<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Nov 24, 2014 at 5:24 PM, Ray Dillinger <span dir="ltr"><<a href="mailto:bear@sonic.net" target="_blank">bear@sonic.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Note to list participants: check the CC line of the original message<br>
before responding.<br>....<br>> Brief: The FBI is proposing a security service to assist American<br>> companies in achieving network security. It is called CITAS, for<br>> "Computer Intrusion Threat Assessment System." <br>......<br>> Less briefly:<br>> <a href="http://dillingers.com/blog/2014/11/24/citas-threat-assessment-system/">http://dillingers.com/blog/2014/11/24/citas-threat-assessment-system/</a> <br><br>> This arrangement strikes me as likely to be highly effective in terms of<br>> security, because the FBI could leverage manpower and monitoring effort<br>> across a huge pool of honeypots truly indistinguishable to attackers<br>>from genuine targets. <br></blockquote><div><br></div><div>As you stated a program like this both good and bad. <br>The international criminals are doing troubling things</div><div>so I am inclined to say that this is a good thing. </div><div>In the new IPV6 world I see this as a great idea for a while.</div><div><br></div><div>But there is always the halting problem -- how to make these</div><div>boxes go away. They consume: space, bandwidth, power, cooling.</div><div>They demand access for installation upgrade etc... unfunded </div><div>and unpaid for it is a hidden tax.</div><div><br></div><div>Another problem is how to let the device discover enough about</div><div>the world around it to be effective. That process could result</div><div>in many quietly owned machines. If the honeypot signature</div><div>was discovered by the bad guys that quietly already own many </div><div>machines for some future purpose "badder" things might happen.</div><div><br></div><div>I am a fan of honeypot technology but I believe it is too easy</div><div>to corrupt and also too easy for the internet to become immune</div><div>to a monoculture of honeypots. It is a known fact that software</div><div>test systems fail to adapt and catch less and less interesting problems</div><div>as the developer community get immune to the known issues.</div><div><br></div><div>For example fail2ban, d<span style="color:rgb(84,84,84);font-family:arial,sans-serif;line-height:16.5454540252686px">enyhosts </span>and friends know how to share bogus contacts.</div><div>I would be willing to share my disallowed contacts with {d<span style="color:rgb(84,84,84);font-family:arial,sans-serif;line-height:16.5454540252686px">enyhosts,</span>hpot}.<a href="http://fbi.com">fbi.com</a></div><div>and get a filtered list of bad actors in return.</div><div><br></div><div>A better program is to go back to operating system design and</div><div>build a better foundation (including hardware). One pressure is </div><div>the industry that provides virus protection. If M$ eliminates the need litigation might follow. </div><div>The baby steps we are seeing makes it difficult to squash the root</div><div>of the problem..... </div><div><br></div><div>In the world of mandated health care I can see a requirement that</div><div>anti virus software be provided free to all ISP customers (like flu shots).</div><div>My ISP is Comcast-Xfinity and they do provide a no additional charge package. </div><div>I am sure it saves them a lot of spam consuming bandwidth. </div><div><br></div><div>One step might be a public POSIX standard for WindowZ..... That would permit</div><div>alternate systems to be developed and run the same software products safer. </div><div>Yes I am naive... err dreaming. </div><div><br></div><div><br></div></div><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>