Assuming no time, money, people, etc resource constraints; securing the Internet is pretty simple. 1. Require all providers install and manage firewalls on all subscriber connections enforcing source address validation. 2. Prohibit subscribers from running services on their own machines. Only approved provider managed servers should provide services to users. 3. Prohibit direct subscriber-to-subscriber communication, except through approved NSP protocol gateways. Only approved NSP-to-NSP proxied traffic should be exchanged between network providers. Are there some down-sides? Sure. But who really needs the end-to-end principle or uncontrolled innovation. "No, the electric telegraph is not a sound invention. It will always be at the mercy of the slightest disruption, wild youths, drunkards, bums, etc.... The electric telegraph meets those destructive elements with only a few meters of wire over which supervision is impossible. A single man could, without being seen, cut the telegraph wires leading to Paris, and in twenty-four hours cut in ten different places the wires of the same line, without being arrested." - Dr. Barbay, Paris France, 1846