Firewall Wizards mailing list archives
RE: The home user problem returns
From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 12 Sep 2005 11:26:18 -0400
-----Original Message----- Subject: Re: [fw-wiz] The home user problem returns
With the current state of Internet software, it's pointless. It'd be meaningful to encourage ISPs to filter traffic if there were end-to-end authenticated links going on, and nothing else. If you want to push things back far enough, intellectually, the problem is that anonymous Internet access is being offered. That's the underlying
problem.
YES!!! And the fact that there are groups that are working hard at
maintaining that
anonymity bothers me. I know that there's always the concern about Big
Brother, or
worse and far more plausible, abuse of any large scale
trust/authentication systems
that get setup in the future.
?! <Paul makes Scooby Doo noise> ?! I fear that you and Marcus have mistaken privacy for anonymity. Just because something isn't transparent end-to-end, doesn't mean it's anonymous. The disparate bureaucratic systems that possess the information necessary to track an action back to an individual over the Internet are representative of the way we decentralize control of commodities and assets in general. I don't know that that's a bad thing.* Also, I find it a little presumptuous that you should be trusted to know my information because I somehow show up on your radar. I think it should be up to me as to whether or not I'm willing to trade my information for access to something you have in the name of accountability. I want to decide when I'm willing to make that trade. Imagine the fallout if anybody had everybody's information available just by asking the right questions. Look at how directories like whois databases have been abused by spammers and hackers over the past 15 years. I doubt that ubiquitous "accountability" on the Internet is a path to improved security at all, but I definitely have concerns about how it would be abused and exploited. PaulM * There is a whole different rant about the assumption of the need for unfettered connectivity between organizations (even ISPs) and the rest of the Internet that is underlying to this discussion. It has been my experience that networks are often attacked from other networks that they had literally no business communicating with. The connection back to what I said above is that if you can define and document the traffic that traverses a network, you can establish accountability in a much more effective manner. You don't even necessarily need to establish the identity of an individual if you can establish responsibility for that traffic before it's even allowed. Imagine with me for a moment a magical land of unicorns and faeries where businesses and their network admins are so effectively cooperative that simple router ACLs are reflective of business communication and nothing else. Imagine some businesses turning off their Internet connection altogether. Now imagine shrinking the scope of all of your network security efforts down to that scale, that traffic, and those applications that are core to business processes only. Now imagine half of us infosec vendors and proselytizers being out of a job and having to find work herding trolls. Seriously, I would gladly herd trolls if it meant never having to hear about how my bank got hacked by Russian teenagers. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The home user problem returns, (continued)
- Re: The home user problem returns Chris Blask (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Jim Seymour (Sep 13)
- Re: The home user problem returns George Capehart (Sep 14)
- Re: The home user problem returns Dale W. Carder (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Paul D. Robertson (Sep 13)
- Re: The home user problem returns Chris Blask (Sep 13)
- Re: The home user problem returns Paul D. Robertson (Sep 13)
- Re: The home user problem returns Chris Blask (Sep 14)
- RE: The home user problem returns Paul Melson (Sep 13)
- RE: The home user problem returns Eugene Kuznetsov (Sep 13)
- RE: The home user problem returns Marcus J. Ranum (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns R. DuFresne (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Paul D. Robertson (Sep 13)
- Re: The home user problem returns Marcus J. Ranum (Sep 13)