Security in the post internet era the needs of the many the needs of the few
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

security in the post-Internet era: the needs of the many the needs of the few PowerPoint PPT Presentation


  • 52 Views
  • Uploaded on
  • Presentation posted in: General

security in the post-Internet era: the needs of the many the needs of the few. Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003. 2003: security ”annus horribilis”. Slammer Blaster Sobig.F increasing spyware threat attackers discover encryption

Download Presentation

security in the post-Internet era: the needs of the many the needs of the few

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Security in the post internet era the needs of the many the needs of the few

security in the post-Internet era:the needs of the manythe needs of the few

Terry Gray

University of Washington

Fall Internet2 Meeting

16 October 2003


2003 security annus horribilis

2003: security ”annus horribilis”

  • Slammer

  • Blaster

  • Sobig.F

  • increasing spyware threat

  • attackers discover encryption

  • hints of more “advanced” attacks

  • and let’s not even talk about spam…


2003 security related trends

2003: security-related trends

  • RIAA subpoenas

  • growing wireless use

  • VoIP over 802.11 pilots

  • more mobile devices

  • more critical application roll-outs

  • faster networks

  • “personal lambda” networks

  • SEC filings on security?

  • class action lawsuits?


Impact

impact

  • end of an era… say farewell to

    • the open Internet

    • autonomous unmanaged PCs

    • full digital convergence?

  • say hello to

    • one-size-fits-all (OSFA) solutions

    • conflict... everyone wants security and

      • max availability, speed, autonomy, flexibility

      • min hassle, cost

  • the needs of the many trump the needs of the few (but at what cost?)


Consequences

consequences

  • more closed nets (bug or feature?)

  • more VPNs (bug or feature?)

  • more tunneling -“firewall friendly” apps

  • more encryption (thanks to RIAA)

  • more collateral harm -attack + remedy

  • worse MTTR (complexity, broken tools)

  • constrained innovation

  • cost shifted from “guilty” to “innocent”

  • pressure to fix problem at border

  • pressure for private nets


Revelations

revelations

  • system administrators (2 kinds…)

    • want total local autonomy… or

    • want someone else to solve the problem

    • often unaware of cost impact on others

  • users (2 kinds: happy & unhappy)

    • want “unlisted numbers”

    • need “openness” defined by apps

  • feedback loop:

    • closed nets encourage constrained apps

    • constrained apps encourage closed nets


Perimeter defense tradeoffs

perimeter defense tradeoffs

  • border

    • biggest vulnerability zone

    • biggest policy vs. performance concern

  • subnet

    • doesn’t match org boundaries

    • worst case for NetOps debugging

    • consider also: sub-subnet LFWs, etc.

  • host

    • optimal security perimeter

    • hardest to implement


Never say die

never say die

  • goal: simple core, local policy choice

  • how to avoid OSFA closed net future?

    • design net for choice of open or closed

    • pervasive IPsec

  • combine with “point response”

  • won’t reverse trend to closed nets, but may avoid bad cost shifts

  • alternative: only closed nets, policy wars


Questions comments

questions? comments?


  • Login