I very much agree with Vladis here. I'm probably stating the obvious, but.. One of the major points visible during virtually any one of these significant security events is the way coordination works, how well processes are defined and how well they end up working in terms of tactical detection & response. Sure, strategic preparation is crucial, too, laying the ground work for tactical activities, but ultimately it matters how well you can execute and communicate. Question on my mind is just how much more aggressive the impact of a worm etc can be before it overwhelms the ability to coordinate effectively to stop it before everything goes critical. As we gear up on the service provider side, the other side in this arms race tries to think of new ways to create maximum damage quickly. If they fail to beat the their victims to the punch, they fizzle. I don't believe that a large scale monitoring center is effective in the long run as communication becomes evermore pervasive. I believe a coordination/communication's facility is far more effective, and we'd all be better served with that. But unless we can demonstrate that information overload along the lines of "more isn't necessarily better" doesn't increase effectiveness, these knee jerk reactions (with secondary agendas) will continue ever since they were kicked off post-9/11. In fact, I don't think it's all that far off to think that the scale required will tie up tremendous resources and just be in itself another target for being DoS'ed by way of information overload. And I'm not even going to go down the road of all the concerns of what happens with the massive amount of information being collected, in a jurisdiction lacking effective privacy protection as it is. YMMV. Thanks, Christian -----Original Message----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] On Thu, 30 Jan 2003 04:21:40 CST, Jack Bates <jbates@brightok.net> said:
in this. My question is why large providers couldn't interlink themselves and establish guidelines for notification and resolution of network issues. They manage it for peering, why not for overall performance and security issues?
"I'll get back to you Tuesday or when NANOG posts embarrass me" works for peering issues, but not for security issues. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech ***** "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers."