Posted by
michael
on from the does-renter's-insurance-cover-this dept.
sagman writes "Russ at NTBugtraq is proposing fines for those whose computers allow the propagation of viruses, worms, etc., knowingly or unknowingly... Russ is taking a poll on his site. Russ states in an email that he wrote this up at the request of a US Senator staffer..."
I feel bad for Russ' server (TEXT)
by
Anonymous Coward
·
· Score: 1, Informative
Russ Cooper's Internet Penalties Plan Written by Russ Cooper - 9/16/2003 5:18:48 PM
At the bottom of this document is a poll I'd like you to participate in indicating your agreement, or disagreement, with the information contained here-in. Please take the time to respond to the poll. Internet Penalities Plan
I have previously made proposals regarding the use of penalties to limit malicious code on the Internet. It is important to realize that the vast majority of the volume of attacks caused by any malicious code come as a result of ignorance;
* Computers that Corporations don't realize they even have
* Home computers without anti-virus protection
* Student computers connected to high-bandwidth University networks outside of the University Network Administrator's control
* Computers owned by individuals who don't know how to complete Windows Update
* Individuals who either haven't heard that attachments are bad, or, don't believe attachments represent a risk
This idea, put simply, is to monitor the Internet for new viruses, worms, or trojans. They may be network-based or email-borne. Based on TruSecure's proven Ballistic Threat Model, these new attacks will be assessed to determine if they will represent a significant wide-spread threat. Each year there are approximately 10-20 such attacks. The attack will be profiled, and a method determined, so Internet Service Providers (ISPs) can accurately (99.99%) identify it, and given to them. From that point forward, ISPs will be expected to drop the attack traffic from their networks. When fines are levied from that point depends on the method of attack;
* If the attack exploits a missing patch or a mis-configuration, fines are levied immediately
or
* If the attack requires updated Anti-Virus definitions to stop and/or cleanse, fines begin once the majority of AV companies have released updates which include detection
Customers who will be levied any fine will be notified by email by their ISP immediately upon the first infraction, and then daily after that. Fines will be included in the customer's ISP invoice. The organization responsible for providing ISPs with the accurate identification information (possibly TruSecure Corporation, or maybe the new US-CERT) would determine the point at which fines will be imposed. The fines would be used by ISPs to support the significant efforts required to continually block identified attack traffic.
Such an effort could be implemented within the U.S. only, or more broadly if other countries choose to participate. It would require modifications to existing contracts, both between ISPs, and between ISPs and customers. If mandated by law, it would make such contract modifications easier.
A more detailed look follows;
1. A new attack occurs, be it a new email-borne virus or a new network-based worm. Security companies, and ISPs, constantly monitor for such new attacks.
2. The attack is captured by anyone and sent to the "Identification Authority", that organization responsible for determining the most accurate method to identify the attack "on the wire" with a false positive rate less than 0.001%.
3. The "Identification Authority" establishes the criteria and method to identify attacks for the nation it represents.
4. The "Identification Authority" provides the method to its nation's ISPs. Any ISP conducting business in that nation is to abide by the criteria, identification, and policies provided by that nation's "Identification Authority". Further, the receipt of this identification for a given attack represents the date and time at which fines will begin if it is a network-based attack. In the case of Slammer, this was less than 4 hours into the event, after a considerable number of hosts had already been compromised. In the case of Blaster, this was less than 5 hours into the event, at which point comparatively very few hosts had been compromised.
Russ posted this to NTBugTraq:
by
Medieval
·
· Score: 3, Informative
I was recently quoted in a WashingtonPost.com article saying I was in favor of fines against people who emit viruses or worms (not just originate, but infectees who perpetuate attacks.) There wasn't any meat in that article describing my proposal, so it comes off sounding kind of cold. I've had this proposal for quite some time, after being asked by a U.S. Senator staffer once to write something up to identify what's lacking in the U.S. National CyberSecurity Strategy document.
I've tried to explain it as clearly as I can, and have included a poll to take your feedback on whether you think the idea would be valuable to you. I'd appreciate it if you'd give it a read and take the poll.
I hereby acknowledge that the poll is hosted on my little T1, so you may well experience bandwidth-related fun. At least you only have to click two buttons to take the vote.
Feel free to repost this request to other lists.
Cheers,
Russ - NTBugtraq Editor
Another impartial proposal (not)
by
Rosco+P.+Coltrane
·
· Score: 5, Informative
Russ at NTBugtraq is proposing fines for those whose computers allow the propagation of viruses, worms, etc., knowingly or unknowingly...
Slashdot Mirror
Russ Cooper's Internet Penalties Plan
Written by Russ Cooper - 9/16/2003 5:18:48 PM
At the bottom of this document is a poll I'd like you to participate in indicating your agreement, or disagreement, with the information contained here-in. Please take the time to respond to the poll.
Internet Penalities Plan
I have previously made proposals regarding the use of penalties to limit malicious code on the Internet. It is important to realize that the vast majority of the volume of attacks caused by any malicious code come as a result of ignorance;
* Computers that Corporations don't realize they even have
* Home computers without anti-virus protection
* Student computers connected to high-bandwidth University networks outside of the University Network Administrator's control
* Computers owned by individuals who don't know how to complete Windows Update
* Individuals who either haven't heard that attachments are bad, or, don't believe attachments represent a risk
This idea, put simply, is to monitor the Internet for new viruses, worms, or trojans. They may be network-based or email-borne. Based on TruSecure's proven Ballistic Threat Model, these new attacks will be assessed to determine if they will represent a significant wide-spread threat. Each year there are approximately 10-20 such attacks. The attack will be profiled, and a method determined, so Internet Service Providers (ISPs) can accurately (99.99%) identify it, and given to them. From that point forward, ISPs will be expected to drop the attack traffic from their networks. When fines are levied from that point depends on the method of attack;
* If the attack exploits a missing patch or a mis-configuration, fines are levied immediately
or
* If the attack requires updated Anti-Virus definitions to stop and/or cleanse, fines begin once the majority of AV companies have released updates which include detection
Customers who will be levied any fine will be notified by email by their ISP immediately upon the first infraction, and then daily after that. Fines will be included in the customer's ISP invoice. The organization responsible for providing ISPs with the accurate identification information (possibly TruSecure Corporation, or maybe the new US-CERT) would determine the point at which fines will be imposed. The fines would be used by ISPs to support the significant efforts required to continually block identified attack traffic.
Such an effort could be implemented within the U.S. only, or more broadly if other countries choose to participate. It would require modifications to existing contracts, both between ISPs, and between ISPs and customers. If mandated by law, it would make such contract modifications easier.
A more detailed look follows;
1. A new attack occurs, be it a new email-borne virus or a new network-based worm. Security companies, and ISPs, constantly monitor for such new attacks.
2. The attack is captured by anyone and sent to the "Identification Authority", that organization responsible for determining the most accurate method to identify the attack "on the wire" with a false positive rate less than 0.001%.
3. The "Identification Authority" establishes the criteria and method to identify attacks for the nation it represents.
4. The "Identification Authority" provides the method to its nation's ISPs. Any ISP conducting business in that nation is to abide by the criteria, identification, and policies provided by that nation's "Identification Authority". Further, the receipt of this identification for a given attack represents the date and time at which fines will begin if it is a network-based attack. In the case of Slammer, this was less than 4 hours into the event, after a considerable number of hosts had already been compromised. In the case of Blaster, this was less than 5 hours into the event, at which point comparatively very few hosts had been compromised.
The included URL, for reference.
I was recently quoted in a WashingtonPost.com article saying I was in favor of fines against people who emit viruses or worms (not just originate, but infectees who perpetuate attacks.) There wasn't any meat in that article describing my proposal, so it comes off sounding kind of cold. I've had this proposal for quite some time, after being asked by a U.S. Senator staffer once to write something up to identify what's lacking in the U.S. National CyberSecurity Strategy document.
I've tried to explain it as clearly as I can, and have included a poll to take your feedback on whether you think the idea would be valuable to you. I'd appreciate it if you'd give it a read and take the poll.
I hereby acknowledge that the poll is hosted on my little T1, so you may well experience bandwidth-related fun. At least you only have to click two buttons to take the vote.
Feel free to repost this request to other lists.
Cheers,Russ - NTBugtraq Editor
Russ at NTBugtraq is proposing fines for those whose computers allow the propagation of viruses, worms, etc., knowingly or unknowingly...
...
- Russ Cooper is editor at NTBugTraq
- NTBugTraq is a division of TruSecure Corporation
- Russ Cooper is chief scientist at TruSecure Corporation
- TruSecure Corporation sells security solutions and services.
In other news, the Haagen Das corporation is pushing a proposal to hasten global warming
Another fine impartial article brought to you by Slashdot.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash