On Mon, 13 Mar 2000, Chris Brenton wrote:
Patrick Greenwell wrote:
Suddenly, the list got very, very quiet. In fact, since I posted that message, there hasn't been a single post to the list. Emperically, this suggests to me that while everyone is quick to spend countless hours expressing an opinion on mailing lists, there is nobody willing to invest in making this happen.
I recently because associated with a security group working out of Dartmouth College. The focus of this group has not only been on internal security but issues that effect the Internet as a whole. The group already has a pretty good amount of funding. I could probably score enough backing and office space for a NOC that could address the issues that are being discussed. While I doubt I could raise the $50M someone suggested earlier, I could probably come up with enough for equipment, a small staff and to maintain a number of guru types on a consulting basis.
I think it is an intersting idea, however I believe it somewhat misses the point. While a "clearinghouse" is indeed a potentially useful entity, my suggestion centers more around actually getting NOCs to talk to each other and come up with a common approach to event handling. My 100,000 foot view tells me the problem is not security, it is a lack of communication between providers. Enable that, then a reasonable stab can be made at semi-cohesive security alert notification.
My fear is that if we do not address these issues as a community, government/law enforcement will eventually step in and try and take care of it for us.
Absolutely correct. The infrastructure is beginning to generate far too much revenue to be ignored anymore. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Earth is a single point of failure. \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/