Should we scrap the internet and start over from scratch?
by Richard Stiennon, chief marketing officer and security strategist, Fortinet
The original design of the internet blossomed quickly – and uncontrollably – into an open network that forever changed business activity, especially in retail, finance, information and communications industries. However, the design didn't take into account the exposure of innocent users to a climate of crime.
Now some major network backbones are experiencing up to 50 percent of unwanted traffic. Threats are clogging the arteries of the internet while cybercriminals are preying on the hundreds of millions of people who rely on it daily. With 27 million new internet users per month, it's time to
consider safer alternatives.
A safer internet won't be born of an uncontrolled idea. Security vendors will become the “new infrastructure” players and will incorporate integrated protection into the internet fabric. Vendors who are making today's internet safe on the peripheral will be critical in the restructuring of the internet itself. (See “Clean Slate Design for the Internet,” for more details: http://yuba.stanford.edu/cleanslate/index.php).
AGAINST, by Steven Sprague, CEO, Wave Systems
Let's keep the existing network, but scrap some of the parts and policies. Since the beginning of the internet, there has been a significant hole in the security of the network. That hole is currently being closed by the deployment of industry standard security hardware on every new PC.
The ability to have a tamper-resistant identity of both the user and the machine will enable a new way to use the existing network. By securing the link between the end-user and the application and using policies to control access, it will be possible to eliminate the LAN [local area network] and make all connections WAN [wide area network] connections. This will actually bring us closer to the original concept of the internet.
So, let's kill the LAN and start a services-centric access model. The technology is here to do it today, it just needs to be turned on. The internet works fine, but access control is completely broken and can't support the services-based future we all imagine.
THREAT OF THE MONTH:
What is it?
Enterprises have multiple devices providing communications security for them — a classic example is server-side content scanning software such as email server AV. This software examines all content passing through a network searching for known threats. In the past year, a large number of file format scanning bugs were found in nearly every major AV software
package, many allowing for arbitrary code execution on the server, when exploited.
How does it work?
Attackers can easily fingerprint specific AV software by sending known malicious samples and awaiting a response. The attacker then sends a malformed archive, triggering the specific vulnerability in that software and disabling or gaining entry to the network.
Should I be worried?
We continue to see these new bug reports every week. Anyone can be a target of an exploit through this vector.
How can I prevent it?
Staying on top of vendor supplied patches is crucial. However, there will always be a delay between vulnerability disclosure and patch availability. Enterprises can also disable anti-virus notifications to prevent attackers from fingerprinting the AV vendor and software version when they plan an attack. Also, AV software from multiple vendors can be used to provide a diverse layer of protection.
— Jose Nazario, Arbor Networks
From the - September 2007 Issue of SCMagazine »