[LINK] Fixing the internet (was Re: internet chapter of secret ACTA draft leaked

Kim Holburn kim at holburn.net
Wed Feb 24 08:43:15 AEDT 2010 

Not to be discouraging but there is a general law (of economics?)  
whose name I forget that says: If it were easy to do, somebody would  
already be doing it.

Even if I create a small safe, protected part of the network for  
myself why should I trust someone else's safe part?  Creating a safe  
network is not simply adding border protection.  It would at the very  
least involve testing all the internal parts of the network and all  
the edge devices.  Not a simple process.  There are people who say  
that if there are windows desktops in there then it's not going to be  
safe anyway no matter what's at the borders.  Heck, there are people  
who say that if there are systems with operating systems on hard disks  
then it's not going to be safe, all systems must boot off CDs.

It's the areas of a network with desktops that are the most difficult  
to protect and to protect from.  They are the problem!

The more smarts you put at borders the slower and messier your network  
gets.  There are also severe privacy concerns with proxies and  
application gateways and DPI.  The internet works because it's a dumb  
network.  The smarts are at the edges, where the people are.  That's  
not going to change.  We have to fix the edges, if we can.

On 2010/Feb/23, at 11:24 PM, James Collins wrote:

> Thanks for your reply Kim! It's going to take me a little while to  
> answer
> all those questions! Can you ask them one at a time next time!!! :)
>
>>> We talked about the problems associated with the Copyright decision
>>> ...
>>> the function of the Australian Protected Network proposal which I
>> I went to your website or should I say web page.  It is a rather wide
>> page that doesn't really say anything or go anywhere.
>
> Sad isn't it. There's very little I can do as a lone voice in the
> wilderness. But as the APN site says, a safer, more secure network,  
> is just
> waiting for us. Collaboration requires more than one voice, and  
> while many
> like the idea of the result of this project, few are prepared to  
> stand up
> and say, "OK. Let's look into this!". I'll try and put something more
> descriptive up there, but there is just so much to do every day!
>
>> I read your submission pdf.
>
> Which submission PDF? You mean to the Cybercrime committee?
>
>> Not a lot of technical detail really.
>
> Technical details are not what they want in those submissions, they  
> made it
> very clear that Politicians had to understand it! Tricky! :) I had  
> to dumb
> it down an awful lot of times to make it acceptable.
>
>> Perhaps you could explain what it is you're trying to do?
>
> Provide a first level of defence on the Internet. A little like Social
> Networking, but instead, working together to provide "Protective
> Networking". We constantly get bombarded with information that we  
> could use
> to protect ourselves on a large scale. If those "Logical" attacks were
> physical, we would at the very least protect ourselves. Since it's an
> international issue, we'd probably get the UN involved!
>
>> Give people a firewall? A firewall they control?
>
> Yes. And not that simple. As far as the ISP end of the equation  
> goes, it
> could be anything that is able to function as a proxy and able to  
> block IPs
> and Ports selectively. As far as the user is concerned, they'd join
> communities of protection that reflect their needs. Different access  
> levels
> are given to people who want to Monitor or Moderate the network.  
> Only a
> small percentage of the population are likely to want to get  
> involved, but
> it will be possible for them to.
>
>> Ordinary users?  Can opt in or out of whatever they want?
>
> Yes, ordinary internet users have access to the Protected Network as  
> their
> Internet connection. They're able to select what protection levels  
> they
> want.

So they have to have some special hardware to opt in?  Then it's not  
simple.  If they can choose what protection levels then how are they  
safe, how can the others trust them?

>> And this is different from when grandma gets asked a weird question  
>> by
>> ZoneAlarm that even an IT professional might not be able to answer,  
>> how?
>
> Bingo! You've got one of the biggest problems with the current  
> protection
> systems right there. People don't know how to use them because they  
> are
> complex and difficult to use. I can't fix that. The final line of  
> defence is
> up to the providers of Virus and Firewall software. But we can protect
> Internet connected devices against things that we know exist, when  
> we know
> where they are coming from.

And how does the ordinary user know what level of protection to ask for?

>> A firewall which is connected to your servers and database?
>> And some kind of privileged communication between users' firewalls  
>> and
> your servers?
>
> The reason why the ISPs have to be brought onside is because that is  
> where
> the firewalling function needs to occur. Before the connection  
> enters the
> network. Hence the name Protected Network. We know an awful lot  
> about the
> origins of scams, viruses and materials that we basically don't want  
> on our
> computers (Unless we are a researcher into these things of course! Or
> perhaps you're "into" that sort of thing!?). Even if you don't  
> consider that
> I might just have something with my Knowledge Engine computer which is
> constantly searching for these things, there are lot of sources of
> information which can assist us in locating what needs to be blocked  
> to
> protect us.
>
> http://www.computerworld.com.au/article/334162/experts_us_gov_t_needs_prepar
> e_cyberwar/
>

....

>> (X) Armies of worm riddled broadband-connected Windows boxes
>
> This is where our problems are right now. 1/3 of the eastern  
> seaboard of
> Australia is infected. That's shocking. And we're just sitting here  
> arguing
> the point about whether it's worth doing something. No offence  
> intended!
> Those people, with those machines that are infected, are real  
> people. They
> are trying to use their machines, and do their banking, and run  
> their web
> searches. Let's identify their problem, where we can!, protect the  
> rest of
> the Net from them and them from themselves. Let's point them towards  
> the
> help that they need to correct their problem. They expect people  
> like us, to
> do what we can to help them. We aren't doing enough. There is so  
> much we CAN
> do.

How?  and who's going to pay for it?

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list