Create an Account
username: password:
 
  MemeStreams Logo

RE: Bush Administration to Propose System for Monitoring Internet
search
Home Agent Weblogs Social Network Post Help About

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
RE: Bush Administration to Propose System for Monitoring Internet
Topic: Politics and Law 3:42 am EST, Dec 21, 2002

OK, time to replace news paper sensationalism with a
little down to earth fact.

First off, the author of the story everyone is forwarding
around is John Markoff. This is the guy who brought you
the Kevin Mitnick fiasco. Just keep that in mind and don't
forget to bring along a few grains of salt.

I'm linking here the September version of the document.

On the whole, this document is excellent. As a computer
security professional I would strongly support this set
of proposals. In fact, the general outline reminds me of
the set of recommendations I gave South Korea's "Cyber
Terror" Response Center two years ago. Of course, its much
more detailed and far better. I only had a 45 minute talk
given through translators. However, I strongly agree that
this is the correct direction for us to be moving in.

Furthermore, it should be noted that the need to protect
personal privacy and liberty are specifically underlined
through out the document. These concerns form a much more
significant part of the document then the text in question,
and the government correctly observes that often privacy,
liberty, and infrastructural security can be improved
simultaneously, and that improvements in one area often
assist the other.

This is the specific text in question:

] ISPs, hardware and software vendors, IT
] security-related companies, computer emergency
] response teams, and the ISACs, together, should
] consider establishing a Cyberspace Network
] Operations Center (Cyberspace NOC), physical or
] virtual, to share information and ensure
] coordination to support the health and reliability
] of Internet operations in the United States.
] Although it would not be a government entity and
] would be managed by a private board, the Federal
] government should explore the ways in which it
] could cooperate with the Cyberspace NOC.

My answer is a resounding YES. I've been responsible for
security for a large ISP. Almost every attack occurs
across multiple networks, and it is very important to
be able to rapidly coordinate between different networks.
However, in the past, efforts to build such organizations
have failed. ISPs do a good job of sharing ideas about
technical problems and up to date information on outages
through forums like nanog, but for various reasons, attempts
to get REAL TIME access to engineers at other ISPs for
security emergencies have failed. I suspect that this is
because providing real time assistance to a competitor in
an emergency is not something most ISPs feel highly
motivated to do.

Currently, if you track a security problem into another ISP's
network, you are left sitting on hold at their customer
service department. You get a level one tech who doesn't
understand why you are calling them if you aren't a customer.
This could be a serious hassle in the event of an
unprecidented security emergency.

Now, Markoff says:

] The government report was first released in draft
] form in September, and described the monitoring center,
] but it suggested it would likely be controlled by
] industry. The current draft sets the stage for the
] government to have a leadership role.
]
] The new proposal is labeled in the report as an
] "early-warning center" that the board says is required
] to offer early detection of Internet-based attacks as
] well as defense against viruses and worms.

It would sure be nice if I could see a copy of this...
However, the article goes on to argue that what they
want to do is install a carnivore type system in every
ISP which will provide a central location with information
about real time network traffic.

The problem with the quotations, is that until the new
draft is released, they are completely speculative. At a
low level, an intrusion detection system works the same
way as carnivore. However, at a high level, the sort of
information what extracts from it is very different.

It is possible to imagine an IDS on every network,
controlled by the FBI, which they can log into and sniff
from if they need to. But, such a system has not been
proposed. It probably won't be proposed. And if it was
proposed, it wouldn't be enacted, because it would be
illegal.

In fact, any coordinated effort to have IDS systems
automatically share information with authorities about
suspicious packets including source and destination
address information would be unconstitutional on its
face.

THIS WILL NOT HAPPEN WITHOUT A CONSTITUTIONAL AMENDMENT.

Furthermore, IDS systems tend to be extremely noisey,
and prone to false positives. If they did this, it would
be totally ineffective, because there would simply be
too much information for them to handle.

The reason they want ISPs to coordinate is because they
cannot handle the complexity of this in a centralized
way. Having the government involved is a good idea
because previous efforts to make this happen in the
industry without government involvement have failed. The
government has interests in this from a nation security
standpoint that the ISPs, as businesses, don't have on
their own.

As an ISP, if I determine that my network is under
attack, and I want assistance, then I can go to a
NOC like this with the information that I have. "Please
tell network XYZ to stop sending SYN packets to me."

Establishing a central NOC will facilitate this, because
you can rest assured that the people who can act on
the information you have will get it, and you don't
have other ISPs and low level tech support people
between you and the solution to your problem.

So, basically, lets wait until they actually make a
proposal before jumping the gun here.

RE: Bush Administration to Propose System for Monitoring Internet

Thread [3]


  
 
Powered By Industrial Memetics		RSS2.0