Re: Security Event / Customer Reporting

["Nick FitzGerald" <nick () virus-l demon co uk>]

"Tyrannis Von Nettesheim" <tyrannis () wwc com> wrote:

<<some good and interesting stuff snipped>>
> Stepping above the day-to-day techie mindset we're in, it's interesting to
> consider the question of : "Who owns a packet once it's off your network?".

I presume you mean "...off the originating machines sub-net" or 
something like that?  Or did you mean that you "own" a packet while 
it transits your network, for whatever reason it may be there?  If 
you meant the latter, the next sentence is a non sequiter, so I will 
assume you mean something like the former.

> Current US law seems to view examining transit traffic like radio
> interception - a no-no, for the most part.  ...

In that case, the law (as a prominent English judge once remarked)
would be an ass.  Using (only) radio analogies in determining 
legalities for "domain-style" networks means that the resulting laws 
and directives will be fundamentally broken.  Remember, an inherent 
difference between "broadcast spectrum" and "routable protocol" 
networks is that the latter can only work by *requiring* intermediary 
"inspection" of (part of) the information flow across what may be 
loosely conceived of as "ownership boundaries" (and, worse, "media 
translation" (and some other services required to make our modern 
networks work) requires "manipulating" more of the data stream than 
simply the headers or delivery envelopes).

> ...  There's also the huge issue of
> how to prove / maintain a chain-of-evidence, yet another slippery slope in
> the digital crime era. =(

Yep...


Regards,

Nick FitzGerald


----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com