[AusNOG] NBN must avoid becoming 'failed state'

Vitaly Osipov vitaly.osipov at gmail.com
Wed Sep 22 10:56:36 EST 2010


On Wed, Sep 22, 2010 at 10:31 AM, Dobbins, Roland <rdobbins at arbor.net> wrote:

>
> The point is that if nothing else, when the bot starts doing Bad Things, you can at least see that it's doing them, and quarantine it - if the network elements have the capability to do so, and if the operator has the ability to leverage said capability.

You are assuming you will continue to be able to identify those "bad
things" in the future. The "bad things" that matter to the end user,
not to the network operator. What is the basis of your assumption,
given the extremely fast speed of change in the threat landscape?

> It's quite easy to justify inaction - after all, that's how we ended up in the seemingly perpetual state of Internet security emergency we're in today.  Surely we can do better than this?

Not sure where you got that from - I did not call for inaction, I said
that you are selling what amounts to a damage control framework with
limited visibility (and high abuse potential - an example here
http://gawker.com/5637234/ - saucy if not directly relevant :) ) as
*the* solution to  "Internet security emergency". We ended up in this
emergency state because software vendors have all financial incentives
to push out buggy software fast, and no reasons to implement defensive
coding practices. This situation is not going away, but we might try
to at least put the plank up - at the application level.

I do understand that the NOG audience prefers a network-based silver
bullet, but this is just not going to happen. It has been more than 20
years of failing network security measures now.

P.S. on silver bullets and security industry -
https://financialcryptography.com/mt/archives/001223.html

>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
>               Sell your computer and buy a guitar.
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>



More information about the AusNOG mailing list