Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security

Network Webcurity Wishlist? 512

Posted by Cliff from the bending-the-governments-ear dept.
breillysf asks: "I am a California-based network security attorney who has been asked by a senior US Senator to compile a list of the most important legal concerns facing network security administrators. He has a good feel for the government security issues (and lack there of), but he is concerned about what is going on in the front lines in the private sector. I thought the Slashdot crowd would have the best feel on the pulse of the current situation. Specifically, if you could ask Congress for help in the area of network and information security, what would you ask for? Or would you tell them to get out of the way?"

"For example, I tried to push for tax incentives for upgrades in network security measures, but the Senator replied that is dead in the water because we are now spending into a deficit. He would rather see insurance companies reward firms with lower premiums for enhanced security. But there are International legal issues, compliance issues, privacy complications, potential negligence liability exposure, lack of federal incident response, FOIA and anti-trust issues with info sharing, conflicting state and federal cybercrime and privacy laws, USA Patriot Act concerns, etc."
This discussion has been archived. No new comments can be posted.

Network Webcurity Wishlist? More

Network Webcurity Wishlist?

Comments Filter:

  • Egress filtering (Score:3, Informative)

    by cgleba ( 521624 ) on Wednesday December 05, 2001 @12:43PM (#2660060)
    A professor at the University of Massachusetts named Brian Levine pointed this out and I wholeheartedly agree:

    It should be regulated that every network only allow their alotted IP to leave their network -- aka egress filtering.

    For example (using unassigned addresses purely for example), if you have a 192.168.5.0/24 subnet, you should not allow 10.10.5.0/24 addresses to leave it -- aka ONLY allow 192.168.5.0/24 addresses to leave it .

    If everyone did this it would solve most of the IP spoofing problems and add a lot of accountability without infringing on people's privacy. Massive DoS attacks could be traced and stopped.

  • Re:Egress filtering (Score:2, Informative)

    by James Youngman ( 3732 ) <jay.gnu@org> on Wednesday December 05, 2001 @01:07PM (#2660218) Homepage
    This possibly doesn't buy you much - many DDOS attacks utilise captured machines, and so there would be no requirement to spoof the source address - since it is not the attacker's own address.

    FWIW, nobody should allow 10.0.0.0/8 addresses to leave their network, since it is a RFC1918 address.

  • Re:Don't ban tools! (Score:3, Informative)

    by sheldon ( 2322 ) on Wednesday December 05, 2001 @01:14PM (#2660277)
    "Say what you will about Steve Gibson..."

    Naw, I'll let these guys [ntbugtraq.com] say it. :)

  • Crypto is the strongest tool we have. (Score:2, Informative)

    by braddock ( 78796 ) on Wednesday December 05, 2001 @01:24PM (#2660344)
    Cryptography is the strongest weapon we have against cyber-terror.

    Whatever is done, don't put limits on cryptography.

    I design secure cryptographic-based architectures for a living. I can't design a secure information system without strong cryptography.

    It's a shame that in the public eye cryptography became a "tool of terrorism" in the days following 911, when in reality it's our only hope for an attack-resilient Internet infrastructure.

    At the same time, it is a merit to Congress that crypto limits have NOT yet emerged in the reactionary aftermath.

    -Braddock

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close