From a security perspective, the recommendations in this report are
On Wed, 18 Sep 2002, Sean Donelan wrote: :Is the telephone security model better than the Internet security model? :It depends on who you ask. They both have interesting security issues. :Unfortunately, a lot of it is based on perception on both sides, and only :a little on fact. Indeed, I am currently trying to retrofit security features onto a routed network designed by people who evidently have a better understanding of switching. It is no coincidence that they just happen to be telco network architects. (I can't believe I am still describing the importance of DNS to people in 2002, but I digress..) IMHO, the telco model is based on the notion of delivering services from a set of tiered providers instead of the facilitating the interconnection of relatively autonomous networks. It's pretty much a difference of philisophical worldviews. While there is some conceptual overlap between them, they are not particularly isometric. the same things that have been advocated for the last decade. In fact it looks like many of these recommendations could have been culled from the various vulnerability assessment report templates I have seen and even used over the years. I don't mean to undermine the importance of the strategy, but I think its impact will be through adding weight to us Cassandras in the security industry. Maybe they'll legislate Cisco's SAFE architecture on us all? ;) :I can draw Internet security architectures until my fingers fall off, but :they won't have the impact of industry consensus. Well, I think the consensus was just handed to you in the form of a national mandate. In fact, I think this looks like an excellent premise for a business plan for a security consulting and managed services firm. Got Capital? Cheers, -- batz