Forwarded from: Russell Coker <russellat_private> On Wed, 10 Jul 2002 14:20, you wrote: > "By 2009, there will be over 2 billion Internet-enabled devices, > each with an IP address, in the U.S. alone, and 6 billion > altogether," predicted Schmidt, vice chair of the President's > Critical Infrastructure Protection Board, in his keynote before the > 30th annual international conference of the Information Systems > Audit and Control Association (ISACA). The conference was attended > by nearly 300 security professionals from 37 countries. 6 billion, that's a lot more than the IPv4 address space. So these machines will presumably be mostly running in private networks without routing to the Internet. From what we've seen so far it's doubtful that IPv6 will really take off before 2009. > The devices on the IP packet-based network of the future, predicted > Schmidt, will include not just computers, but also traffic lights, > elevators, appliances and even pacemakers. But the IP networks of > 2009 will be unstable, subject to "constant security outages," > unless both This leads people to imagine pace-makers being stopped, elevators going into free-fall, lights turning all-green, etc. Elevators have a variety of emergency breaking mechanisms to prevent them going too fast, the maximum speed is designed to be slow enough that you can survive a sudden stop. Elevators can't move with the doors open (the doors have steel bars attached that extend into the sides of the lift shaft and prevent movement when open). Preventing traffic lights in both directions turning green at the same time via relays shouldn't be too difficult, and it's not THAT much of a problem when lights just stop entirely. The problems that will occur from such things won't be as great as some people seem to expect. > "The routing tables of the future will be unmanageable; there will > slowdown and failures, and malicious and criminal activity between > 2002 and 2009 all mean the Internet quits working," warned Schmidt. > He even forecast a future in which "special aircraft will be flying > the routing tables" physically to servers after periodic network > brownouts. Can someone who actually runs core routers debunk this silly idea? I could write about theoretical solutions to theoretical network problems, but it would probably be better if someone who has the practical experience could describe how they fixed their last major router crash. > In addition, computer viruses, the "zero-day viruses and affinity > worms," will be surreptitiously entering IP devices, causing > widespread devastation by wiping out business records. > > "In a major brokerage house, it will enter through the CEO's house > by infecting the CEO's PC, then the corporate network, and > scrambling the brokerage house trading records," said Schmidt, who > was formerly chief of security at Microsoft before joining the > President's Critical infrastructure Protection Board in December. So you sack the CEO and the CIO and replace them with competant people. > Electrical power grids, controlled by networks, could collapse in > 2005 due to distributed denial-of-service attacks that block traffic > to IP-based management devices, Schmidt said. Economically, all > these Why would an electrical company want to use public IP networks when their entire business is about laying cables around the country? Putting a few optic fibers in the same cable run is easy enough, apparently some electricity companies are considering also becomming commercial data carriers for this reason... > The federal government is monitoring a situation that arose during > the past year in which it was discovered that vulnerabilities in the > Simple Network Management Protocol (SNMP) would allow attackers to > take over SNMP-based routers, switches, applications and firewalls. > This vulnerability, detailed by Finnish researchers, has been traced > back to what's called ASN.1 encoding, which caused dozens of network > and applications vendors to issue software patches in a race to fix > networks before hackers exploited the vulnerability. What we need is mandatory access control systems on all systems that matter. Then when a snmpd is exploited it won't have access to do any damage or disclose any significant amount of secret data. Russell Coker - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 07:17:41 PDT