nanog mailing list archives
How to secure the Internet in three easy steps
From: Sean Donelan <sean () donelan com>
Date: Fri, 25 Oct 2002 13:14:22 -0400 (EDT)
Assuming no time, money, people, etc resource constraints; securing the Internet is pretty simple. 1. Require all providers install and manage firewalls on all subscriber connections enforcing source address validation. 2. Prohibit subscribers from running services on their own machines. Only approved provider managed servers should provide services to users. 3. Prohibit direct subscriber-to-subscriber communication, except through approved NSP protocol gateways. Only approved NSP-to-NSP proxied traffic should be exchanged between network providers. Are there some down-sides? Sure. But who really needs the end-to-end principle or uncontrolled innovation. "No, the electric telegraph is not a sound invention. It will always be at the mercy of the slightest disruption, wild youths, drunkards, bums, etc.... The electric telegraph meets those destructive elements with only a few meters of wire over which supervision is impossible. A single man could, without being seen, cut the telegraph wires leading to Paris, and in twenty-four hours cut in ten different places the wires of the same line, without being arrested." - Dr. Barbay, Paris France, 1846
Current thread:
- Re: DNS issues various, (continued)
- Re: DNS issues various Richard Forno (Oct 24)
- Re: DNS issues various Kelly J. Cooper (Oct 24)
- Re: DNS issues various Valdis . Kletnieks (Oct 24)
- Re: DNS issues various Kelly J. Cooper (Oct 24)
- Re: DNS issues various Valdis . Kletnieks (Oct 24)
- Re: DNS issues various Barry Shein (Oct 24)
- Re: DNS issues various Sean Donelan (Oct 24)
- Re: DNS issues various Barry Shein (Oct 24)
- Re: DNS issues various Peter Salus (Oct 24)
- Re: DNS issues various Ben Browning (Oct 24)
- How to secure the Internet in three easy steps Sean Donelan (Oct 25)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
- Re: How to secure the Internet in three easy steps Sean Donelan (Oct 25)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
- RE: How to secure the Internet in three easy steps Sameer R. Manek (Oct 25)
- Re: How to secure the Internet in three easy steps Etaoin Shrdlu (Oct 25)
- Re: DNS issues various Richard Forno (Oct 24)
- Re: How to secure the Internet in three easy steps Ryan Fox (Oct 25)
- Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
- Re: How to secure the Internet in three easy steps Sean Donelan (Oct 25)
- Re: How to secure the Internet in three easy steps Scott Granados (Oct 25)
- Re: How to secure the Internet in three easy steps batz (Oct 25)