Tag Archives: Internet

Detection is much more important than prevention –Bruce Schneier

Reviewing Bruce Schneier’s 2004 book Secrets and Lies, much of which was written in 2000, reminds us of something really basic. You can’t just fix security. Security is a process, most of which is about knowing what’s going on. Detection is more important than prevention. To which I add that for detection we need comparable Internet-wide metrics on security performance so every organization can see what’s going on and will have incentive to do something about it because its customers and competitors can see, too. Sound familiar? That’s what SpamRankings.net is about.

Joe Zack posted in Joezack.com on Bastille Day, 14 July 2013, Secrets and Lies: Nine Years Later,

2. “Detection is much more important than prevention”

Schneier keeps coming back to this point. He had this epiphany in 1999 that “it is fundamentally impossible to prevent attacks” and “preventative countermeasures fail all the time.” Security is “about risk management, that the process of security was paramount, that detection and response was the real way to improve security.” (emphasis mine)

I had formerly thought of security as largely being about prevention. A year ago, if you have asked me about “InfoSec” I might have prattled on about firewalls, injection attacks, encryption and good passwords. That’s still important, but now I know that there’s a lot more to it.

Zack says he thinks Schneier was like Nostradamus for having such insight before NSA PRISM and even before Facebook. Sure, Bruce has always been ahead of his time. But that basic insight was not unique to him, and Continue reading

Egypt Returns

Egypt returned to the Internet about 09:30 GMT today (2 February 2011). This sudden return after being as suddenly disconnected one week ago (27 January 2011) is obviously not due to ordinary causes such as congestion, cable cut, or router failure. This political disconnection of an entire country does not seem to have helped the regime responsible for it; quite the opposite.

-jsq

Transparency in Rome

Here’s my presentation, Transparency as Incentive for Internet Security: Organizational Layers for Reputation, from RIPE 61 in Rome. This presentation summarizes the two previous RIPE Labs papers about proposed new organizational layers and outbound spam ranking experiments.

RIPE-NCC is the oldest of the Regional Internet Registries (RIRs), and RIPE is the deliberately unorganized association of interested parties that meets twice a year and holds discussions online in between. It’s a mix of operations, research, and socializing. Topics range from obscure details of deploying IPv6 to organizational proposals such as what I was talking about. 430 people attended the meeting in Rome, which was quite a few more than the dozen or two of the first RIPE meeting I went to many years ago.

Interesting questions were asked. I may blog some of them.

-jsq

Daniel Karrenberg and RIPE Atlas

Daniel Karrenberg shows an animation related to RIPE Atlas, RIPE’s new active measurement project using USB-powered dongles scattered around the Internet.

Video by jsq at RIPE 61 in Rome, Italy, 15 Nov 2010. His slides, the RIPE Atlas home page, and the conference will put up video of all the talks within about a day.

-jsq

PS: My talk is 11AM Rome time tomorrow, Tuesday 16 Nov.

Outbound Spam Ranking Experiments

Should Uganda Telecom be counted as a Belgian ISP for outbound spam rankings?

Which matters most: history, topology, business headquarters location, or some other criterion?

These are some questions that come up in designing experiments in rolling out a reputation system for outbound spam. More on this in the RIPE Labs article (8 Nov 2010), Internet Reputation Experiments for Better Security.

Such experiments can draw on fifty years of social science research and literature, first crystalized as Social Comparison Theory by Leon Festinger in 1954, that indicate that making personal reputation transparent changes personal behavior. More recent research indicates that the same applies to organizations. Using anti-spam blocklist data, it is possible to make E-Mail Service Provider (ESP) behavior (banks, stores, universities, etc., not just ISPs) in preventing or stopping outbound spam transparent, and this paper is about experiments to see how the resulting reputation actually changes ESP behavior.

-jsq

Organizing the Cloud Against Spam

In RIPE Labs, here’s a paper on Internet Cloud Layers for Economic Incentives for Internet Security by the IIAR Project (I’m the lead author). Anti-spam blocklists and law enforcement are some Internet organizational layers attempting to deal with the plague of spam, so far reaching a standoff where most users don’t see most spam, yet service providers spend large amounts of computing and people resources blocking it.
The root of the ecrime problem is not technology: it is money.
Continue reading

NANOG: The Impacts of Adding Undersea Capacity to East Africa

Keven Chege of KENET at NANOG 50 talked about rapid deployment of cable for Internet use throughout east Africa, despite vandalism including copper theft and sabotage by competing ISPs. Many national research and eduction networks (NRENs) at least planned in the area. KENET in Kenya has “Made the big leap from VSAT to fiber” and is helping coordinate the region; slides include proposed regional mesh map. Also talking to google and Akamai.

Akamai guy stood up immediately afterwards and said he hear KENET was talking to google and asked that they should talk to Akamai as well.

-jsq

NANOG: Coping with Relentless Demand Growth

David G. Ross ofThe David Ross Group Inc. at NANOG 50 talked about data cables under the sea, in which he revealed that Internet growth has not only not paused during the recession, it has increased, and it continues to increase in every region in which his company operates, including Asia, Middle East, and Africa. North Atlantic hasn’t had any new submarine capacity in years, in “the most competitive capacity market on Earth”. It will probably run out in a few years, so now there is demand to build new cables there. Each cable costs about $200 million to install.

Slight downside: early remark that he was sure things were the same as they were when he worked for a telephone company.

-jsq

Iranian Internet Disturbances

iran20090615.gif Here’s an example of some Internet routing in Iran, in this case on the way to the Ministry of Foreign Affairs on Monday 15 June 2009. Normally, routing and latency don’t change much. Starting Saturday 13 June, the day after the election, routing and latency have become increasingly disturbed. More here.