RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks

[Mark.Teicher () predictive com]

I really don't think security forethought would have prevented today's 
Internet from evolving, but it may have slowed it down to and hopefully 
prevent the onslaught of security vulnerabilities that is ravaging the 
country side and vendors.

Developers, Programmers and other Engineers knew about buffer overflows, 
poorly written protocols, etc.  At the time people were less concerned 
about security since Daily NEWS bulletins were not available 24 hours a 
day , seven days a week.  Today, as the communication medium now includes 
the Internet as a major contributor in connecting people who are can far 
far away or close by with in a blink of an eye.  Our view have changed, 
governments have changed, and the cost of living has increased, therefore 
introducing us to whole slew of problems waiting to happen. The Internet 
as it stands right now will that medium that delivers the last 
communication before the mushroom cloud is seen by billions of people, 
either that we all get sucked up by the aliens who secretly gave us the 
technology to develop high speed connectivity.. :)



/m




Rick Smith <rick_smith () securecomputing com>
04/13/00 09:35 AM

 
        To:     Mark.Teicher () predictive com
        cc:     firewall-wizards () nfr net, JCarson () smartronix com, CrumrineGL () state gov
        Subject:        RE: [fw-wiz] SANS Flash: Urgent Request For Help In Stopping DOS Attacks


At 07:55 AM 04/13/2000 -0700, Mark.Teicher () predictive com wrote:
> Actually, security was a big contributor in the Internet evolving, if it
> was not for initial military funding, the Interner would not have existed
> as early as it did.  Security features were definitely a big part back
> then, but after some of the initial involvement was completed, other
> parties got involved and things have evolved to what we have today..

You seem to suggest that the Internet "lost" some security capabilities it
had in its early days.

I say that those security features would have prevented today's Internet
from evolving.

The security features you allude to were part of the original ARPANET,
which was a closed network that could only be extended if the controlling
authority (the DOD) agreed. All the "routers" (IMPS in Arpanet parlance)
resided in relatively secure machine rooms managed by organizations that
the DOD trusted to some extent (military bases, defense contractors, and
universities heavily involved in defense research). It was a very 
difficult
and expensive proposition to get connected to the Arpanet. The network
never grew past dozens of nodes and hundreds of hosts.

Contrast this with the Internet. All you had to do was get a telecom
connection to an ISP and you yourself could become an ISP. Nobody had to
ask permission to add hosts to the Internet, they just did it. ISPs grew 
up
in garages, basements, under beds, anywhere. The lack of centralized
control fueled the Internet's growth. But the technical flexibility that
supported its exponential growth also allowed the recent rash of DDOS 
attacks.

Incidentally, none of us who worked on the Arpanet considered it a
particularly "secure" network. Most of its security relied on the physical
protection of IMPs and on administrative control of connected host
computers. Software based access control was weak or nonexistent in many
places, and dial-in numbers were widely and carelessly distrubuted. But it
was very rare for peoples' work to be disrupted by outside interference. 
So
the user community didn't really want much more security.

Rick.
smith () securecomputing com