Create an Account
username: password:
 
  MemeStreams Logo

RE: Digital Vandalism Spurs a Call for Oversight
search
Home Agent Weblogs Social Network Post Help About

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
RE: Digital Vandalism Spurs a Call for Oversight
Topic: Computer Security 11:38 pm EDT, Sep  3, 2003

Jeremy wrote:
] If you are unable to actually solve your problems, you can at
] least generate a lot of paperwork to document those failures
] for posterity.

I tend to agree. These problems are not the result of negligence. They are the result of complexity. Clearly the standards for handling all of this stuff are not "stable" enough to warrant the kind of controls that are possible in the automotive industry. These rules would create barrriers to entry for small companies (which is why Microsoft likes them), but would do little to improve the situation (this code is already subject to review).

Security is a systemic problem and it requires a systemic solution. The original White House plan emboddied the right kind of approach and I don't think we should change course in a reactionary way. I still haven't seen the stuff in the WhiteHouse strategy come down the pipe ::

1. Government systems should be audited and subject to stringent standards.
2. Essential non-goverment systems should also be subject to standards. The existing HIPPA regulations are not an unreasonable starting point.
3. There ought to be clearing houses for information about vulnerabilities and good administrative practices.
4. Network service providers should be required to implement certain basic restrictions, such as anti-spoofing filters on the network's edge. We ought to offer tax subsidies and liability shelters to ISPs that "keep there house clean" in terms of scanning their customer's networks, running IDS systems, and moving "owned" customer machines off of the internet until they can be repaired.
5. This stuff ought to trickle down all the way to the home user. Home computer users ought to get messages from Tom Ridge telling them to keep their patches up to date. Your personal internet security status impacts all of us.

Implicit in all of this mostly educational effort ought to be the message that computer security, much like preventing forest fires, is everybody's job. You ought to think about it.

We need to train people to think about how their computers expose them to the network. What services are they offering? Should they implement NBT for file sharing, or something like WebDAV? Furthermore, we need to train people to feel personal ownership of the computer security problem and be responsible about it.

This is not a silver bullet, but it would certainly have been possible for the 500,000 machines that got infected with blaster to have patched their systems beforehand. How hard is it to click that Windows Update button when it flashes? Solid efforts to train people to do this will pay off in less costly incidents.

RE: Digital Vandalism Spurs a Call for Oversight

Thread [3]


  
 
Powered By Industrial Memetics		RSS2.0