On Tue, 15 May 2007, Joe Greco wrote:
The thing is that there's always been too much functional separation between the business of this list which is operating a network, and the security focused lists. The business of operating a network has often conveniently ignored anything that doesn't actually cause the network to collapse, but which regardless makes the network a less-than-nice place to be.
Is spam directly related to the business of Network A peering via BGP to Network B? Doubtful. Clearly, it is not. Packets keep flowing. Internet is more than email.
However, where does that change? What sort of things are operational? Things that affect internet at large. Things that affect our routers.
As long as we choose to interpret "operating a network" as being merely things that involve enable on a router, yes, it's way off-topic. Sadly, many (most?) networks view their operation in a way that emphasizes this sort of attitude. As a result, we still don't have basic security things that should /also/ be a fundamental part of netops, such as BCP38 at any point where it is reasonable to do so (like at virtually every edge). That's certainly on-topic (why is BCP38 is not implemented as much as it should be).
You and I and lots of other people on this list are on on many or all of those sorts of lists.
In most organizations larger than a handful of people, the netops people are not necessarily the same as the security people, and I've often found that the groups do not understand issues happening in the other arena. That's an issue for those organizations. :) However, security people have their own mailing lists, and *forcing* operations people to be involved in security issues is counter-productive. (You don't make your security people to read nanog-l, do you?)
While cross-pollination is acceptable and in fact desired dragging the business of one group of community interests in to the domain of another is not appropriate.
Were they all truly separate, this would be true. They're not all truly separate. Pretending that they're separate would be a convenient way to allow your network to continue peeing in the pool, ignoring problems, which (sadly) doesn't seem to be an unusual attitude at certain networks. Sadly, the alternatives (resulting in trying to police the internet) are much worse than status quo.
Those of us who have been implementing BCP38-style filtering since before BCP38 existed, on the other hand, may take a slightly more mature view of what "network operations" involves, and it sure covers a lot more ground than what you can do with enable on a router.
I do not consider host security to be directly connected to netops. However, it certainly has an impact, and to a certain extent, a little occasional discussion is warranted. When it is affecting internet at large (think nachi/nimda/codered), clearly.
Gadi may tend to bring along a little too much discussion, though. I think a lot of people would agree with that. I think this is the case of a 'boy who cried wolf' too many times.
I find it sadly ironic that the netops community, which largely runs huge commercial for-profit networks, would think that others would handle the security aspects for them - and do it for free. Those who run huge commercial for-profit networks usually have people who are dedicated to security aspects...Ones not so lucky usually have same
<snip> people who are both operations and security and peering - and we are subscribed to all the mailing lists we need to know to get all our jobs done. And I think its the way things should be.
What's pathetic is that these same large networks usually can't be bothered to do much (or anything) to eliminate the environment which provides work opportunities for security consultants. Do I smell a "final ultimate solution" somewhere? :)
[note the cc to nanog-futures - please strip cc to nanog-l from the replies to this email. meta-discussions belong on -futures] alex [speaking for myself only]