Security Incidents mailing list archives
Re: A question for the list...
From: Kevin Reardon <Kevin.Reardon () oracle com>
Date: Thu, 22 May 2003 16:58:37 -0700
"Who watches the watchers, though?" Today, nobody does. Police are not watched, nor is there any official part of any government that does. Trust is used with Police, and check an balances are used in the US government. If we use a "police" for the Internet, then they would have to be rather limited in what they can do. I do not say this from a point of view of anyone's "rights" but one of functionality. Today's Police do not usually enforce corporate embezzlement or stolen cars because of the shear effort to do so. Whatever such an entity can do, it's got to be KISSed. ---K "King, Brian" wrote:
Are owners of long term compromised systems really "innocents"? Ifpeoplehave left systems compromised with worms that are attacking othernetworksand reports have been ignored for significant amounts of time, thensurelythe compromised party are guilty of negligence ?I would say that it depends who is administering the system. I wouldn't call a clueless personal user negligent, but it is expected that a network administrator knows how to patch and protect computer systems under his/her control. To be negligent means that the person could fix the problem but didn't.Personally, I think there are merits to some kind of "strikeback"system,but it has worse than dubious legality, and would definitely be abused (without a question).I agree with you on this. The question is: would script kiddies see every network scan as an excuse for anarchy?I think that ISP's need to make a more active role in this, and actively threaten to cut off customers whos compromisedsystemsare attacking other networks on the internet.YES!Perhaps rather than a strikeback system, something similar to ARIScould beused to send automated alerts to ISP's warning them that x number oftheircustomers have the latest worm. In the event that ISP's arenon-compliant,and don't deal with their infected customers, peering points couldagree toenforce this upon ISP's.I agree. The idea about the peering points is dubious, though because it brings in the idea of civilian enforcement. Who watches the watchers, though? How can we ensure that system isn't abused? ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
Current thread:
- RE: A question for the list..., (continued)
- RE: A question for the list... Luc Pardon (May 21)
- Re: A question for the list... Keith W. McCammon (May 22)
- Re: A question for the list... Steve Barnet (May 22)
- Re: A question for the list... Gary Flynn (May 23)
- Re: A question for the list... Valdis . Kletnieks (May 25)
- Re: A question for the list... Dave Booth (May 22)
- RE: A question for the list... Luc Pardon (May 21)
- Re: A question for the list... Kevin Reardon (May 22)
- Re: A question for the list... Brian Finn (May 22)
- Re: A question for the list... Kevin Reardon (May 23)
- Re: A question for the list... Brian Finn (May 22)
- RE: A question for the list... King, Brian (May 22)
- Re: A question for the list... Kevin Reardon (May 23)
- Re: A question for the list... Stephen P. Berry (May 23)
- Re: A question for the list... Jimi Thompson (May 23)
- Re: A question for the list... Chip Mefford (May 26)
- Re: A question for the list... Ray Stirbei (May 27)
- RE: A question for the list... Jonathan A. Zdziarski (May 28)
- RE: A question for the list... ktabic (May 29)
- RE: A question for the list... Rob Shein (May 29)
- RE: A question for the list... Russell Harding (May 30)
- RE: A question for the list... Russell Harding (May 30)
- Re: A question for the list... Chip Mefford (May 26)
- Re: A question for the list... Jeff (May 29)