1 / 9

security in the post-Internet era: the needs of the many the needs of the few

security in the post-Internet era: the needs of the many the needs of the few. Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003. 2003: security ”annus horribilis”. Slammer Blaster Sobig.F increasing spyware threat attackers discover encryption

morey
Download Presentation

security in the post-Internet era: the needs of the many the needs of the few

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. security in the post-Internet era:the needs of the manythe needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003

  2. 2003: security ”annus horribilis” • Slammer • Blaster • Sobig.F • increasing spyware threat • attackers discover encryption • hints of more “advanced” attacks • and let’s not even talk about spam…

  3. 2003: security-related trends • RIAA subpoenas • growing wireless use • VoIP over 802.11 pilots • more mobile devices • more critical application roll-outs • faster networks • “personal lambda” networks • SEC filings on security? • class action lawsuits?

  4. impact • end of an era… say farewell to • the open Internet • autonomous unmanaged PCs • full digital convergence? • say hello to • one-size-fits-all (OSFA) solutions • conflict... everyone wants security and • max availability, speed, autonomy, flexibility • min hassle, cost • the needs of the many trump the needs of the few (but at what cost?)

  5. consequences • more closed nets (bug or feature?) • more VPNs (bug or feature?) • more tunneling -“firewall friendly” apps • more encryption (thanks to RIAA) • more collateral harm -attack + remedy • worse MTTR (complexity, broken tools) • constrained innovation • cost shifted from “guilty” to “innocent” • pressure to fix problem at border • pressure for private nets

  6. revelations • system administrators (2 kinds…) • want total local autonomy… or • want someone else to solve the problem • often unaware of cost impact on others • users (2 kinds: happy & unhappy) • want “unlisted numbers” • need “openness” defined by apps • feedback loop: • closed nets encourage constrained apps • constrained apps encourage closed nets

  7. perimeter defense tradeoffs • border • biggest vulnerability zone • biggest policy vs. performance concern • subnet • doesn’t match org boundaries • worst case for NetOps debugging • consider also: sub-subnet LFWs, etc. • host • optimal security perimeter • hardest to implement

  8. never say die • goal: simple core, local policy choice • how to avoid OSFA closed net future? • design net for choice of open or closed • pervasive IPsec • combine with “point response” • won’t reverse trend to closed nets, but may avoid bad cost shifts • alternative: only closed nets, policy wars

  9. questions? comments?

More Related