On Sat, 17 May 2008 09:34:19 -0500 travis+ml-nanog@subspacefield.org wrote:
On Sat, May 17, 2008 at 04:47:02PM +0930, Matthew Moyle-Croft wrote:
I'm sure it'll be good for a number of security providers to hawk their wares.
If the way of running this isn't out in the wild and it's actually dangerous then a pox on anyone who releases it, especially to gain publicity at the expensive of network operators sleep and well being. May you never find a reliable route ever again.
I personally like Gadi's work, but not as much as I like getting my packets to their destination. I personally don't quite understand why netops keep buying proprietary, closed technology for routers, but I'm not and have never been a netop so I'm sure there's good reasons. To me it seems that if you need reliable router hardware, you can buy that from a vendor, but in theory I don't see why the software for routers couldn't be much more open. When I can, I reflash my WAPs with DD-WRT, because at least then I understand the system (and you can't secure what you don't understand), but I am not saying that's much of a comparison.
Have you read and security validated every line of open code you're running? Even if you've only read and security validated 99% of it, you're still trusting that the other 1% doesn't have any vulnerabilities in it. Then again, even if you have audited every line of code, and it is 100% "secure", who's to say the compiler used to compile it is ... so you'll have to audit that too. "Reflections on Trusting Trust" http://cm.bell-labs.com/who/ken/trust.html And then, even if you trust your build environment because you've audited it, who's to say that the CPU itself doesn't have a vulnerability in its microcode (accidental or intentionally), or the harddrive, or the TOE network card (that can probably establish TCP connections completely transparent to the OS it's working fo) or the keyboard doesn't have a built in key sniffer, inserted by the chip manufacturer when the designers outsourced it. (The TOE card is an interesting one - they'd commonly be used on high performance servers, and typically those are holding or have access to the organisation's most sensitive data ...) So the only way you can be absolutely sure is to build everything or audit everything yourself, from the transistor level up through the layers OSI RM. And even then, you're battling your own human frailty - how can you be sure you haven't missed something? As the cliche goes, "If you want something done properly, you have to do it yourself." If you can't do it (all) yourself, because you don't have the time and the expertise, then inherently you have to place a level of trust in other people. Regards, Mark. -- "Sheep are slow and tasty, and therefore must remain constantly alert." - Bruce Schneier, "Beyond Fear"