Re: Re[3]: national security
2003-11-29 06:01:50
At 00:49 29/11/03, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
OK.. change "HQ computer" to "www.ANYTHINGBIG.com", and change "enemy" to
"random hacker in another country". There's boxes that *have* to be visible
to the world because they provide service and connectivity to the outside
world - and you can't even hand-wave "put them in a DMZ" because then you
still need that address mask to tell if the other end of the connection is
coming from outside, another DMZ machine, or an internal machine.
Yes. but more than that. We talk of the internet itself. The US strategy
may amount to an US DMZ or a chain of DMZ. I do not think there are any
objection to that. Except that it underlines that we are not in an open
worldwide network anymore, or at least not at the same layer.
This has a first direct implication which is the impossibility to accept
anything unique and common to systems which wants to be unique by
themselves. One has to find other solutions. No master / slave, not peer to
peer.
One good example is the DNS. TTLD Managers are authoritative (like running
their own DMZ). Yet ICANN wants to be authoritative (hence the problems it
faces). Question: is there a way to make authoritative indepedent systems
to share into an unique common system?
This leads to an anlyze of the authority and shows that the American
language misses the word (hence the commonly shared images and
understanding, capacity to discuss it) we found in Europe as "conceration"
(French/Eurospeak). This means that authority is not delegated (as DNS
says), nor shared (as in a democracy) but retained by each participant
(making consensus the only decision process - as at the IETF, ITU, do ).
One may name this polycracy. Currently the European problem in accepting 10
new countries is to regress from polycratic decision process to democratic
votes. This creates sngle point of failures: the group or the unique
country (on 25) making the majority and rises the difficulty (polycratic
consensus had solved): the quality of the voter. Some times Luxembourg has
not the same weight than Germany or France.
This is the same with networks. Most of the propositions I hear here are
not acceptable on the long range because they are ideas to develop
something, not to better serve a group. Engineers see a network as
connected machines. Developpers as communicating applications. Users see
them as groups of people.
When you think about reducing risks to the people (not only haked machined
or DoSed network), you must thnk global (in the Engilsh/French
meaning: i.e. all the parts of the concerned whole - not as a
single/simpliistic whole - as "put the militaries behind a DMZ"). So you
must look as the point of failure of each element (hardware, software and
brainware) and then of the system.
To take your example or mine. The hacker is going to intrude the computer.
The foreigners are going to intrude the networks. All this is going to make
the nation (its computers through its networks) unstablized. If you take
the barycenter of all the single points of failure, you will discover that
in most of the cases:
- in Peace time it is the Parliament. Because major decisions are taken
there. Example the anti spam law, right now, in the USA which is a major
threat on many countries economomy in legalizing bandwith consuming
mailing. And you use a Police to protect the Parliament.This is not the
case we consider.
- in time of crisis, it is one single person (too fast to ask for a law).
And the real decision maker is the person next to him. This is why military
HQs are potentially everywhere. They are where a decision is required, in
front of a weakness, at a critical time. Army is the tool to land the
decision make at the single point of failure to reduce it.
jfc
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re[6]: national security, (continued)
- Re: Re[2]: national security, Valdis . Kletnieks
- Re[4]: national security, Anthony G. Atkielski
- Re[2]: national security, jfcm
- Re[3]: national security, Anthony G. Atkielski
- Re: Re[3]: national security, Valdis . Kletnieks
- Re: Re[3]: national security,
jfcm <=
- Re[3]: national security, jfcm
- Re: Re[3]: national security, John C Klensin
- Re: national security, Paul Robinson
- Re: national security, vinton g. cerf
- Re: national security, jfcm
- Re: national security, Dean Anderson
- Re: national security, Valdis . Kletnieks
- Re: national security, Karl Auerbach
- Re: national security, vinton g. cerf
- Re: national security, Karl Auerbach
|
|
|