nanog mailing list archives
Re: Scaled Back Cybersecuruty
From: David Scott Olverson <olverson () fas harvard edu>
Date: Tue, 14 Jan 2003 16:12:12 -0500 (EST)
In article <103014.152131.21746 () avi netaxs com> Pete wrote: : I'm trying to envision an RFP that awards business to one or : a few network operators, but requires that they interoperate : effectively with other operators who don't win any of the : business. I've only got a state-level purchasing : perspective, but I don't see it happening at any level. Let me be more clear :) If the next FTS or if all large Federal IP purchases mandated one of: - Routers must be configured by end of 2003 so that all packets to the control plane must be logically separated from user packets (or demonstrate the ability to take 200mb of attack traffic to the router CPU without having an effect) OR - All single-homed customers must be source-address filtered at ingress or egress. (Becoming multi-homed at ingress as a requirement over time) OR ... You get the idea. Something that IS possible, that matters MOST at the large end of the scale. And if we go a long way towards solving one beasty per year we'll at least be making MORE progress than we've been making to date, which is roughly zero.
The problem with these mandates by the Federal gov't is that they most often are not enforced once they're directed. There was a mandate that all operating systems installed on gov't networks meet a certain security minimum. I forget the name of the program now but Windows didn't and couldn't so it was wavered onto the program. I also seem to remember a drive to have all software development follow the Capability Maturity Model (at least in the Air Force) and a mandate that all software development should be done at CMM level 3 that lost steam as well. It's not a bad idea if you could get the gov't to truly enforce it. Thanks, Dave Olverson
Current thread:
- Re: Scaled Back Cybersecuruty, (continued)
- Re: Scaled Back Cybersecuruty Sean Donelan (Jan 15)
- Re: Scaled Back Cybersecuruty Vijay Gill (Jan 14)
- Re: Scaled Back Cybersecuruty Pete Kruckenberg (Jan 14)
- Re: Scaled Back Cybersecuruty Valdis . Kletnieks (Jan 14)
- RE: Scaled Back Cybersecuruty Merlin Communications (Jan 14)
- Re: Scaled Back Cybersecuruty Rajesh Talpade (Jan 14)
- Re: Scaled Back Cybersecuruty Avi Freedman (Jan 14)
- Re: Scaled Back Cybersecuruty Vijay Gill (Jan 14)
- Re: Scaled Back Cybersecuruty sgorman1 (Jan 14)
- Re: Scaled Back Cybersecuruty Avi Freedman (Jan 14)
- Re: Scaled Back Cybersecuruty David Scott Olverson (Jan 14)
- Re: Scaled Back Cybersecuruty Vijay Gill (Jan 14)
- Re: Scaled Back Cybersecuruty Avi Freedman (Jan 14)
- Re: Scaled Back Cybersecuruty Kurt Erik Lindqvist (Jan 15)
- Re: Scaled Back Cybersecurity Avi Freedman (Jan 15)
- Re: Scaled Back Cybersecurity Daniel Senie (Jan 15)
- Re: Scaled Back Cybersecurity Kurt Erik Lindqvist (Jan 17)
- Re: Scaled Back Cybersecuruty Kurt Erik Lindqvist (Jan 15)
- Re: Scaled Back Cybersecuruty batz (Jan 14)
- RE: Scaled Back Cybersecuruty Merlin Communications (Jan 14)