kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) (11/30/88)
I have been thinking about the role of the internet in the recent virus/worm attack. I have come (as have others, I am not claiming originality here) to these conclusions: The network was instrumentally involved in the worm/virus propagation. The network was instrumental in the fight against the virus, for the exchange of mail and code. Networks are secure when they operate properly. In order to have secure networks, we need network routing information exchange and network management protocols that are authenticated, robust, and secure against spoofing and malicious disruption. The ospfigp protocol is the best place to start to build robust, secure internetwork routing exchange protocols before we get bitten by a network bug. We need some *serious* authentication capability in SNMP. Discussion? Is ospfigp secure enough now? What about real authentication in SNMP? What have I left out (eg, arp cache security)? I leave security on a broadcast medium like Ethernet as a separate discussion topic (eg, snooping for passwords). Kent England, Boston University
romkey@asylum.sf.ca.us (John Romkey) (11/30/88)
In article <26314@bu-cs.BU.EDU> kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) writes: > Networks are secure when they operate properly. I'm going to pick a nit. You're automagically defining what "operate properly" means here. I don't think it's a truism that a network that operates properly is secure. You might quite happily build a small network that's not connected to any other networks that has no security and be quite happy with it - it's operating properly without security and there's no need for security (actually, here isolation is a form of security). A network that is conformant with current TCP/IP specifications is not necessarily secure but does operate properly. -- - john romkey romkey@asylum.uucp romkey@xx.lcs.mit.edu romkey@asylum.sf.ca.us Find the cost of freedom, buried in the ground Mother Earth will swallow you, lay your body down.
kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) (12/01/88)
In article <1009@asylum.sf.ca.us> romkey@asylum.UUCP (John Romkey) writes: >In article <26314@bu-cs.BU.EDU> kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) writes: >> Networks are secure when they operate properly. > >I'm going to pick a nit. > >You're automagically defining what "operate properly" means here. I >don't think it's a truism that a network that operates properly is >secure... > >A network that is conformant with current TCP/IP specifications is not >necessarily secure but does operate properly. >-- That's no nit, that's a whole difference of opinion. Or, we have a difference of semantics at the very least. I really do mean to say that the "network" is secure when it routes packets properly. Of course, the network applications, like telnet, ftp, smtp are not secure at all simply because the network routes packets properly. I mean that if the network is routing properly, that further efforts to secure the applications running on the network should focus above the transport level. Some people would argue that networks ought to implement access control filters as a means of securing applications that use the network. I think this is ineffective and misguided. Some people think that networks ought to be shut down when applications come under attack, like what is happening with the ftpd bug on milnet right now and what happened this November with the virus attack. I think that this is inappropriate. Our networks have security risks right now. We need to address these routing and network management issues. But when it comes to addressing password cracking and handling ongoing attacks, we should be focusing on areas other than transport and routing. Perhaps we agree after all? Certainly my one line statement needed some amplification.
romkey@asylum.sf.ca.us (John Romkey) (12/04/88)
In article <26342@bu-cs.BU.EDU> kwe@buit13.bu.edu (Kent England) writes: >Some people >think that networks ought to be shut down when applications come under >attack, like what is happening with the ftpd bug on milnet right now >and what happened this November with the virus attack. I think that >this is inappropriate. Yes, actually, having a worm or virus that spreads through mail is particularly insidious, because even if the system managers don't overreact to the point of just unplugging their computers, they will turn off their external mailers and mail is a key way of distributing fixs against the attack. > Perhaps we agree after all? Certainly my one line statement >needed some amplification. I'm not sure if we agree or not or if it matters, really (actually, I'm pretty sure that we don't and it doesn't). You're right, the phrase "secure network" is certainly brimming over with possible meanings. My clarified opinion is: I don't think that a network necessarily has to be "secure" - its basic routing functions or its applications immune to attack - to be thought of as operating properly. Probably lots of different people have lots of different ideas on what a "operating properly" means with regard to a network - I'm sure you'll hear a wide range of transfer rates and reliablities (I don't think that qualifies as a word, oh well...) and other variables. But it's a semantic quibble; it was clear from your original message that you consider a "security" to be a requirement for proper operation. I just want to make it clear that not everyone does. -- - john romkey romkey@asylum.uucp romkey@xx.lcs.mit.edu romkey@asylum.sf.ca.us Find the cost of freedom, buried in the ground Mother Earth will swallow you, lay your body down.
childers@avsd.UUCP (Richard Childers) (12/05/88)
In article <26314@bu-cs.BU.EDU> kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) writes: > In order to have secure networks, we need network routing >information exchange and network management protocols that are >authenticated, robust, and secure against spoofing and malicious >disruption. And dedicated storage for detailed traffic logs ... > We need some *serious* authentication capability in SNMP. I hope it's not mandatory ... it adds overhead that's not always needed. > Kent England, Boston University -- richard -- * Black holes are out of sight * * * * ..{amdahl|decwrl|octopus|pyramid|ucbvax}!avsd.UUCP!childers@tycho * * AMPEX Corporation - Audio-Visual Systems Division, R & D *