Atom Feed

Associated Blogs
 
Edge City
 
Numbering Peano
 
Orcmid's Lair
 
Praxis101
 
Spanner Wingnut's Muddleware Lab

Recent Items
 
Reputation and Community Trust of Download Files
 
The PITAS from PITAC And the Emperor's Security Cloak
 
Collaborative Development Spurs Open-Source Arrangements
 
Identifying Key Elements of Safety-Critical Software
 
CVSS: Common Vulnerability Scoring System
 
Open-Source License Simplification (and Trust?)
 
Identity, Authentication, and Attestation Together
 
Collaborative Systems: Social Protocols
 
Secure Computer Infrastructure as a Journey
 
Component-Based Software Engineering Projects

Archives
2004-06-13
2004-06-20
2004-06-27
2004-08-29
2004-09-05
2004-09-12
2004-09-19
2004-10-10
2004-10-24
2004-11-07
2004-11-28
2004-12-05
2004-12-12
2004-12-26
2005-01-30
2005-02-06
2005-03-06
2005-03-13
2005-03-20

Certification of Network-Attached Components?

ACM News Service: Protecting the Internet: Certified Attachments and Reverse Firewalls?.  In his 2005-03-16 CircleID article, Karl Auerbach suggests that the Internet be protected at the edges by requiring certification of edge-attached components.  Karl adopts "the converse point of view that the net is being endangered by the masses of ill-protected machines operated by users."  This would prevent many PCs from engaging in zombie activity through the simple device of having routers and broadband gateways filter outgoing as well as incoming traffic. 

What I find interesting is that there are easier ways than waiting for household firewall-router technology to be forced into certification and upgrading over time.  The service provider could be doing the same thing at the other end of the broadband pipe and the true border onto the internet.  Protecting the network from subverted edges can be done much more readily there, with detailing in the terms-of-service offered to end nodes.