Bill Cheswick On Internet Security

← Back to Stories (view on slashdot.org)

Bill Cheswick On Internet Security

Posted by kdawson on Tuesday January 23, 2007 @07:34AM from the man-with-the-maps dept.

Franki3 invites our attention to a SecurityFocus interview with Bill Cheswick. He started the Internet Mapping Project in the 90s; you have probably seen the maps that resulted. The interview ranges over firewalling, logging, NIDS and IPS, how to fight DDoS, and the future of BGP and DNS. From the interview: "I have been impressed with the response of the network community. These problems, and others like security weaknesses, security exploits, etc., usually get dealt with in a few days. For example, the SYN packet DOS attacks in 1996 quickly brought together ad hoc teams of experts, and within a week, patches with new mitigations were appearing from the vendors. You can take the Internet down, but probably not for very long."

5 of 37 comments (clear)

Min score:

Reason:

Sort:

A week? by Nemetroid · 2007-01-23 07:41 · Score: 2, Insightful

I would call a week very long time for something as vital as the Internet now is.
1. Re:A week? by PhxBlue · 2007-01-23 07:50 · Score: 2, Insightful
  
  Now, yes; but it was nowhere that important 11 years ago.
  
  --
  !#@%*)anks for hanging up the phone, dear.
2. Re:A week? by 'nother+poster · 2007-01-23 07:57 · Score: 2, Insightful
  
  Well, if you don't want to risk the outage get a private network set up. Shouldn't be that expensive. ;)
  
  Since most net servers are Window or Linux and most routers are made by two or so vendors there will be exposures that take out lots of infrastructure in the future, just like in the past. Even if they have a fix in ten minutes it will take days to get the patches out and applied due to the complexity of getting the patches out without a well functioning public network. "Crap, someone has pwned the Cisco routers, dial them up for the patches."
Re:alphabet soup by 99BottlesOfBeerInMyF · 2007-01-23 08:23 · Score: 3, Insightful

The interview ranges over firewalling, logging, NIDS(Network Intrusion Detection System) and IPS(Intrusion Prevention System), how to fight DDoS(Distributed Denial of Service), and the future of BGP(Border Gateway Protocol) and DNS(Domain Name System).

If you don't know what all of these are, the chances are you won't care about or understand what he has to say anyway.
Re:We haven't seen a big outage yet by jmorris42 · 2007-01-23 11:57 · Score: 2, Insightful

> The Morris worm took out a very large fraction of the net.

It did no lasting damage. I'm talking about something that would brick a few million Dells and Ciscos. The key weakness today is flash memory and the all too common practice of leaving things flashable by default. Getting an executable able to identify and wipe 80-90% of the motherboards in corporate use is an achievable goal for an attacker with resources. Also consider that many optical and hard drives have flashable firmware. The backlog a widespread attack could create at the few facilities with the specialized tools to reflash a totally bricked PC would mean months before all machines were back in service.

--
Democrat delenda est