Bush pressed for more Net security
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Bush pressed for more Net security

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Bush pressed for more Net security

    Hrmm.. a few thoughts come to mind:

    Should it be the responsibility of a single government to police the Internet?

    Should any government be responsible for dealing with virus, worms, etc. beyond their own governmental departments systems?

    Should this responsibility be limited to the Microsoft's and Symantec's of the world?

    Certainly we do need ways to deal with some of this but aren't some existing organizations (CERT, Incidents.org, etc.) already providing some of the knowledge of "threat information"?

    Who is ultimately responsible? My first instinct is that each individual is but at the same time, we have to recognize that not everyone feels that they should be responsible nor will do anything to take responsibility.

    Source: CNN

    WASHINGTON (Reuters) -- Computer-security experts, including former government officials, urged the Bush administration on Tuesday to devote more effort to strengthening defenses against viruses, hackers and other online threats.

    The Bush administration should spend more on computer-security research, share threat information with private-sector security vendors, and set up an emergency computer network that would remain functional during Internet blackouts, a computer-security trade group said.

    The Homeland Security Department should also give more authority to the official who oversees cyber security, members of the Cyber Security Industry Alliance said.

    The Homeland Security Department, which was not immediately available for comment, opposes such a move.

    "There's certainty across the cyber security community that we are still vulnerable and we need to do more," said Amit Yoran, who served as Homeland Security's point man on cyber security until he abruptly resigned in October amid reports that he was frustrated with his lack of authority.

    After the September 11, 2001, attacks, experts warned that power plants and other vital parts of the nation's infrastructure could be compromised through online hacking.

    Business and home computer users, meanwhile, have struggled with a flood of viruses, spam and other plagues that have evolved in the past year into coordinated criminal attempts to steal bank account numbers and other sensitive information.

    The Bush administration developed a plan to improve security that relies heavily on industry cooperation and charged the Homeland Security Department with implementing it.

    Over the past 18 months, Yoran and other Homeland Security officials have worked to increase coordination between law-enforcement officials and security vendors like Symantec Corp. and RSA Security Inc.

    The government has also struggled to upgrade the security of its own systems, which consistently get failing grades from congressional investigators.

    Security experts said the government's efforts haven't been enough.

    "I think we've raised the profile, but I don't think we got the support within the administration that we should have," said Art Coviello, the chief executive at RSA Security.

    The government should try to estimate the damages caused by online attacks, secure online control systems for water-treatment plants and other critical infrastructure, and urge the Senate to ratify an international cybercrime treaty, Coviello and other security experts said at a press conference.

    One especially important move, they said, would be to elevate Yoran's successor to the assistant-secretary level within the Homeland Security Department.

    House of Representatives lawmakers had included that provision within the massive intelligence reorganization bill, but Homeland Security officials convinced the Senate to leave it out.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    I have an idea. Since the government isn't stepping into our world to stop those who would destroy the functionality of the net, how about they also back off far enough for me to handle it myself?

    Long live vigilantism.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    pooh, check out Symbiot. Somewhat legal (?) vigilantism.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ms. M:

    From their site:-

    * Blocking Traffic - providing a brute-force wall of defense.
    * Rate-limiting - adjusting the bandwidth available to the attacker effectively preventing them from realizing that they are being observed or otherwise manipulated.
    * Diverting Traffic - redirecting traffic to some other target network providing a feint.
    * Simulated Responses - providing "decoy" responses to service requests, which appear as legitimate transactions but do not stress the critical servers.
    * Quarantine - accepting the attack, but redirecting it into a special "containment area" for analyzing its characteristics. From this we can develop detection signatures and evaluate the attribution more precisely.
    * Reflection - sending the packet content used in the attack back at the attacker.
    * Tagging - using a means for marking the attacker with information which can be used for identification on subsequent incidents.
    * Upstream Remediation - attempting remediation through an attacker's upstream provider, and profiling the aggregate history of behavior from an autonomous system (AS).
    I don't see much there that you can call "retaliation". The "worst" seems to be the traffic reflection. I'm guessing "upstream remediation" means "calling" the offender's ISP, so really this is all pretty bland....

    I like the concept.... Pity SUSE isn't on the list... Guess I'll have to watch for the "Winners" version.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Look down at the bottom of the Retaliation Page:

    * Invasive Techniques - obtaining access privileges on the attacker's system, and then pursuing a strategy of disabling, destroying, or seizing control over the attacking assets.
    * Symmetric Counterstrike - sending exploits and other attacks which are specific to vulnerabilities on the attacker's system, in an amount proportional to their current attacks.
    * Asymmetric Counterstrike - preemptive measures in response to distributed attacks orchestrated by a known source. This retaliation could be far in excess of the attack that the aggressor has underway.
    I know they have the OpenSims option. It's an interesting product that runs on OS X rack servers (which is different in of itself).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Oopsie.... Guess I missed that little gem....

    I dunno.... I'm in three minds about online retaliation......

    Mind 1: I tend to have an aggressive personality.... Thus, the attitude is that "you mess with me and give me an "avenue" you _will suffer..... It's a testosterone thing I guess.....

    Mind 2: Seems that with old age the testosterone level drops off a bit allowing one to think a little.... ....hate that.... I know full well that if the attacker is a serious attacker then the box that is attacking me isn't his.... Therefore I would be picking on some poor innocent that is incapable of defending themselves against either me or the attacker.....

    Mind three: Might it be "educatonal" to the defenseless "sap" to have his box trashed... To hell with the fading testosterone... go for it.... If the "sap" is too stupid to even notice his/her box is owned and is about to lose their ISP connection because of an abuse report, maybe a box that no longer works, that costs them $100+ to get fixed, that while it's being fixed the fixer, (might), give them advice or actually install the required stuff to protect them in the future, then why shouldn't I "dis-affect' his/her box..... They obviously don't care that the $500+ box they bought is now owned by someone else, do they?

    This is a problem of old age, maturity and fading testosterone..... *SIGH*....

    The question is:-

    Is it morally acceptable to knowingly potentially destroy a computer's OS that belongs to a probable innocent party's computer, (maybe the parents own the box and the kid is stupid), because that box is "virtually" attacking you?

    If the attack wasn't "virtual" you have a right in any society to defend yourself, be it your life or your property. When that potential is identity theft, corporate loss of profit or reputation, or any other of a number of consequences, does the fact that it is "virtual" make a difference? Or, should we, as the "powerful" in this virtual world take the higher road?

    I really don't know at this point.... To that end I have not retaliated against attacks to date..... But that's only "to date"..... Stupid govt making silly laws about virtual stuff make it prohibitive right now..... I think I may be more inclined if they got their ill-advised and incompetent butts out of the picture and let the people who actually know the virtual world a chance to fix it.....

    Thoughts?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    The Bush administration should spend more on computer-security research, share threat information with private-sector security vendors, and set up an emergency computer network that would remain functional during Internet blackouts, a computer-security trade group said.
    Who thinks there isn't??
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    "Stupid govt making silly laws about virtual stuff make it prohibitive right now..... I think I may be more inclined if they got their ill-advised and incompetent butts out of the picture and let the people who actually know the virtual world a chance to fix it....."

    Yes they certainly seem to like to pass virtually unenforcable legislation.

    I think that governments could do more on the education front, given the number of unprotected home owned machines that provide vectors for this sort of stuff.

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    set up an emergency computer network that would remain functional during Internet blackouts
    Wasn't that the whole concept of the original ARPAnet? An attack on one sector would leave the others operational?

    Then again, the Internet was concieved during the Cold War to be resistant to nuclear attacks. If one hub got nuked, the others would keep the network running. This is the so called "information age".

    So knowing that any part of the Internet can be taken offline at any time without affecting the functionality of the rest, perhaps the solution is to reduce our dependence on the Internet, thereby allowing us to take networks offline and still function?

    Maybe we need a backup network for that.

    Damn. I see the problem now.

    I think the problem is really our newfound dependece on the Internet. An alternative must be found when it is no longer available to certain agencies. Perhaps backup leased lines and VPN connections would work.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  10. #10
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Striek,
    I no exactly what you mean, ESP, will be the new network
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •