[AusNOG] NBN must avoid becoming 'failed state'
Dobbins, Roland
rdobbins at arbor.net
Wed Sep 22 11:17:23 EST 2010
On Sep 22, 2010, at 7:56 AM, Vitaly Osipov wrote:
> What is the basis of your assumption, given the extremely fast speed of change in the threat landscape?
Because, ultimately, compromised computers end up *doing* something that their illicit masters wish them to do, and it's often possible to detect these activities from a network perspective, certainly if it's energetic enough to constitute a threat to availability.
> I said that you are selling what amounts to a damage control framework with limited visibility (and high abuse potential
I'm not 'selling' anything; I'm recommending things which have already been implemented and proven to be effective in SP networks around the world. *There's nothing new or innovative at all in the measures posited for discussion*, merely practices and capabilities which exist today and have already been operationalized in one form or another.
Which is why the resultant hue and cry in certain quarters is quite amusing, at one level, since *every single thing proposed in the AusNOG presentation has already been implemented* to one degree or another in live, real-world networks.
And yet, somehow, the world still turns upon its axis.
;>
> as *the* solution to "Internet security emergency".
I don't think there's a single solution - all I know is that having the ability to see when Bad Things happen, as much as is possible, and then to make those Bad Things stop happening, is generally considered to be a Good Thing, and that networks where this isn't possible tend to have pretty severe problems.
> but we might try to at least put the plank up - at the application level.
This is largely beyond the scope of network operators, however.
> I do understand that the NOG audience prefers a network-based silver bullet,
I don't think anyone here is naive enough to believe there's a silver bullet, but that doesn't mean that the basic ability to exert positive control over one's network isn't still both desirable and necessary.
> It has been more than 20 years of failing network security measures now.
Yes, and I've been here for all of them, and more besides. Nevertheless, there are certain steps one must take in order to ensure the resilience and availability of one's network, and if one doesn't take those steps, sooner or later, one will end up in an unpleasant situation - I've seen this over, and over, and over again over the last three decades, and it isn't a pretty sight.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Sell your computer and buy a guitar.
More information about the AusNOG
mailing list