
appraisal of the magnitude of the cost of failure?
The last 12 hours of this discussion has ignored all of that, and
simply assumed that the magnitude of the cost of failure is death.
There's your disconnect right there. That's the difference between
objective reality and hyperventilating fear mongering.
Once you've asserted that the systems you're deploying will incur
actual death to innocent human victims, then literally ANY countermeasure,
no matter how disruptive or onerous, can be rhetorically justified.
That's what almost the entirety of the security industry is based on:
"Death awaits us all! Or, in the alternative, buy my product/service..."
It is not even remotely realistic to suggest that a medical procedure
could be so radically impaired by consumer NBN activity that someone
could die on an operating table due to DDoS.
Yet, for some reason, against all odds, and seemingly perpendicular to
observable reality, that appears to be what we're talking about here.
What are we trying to protect?
>From whom are we trying to protect it?
Is there a realistic appraisal of the magnitude of the cost of failure?
What is the likelihood of the realization of the risk?
When answering, bear in mind that the more you hyperventilate in response
to the first question, the larger your burden in the last question.
I suggest that everyone tone it down a notch. Take a deep breath,
and consider whether this thread is now so irretrievably detached
from the real world that there's no point continuing it.
Regards,
- mark
--
Mark Newton Email: newton at internode.com.au (W)
Network Engineer Email: newton at atdot.dotat.org (H)
Internode Pty Ltd Desk: +61-8-82282999
"Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
More information about the AusNOG
mailing list