FC: More on Richard Clarke and root servers misstatement

[Declan McCullagh <declan () well com>]

Previous Politech message:
http://www.politechbot.com/p-04403.html

---

Subject: Re: FC: Does Richard Clarke know what he's talking about?
From: christopher neitzert <chris () neitzert com>
To: declan () well com
In-Reply-To: <5.1.1.6.0.20030204100721.02ae83f0 () mail well com>
Date: 04 Feb 2003 11:48:28 -0500

Declan,

The only thing that the worm did to the DNS root servers was increase
latency and cause timeouts to those trying to connect to them.  AFAIK
there were no actual root server crashes.

my $0.02

christopher

---

From: robert.shaw () itu int
To: declan () well com
Subject: re: does richard clarke know what he's talking about?
Date: tue, 4 feb 2003 17:15:34 +0100

moved to january archives

http://www.merit.edu/mail.archives/nanog/2003-01/msg00856.html

--
Robert Shaw <robert.shaw () itu int>
ITU Internet Strategy and Policy Advisor
Strategy and Policy Unit <http://www.itu.int/osg/spu/>

---

Date: Tue, 04 Feb 2003 13:19:11 -0500
From: Ben Brunk <brunkb () ils unc edu>
To: declan () well com
Subject: Re: FC: Does Richard Clarke know what he's talking about?
In-Reply-To: <5.1.1.6.0.20030204091921.02adde78 () mail well com>
References: <5.1.1.6.0.20030204091921.02adde78 () mail well com>

Declan,

Could any subscribers to your list briefly explain to me exactly what I am 
missing about cybersecurity?  I just don't see the huge vulnerability to 
our national economy that he is talking about.  Seems like more government 
meddling to me.  I suppose if someone could destroy a major portion of the 
actual physical infrastructure that makes up today's digital networks there 
could be a costly disruption.  However, in terms of remote cyberattacks, 
I'm perplexed.  I'm much more concerned about malicious insiders who 
sabotage or misuse their company's information systems.


Ben Brunk
Interaction Design Laboratory
School of Information and Library Science
UNC Chapel Hill

---

Date: Tue, 04 Feb 2003 12:53:12 -0500
From: Nick Bretagna <onemug () bellsouth net>
Reply-To: afn41391 () afn org
To: declan () well com
Subject: Re: FC: Richard Clarke's resignation message, and final warning
References: <5.1.1.6.0.20030204090808.02a5e398 () mail well com>


Declan, anyone who reads this should also read Robert Graham's excellent
analysis on the worm:
http://www.robertgraham.com/journal/030126-sqlslammer.html


> Today's complex Internet networks cannot be made watertight. Implore all
> you want, it's not going to happen. A system administrator has to get
> everything right all the time, a hacker only has to find one small hole. A
> sysadmin has to be lucky all the time, a hacker only has to get lucky once.
> It is easier to destroy than to create.
>
> Patching is useful, of course, but it has nothing to do with this problem.

While I agree with the notion of "encouraging security", all too often the
attitude involved goes too much into ignoring the perfecting of the system
shell in favor of innoculations -- because you can keep *reselling*
innoculations...

The suggestion, in general, from most so-called security organizations is
that we should apply only the fixes -- i.e., the antidotes -- for all known
diseases, and take any new antidotes as they become available. Hardening the
shell is never suggested or pushed very hard, if mentioned at all.

Well first off, as Graham notes, like the smallpox vaccine, sometimes you get
sick from the cure. When you start taking "every" antidote out there, you are
going to spend a lot of extra time "sick" from the cures... to the point
where you have to ask if these cures aren't doing more damage than the bugs.
So "100% up to date" on patches is a likely undesirable goal for most people
and almost certainly for most organizations.

This technique also has another limitation: Cyber-infections that are not
within the known set of bugs will easily bypass any of the supplied
"antidotes".


The other critically important technique, so often ignored (and Graham makes
a point of this), is to "tighten the skin" so as to prevent infection in the
first place. Don't pointlessly leave ports open and available.

Don't let everyone get forced into using the same software everywhere all the
time -- while this certainly has some convenience, it also makes us
vulnerable to catastrophic infections... like a wheat crop with exactly one
strain, we become vulnerable to that "one magic bug" that hits that strain,
while a diversified crop loses only part of itself. We need to encourage a
measure of diversity and alternatives in software -- from the OS to the
Office Suite to the Browser to the applications -- and not let those arenas
be dominated by one player and one form of software.


--
------- --------- ------- -------- ------- ------- -------
Nicholas Bretagna II
mailto:afn41391 () afn org

"My own life has been spent chronicling the rise and fall of
human systems, and I am convinced that we are terribly
vulnerable....  We should be reluctant to turn back upon the
frontier of this epoch.  Space is indifferent to what we do; it
has no feeling, no design, no interest in whether or not we
grapple with it.  But we cannot be indifferent to space, because
the grand, slow march of intelligence has brought us, in our
generation, to a point from which we can explore and
understand and utilize it. To turn back now would be to deny
our history, our capabilities."
  - James A. Michener




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
Recent CNET News.com articles: http://news.search.com/search?q=declan
-------------------------------------------------------------------------