nanog mailing list archives
Re: The Backhoe: A Real Cyberthreat?
From: Robert E.Seastrom <rs () seastrom com>
Date: Thu, 19 Jan 2006 16:42:57 -0500
Jim Popovitch <jimpop () yahoo com> writes:
Jerry Pasker wrote:The point is: What's more damaging? Being open with the maps to EVERYONE can see where the problem areas are so they can design around them? (or chose not to) or pulling the maps, and reports, and sticking our heads in the sand, and hoping that security through obscurity works.Let's look at this from another point of view: Should we remove all keylocks from backhoes so that everyone can have access to them? :-)
This analogy is faulty, but illuminating insofar as it illustrates the fallacy of putting up low bars to access that don't actually stop people who're willing to put a little bit of effort into beating it. Keylocks only work when your threat model is drunk fratboys or bored teenagers (which is not necessary a disjoint set). They aren't a significant part of the threat model for intentional fiber cuts. Any John Deere dealer will be able to supply you with a key that operates the vast majority of John Deere equipment of a certain type. Anyone who can plan ahead enough to order from eBay is in like Flynn. http://cgi.ebay.com/12-JD-Keys-3-John-Deere-Equipment-Key-Sets-NEW_W0QQitemZ7581349645QQcategoryZ41507QQrdZ1QQcmdZViewItem
I'm all for openness, but sometimes some things only need to be accessed and used by the professionals that need those things. I fully trust that the big network operators, the ones that really really do need this data, have all the info they need to plan their network expansions, etc. I don't need to see this data, even though I might want to.
Then don't look at it. :) ---Rob
Current thread:
- Re: Stupidity: A Real Cyberthreat., (continued)
- Re: Stupidity: A Real Cyberthreat. Alexander Harrowell (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? Joe Maimon (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? Robert Boyle (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? Randy Whitney (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? Michael . Dillon (Jan 20)
- Re: The Backhoe: A Real Cyberthreat? sgorman1 (Jan 20)
- Re: The Backhoe: A Real Cyberthreat? Robert Boyle (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? sgorman1 (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? Micheal Patterson (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? Jerry Pasker (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? Jim Popovitch (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? Robert E . Seastrom (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? Jeff Shultz (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? sgorman1 (Jan 19)
- cyber-redundancy Sean Donelan (Jan 19)
- Re: cyber-redundancy sgorman1 (Jan 19)
- Re: cyber-redundancy Martin Hannigan (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? Daniel Golding (Jan 19)
- Re: The Backhoe: A Real Cyberthreat? sgorman1 (Jan 20)
- Re: The Backhoe: A Real Cyberthreat? Martin Hannigan (Jan 21)