nanog mailing list archives
Re: Spitballing IoT Security
From: Eliot Lear <lear () ofcourseimright com>
Date: Sat, 29 Oct 2016 08:37:56 +0200
Hi Mike, On 10/27/16 11:04 AM, Mike Meredith wrote:
On Thu, 27 Oct 2016 07:59:00 +0200, Eliot Lear <lear () ofcourseimright com> may have written:Well yes. uPnP is a problem precisely because it is some random device asserting on its own that it can be trusted to do what it wants. HadFrom my own personal use (and I'm aware that this isn't a general solution), I'd like a device that sat on those uPnP requests until I logged into the admin interface to review them. Now if you could automate _me_ then it might become more generally useful :-
You need to go further. It is no longer enough to tackle this problem simply as a firewall problem, because there are too many reflection-style attacks. Not only do you want to prevent devices from opening pinholes to the Internet, but you really want to know what they're going to be doing inside the home. And Quite frankly, I disagree that you want to nag the user unless it is absolutely necessary. To me, that means authorizing the device in the first place, and the access point having access to enough intelligence to know what sort of access is necessary for a device, given its purpose.
As someone who manages an application-based firewall, every problem looks like it would be easier to solve using an application-based firewall :)
I don't generally prefer application firewalls except in limited circumstances. Eliot
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Spitballing IoT Security, (continued)
- Re: Spitballing IoT Security Matthias Waehlisch (Oct 24)
- Re: Spitballing IoT Security Jared Mauch (Oct 25)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 25)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 25)
- Re: Spitballing IoT Security Aled Morris (Oct 25)
- Re: Spitballing IoT Security Bruce Curtis (Oct 25)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 25)
- Re: Spitballing IoT Security Eliot Lear (Oct 26)
- Re: Spitballing IoT Security Mike Meredith (Oct 27)
- Re: Spitballing IoT Security Mel Beckman (Oct 27)
- Re: Spitballing IoT Security Eliot Lear (Oct 28)
- RE: Spitballing IoT Security Keith Medcalf (Oct 27)
- RE: Spitballing IoT Security bzs (Oct 27)
- Re: Spitballing IoT Security Jim Hickstein (Oct 28)
- Re: Spitballing IoT Security bzs (Oct 28)
- Re: Spitballing IoT Security Stephen Satchell (Oct 28)
- Re: Spitballing IoT Security bzs (Oct 29)
- Re: Spitballing IoT Security Eric S. Raymond (Oct 29)
- Re: Spitballing IoT Security bzs (Oct 29)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 29)
- Re: Spitballing IoT Security Tom Beecher (Oct 29)