[AusNOG] NBN must avoid becoming 'failed state'

Vitaly Osipov vitaly.osipov at gmail.com
Tue Sep 21 15:59:14 EST 2010


...Moreover, the measures proposed does not seem to be too relevant
for customers.

I have not seen the presentation, but judging from the slides it was
primarily concerned with DDoS prevention. While it is clear that from
a network operator's (and Arbor's) point of view this is a major if
not *the* security threat (to operators), for end users DoS is almost
a non-issue compared to, say, they Facebook identity stolen or bank
account emptied.

If we are talking about providing "security" for users, we should
really be talking about end points, and not the pipes. After 20 years
of (not very successfully) trying to achieve end user "security" at
the pipe level it is probably the time to switch to where it matters
more - applications/software. Gene Spafford said long ago "Using
encryption on the Internet is the equivalent of arranging an armored
car to deliver credit card information from someone living in a
cardboard box to someone living on a park bench", the same can be said
about network security mechanisms in general.

Although, to be fair, the slides briefly recommend embedding total L2+
surveilance into NBN, but I wonder how this recommendation will fly...
(slides 25 and especially 6 :) ). Besides, no instrumentation of local
networks will help against foreign attackers.


Regards,
Vitaly




On Tue, Sep 21, 2010 at 2:58 PM, Roland Chan <roland at chan.id.au> wrote:
> I don't see this as as NBN specific issue.
>
> I see a large security gap between our current state and the ability
> of our customers to treat the Internet as a utility. I'm sure some
> parts of vendor-space will view that as good for their margins, but if
> we accept the goal of Internet ubiquity we have no choice but to
> commoditise everything we currently do and a great deal besides,
> security included.
>
> A drive from the NBN could be tremendously helpful.
>
>
>
> On Tue, Sep 21, 2010 at 1:49 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
>>
>> On Sep 21, 2010, at 10:10 AM, Graeme Allen wrote:
>>
>>> I believe the real issue with bigger pipes in the context of the NBN is that without the inherent upload constraint of DSL (generally < 1Mbps)
>>
>> I largely agree with all your points - access speeds and potential increased market penetration aside, the advent of NBN represents an opportunity to formulate and mandate security capability requirements which are beneficial in and of themselves.
>>
>> -----------------------------------------------------------------------
>> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>>
>>               Sell your computer and buy a guitar.
>>
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>



More information about the AusNOG mailing list