Leaky Cyber Borders

posted May 22, 2002

Simson Garfinkel: 'Just as nations now regulate their physical frontiers, so too will they regulate their electronic ones--using computer security rather than objectionable ideas as their justification.'

This won't work very well on a national level, because of the virtual impossibility of determining what a bad packet is. A virus forwarded over email could very well be a McAfee employee in Europe forwarding something found in the wild to the main McAfee labs in the US. Most other "bad" documents may have similarly importent legitimate uses. On the national scale, you just can't block on any reasonable criterion without paying a horrible price (by which I mean actual money).

Of course, there are two consequences: One, the ways the legit senders find to get around the system will be quickly exploited by the same non-legit senders. Two, the cost of The Only Solution A Beauracrat Will Ever Think Of, more paperwork and trying to create a gigantic exceptions table, will be high. The exception table itself becomes a security liability as it goes out of date, and the cost of maintaining it is huge. (The cost of not maintaining it is also huge.)

Really, in the long term, the only viable solution is to make it easier for people to secure computers. We've still got a long ways to go on that front, though. It's another human complexity issue; the myriad of ways the web is used cannot be correctly administered from the top, it can only be approximentally administered. Unfortunately, every mistake made by the administration is another security hole.

I'm sure this will be tried, but I would guestimate only about two month's respite from the onslaught will be bought, before it returns to previous levels. Sorry. No magic solution.

(Note the original article is merely observing the likelihood of this firewall being constructed; he doesn't seem to express an opinion on the issue, so if you just read my comments here, don't draw any conclusions about the author's opinions.)

 

Site Links

 

RSS
All Posts

 

Blogroll