[LINK] What's a reasonable level of code-checking?

Darryl (Dassa) Lynch dassa at dhs.org
Sat Aug 19 21:36:05 AEST 2006 

Rick Welykochy <mailto:pirkeepie at yahoo.com.au> wrote:
|| --- "Darryl (Dassa) Lynch" <dassa at dhs.org> wrote:
|| 
||| The more protocols available, the less secure.  To be really secure,
||| each protocol would also be locked down to specific destinations.  A
||| stateful firewall which would also inspect the packets for known
||| issues would also be required to cut down on spoofing and middle man
||| attacks.  Still not totally secure but starting to get there.  The
||| only really secure way is to have direct connections to the
||| destination without devices belonging to others anywhere in the
||| link. 
||| 
||| We compromise with security and cost.
|| 
|| That we do.
|| 
|| I am an IPv6 agnostic (well, I believe IPv6 exists, but know
|| little about the protocol). Can any Linkers fill me in here?
|| I'm wondering if the new version of IP will provide more
|| security, and how. I understand that encryption is built
|| into the protocol. How about higher level things like
|| authentication and/or authorisation? Or is that simply
|| asking too much of the IP layer?

A thorny question that still needs an answer.  I haven't seen a generally
acceptable proposal as yet although a lot are trying to come up with something
that will be acceptable.  It is a transport protocol really and putting too
many layers onto it doesn't really help.
 
|| What I am fishing for is a mini-panacea for our current
|| TCP/IP woes ;) Or does such a thing not exist due to the
|| nature of "consumers" who, as we know, are easily socially
|| engineered into making online blunders -- something
|| technology can hardly save them from.

This will always be the sticking point.  Once users are entered into the
equation we have to allow for their mistakes and little transgressions.  Not
something we can totally control with technology.  Social attacks are a major
factor in any security model.  We can try, with warnings and other methodology
to educate users but in the end, they must take responsibility for their own
actions, something most individuals are trying to get away from the more
technology and society progresses.  Personally I believe instead of evolving
into higher intelligence and responsibilities, society is breeding generations
that are being dumbed down except in specific areas and outside of those
areas, they are clueless and lack the originality to be able to cope.

In otherwords, we are fast becoming a society of genius/idiots.  I used to
study history with an aim to understand the future, one thing I gained from
that was an appreciation for the cycles we go through.  We grow, expand,
innovate then specialise, finally comes the downfall.  We are currently in the
specialise section from my analysis.  I'm not sure what the downfall will be
like.

Darryl (Dassa) Lynch

More information about the Link mailing list