Internet security: What will work

SECURITY ADVISER

Here's a radical plan for making the Internet safe for every legitimate user

By Roger A. Grimes
January 18, 2008

Talkback

E-mail

Printer Friendly

Reprints

Because approved users can still do bad things using approved programs, it's essential that network packets be authenticated from source to destination, and traceable back to their originating point. This will prevent a user from creating malware and sending it to another location, or prevent a malicious user from using another innocent user's computer to do the same. In my Internet world, if the bad guy "borrowed" someone else's computer, we'd always be able to trace the perpetrator back to their lair.

Routers and networks that carry our information from point A to point B would also be authenticated and their unique identities added to each passed packet. It wouldn't be as slow as you think -- network devices are working at electric speeds (the speed of light minus minor, unavoidable impedances). Tacking on a unique, authenticable identifier will not add that much overhead.

The downside
Unfortunately, my brilliant idea (probably already thought of by a hundred other great minds decades ago) requires a complete rebuild of every involved component: hardware, software, and user logons. The good thing is that most of the technology and smarts to make it happen already exist. A tweak here or there is all that is needed...well, that and universal cooperation and planning.

Because we like to do things in evolution vs. revolution, my model proposes "rings of trust," where differing levels of trust can be defined by each participating party. Users and computers not up on the latest computer security checks will be assigned a lower level of trust and have to go through additional (traditional) layers of security checks (anti-virus, anti-spam, and so on). Traffic arriving from users and computers with higher levels of trust will go directly to their intended destination.

Yes, even this system will be hacked, but it will fix the discovered problem, and all malicious exploits of that vulnerability are prevented at once. This beats our current game of "whack-a-mole" security defense.

If you don't like my plan, stay with the current status quo or make up your own plan. Stay on your version of the Internet and compute away. I'm hoping that someone powerful enough, a consortium of enough interested people and companies, comes together to make my vision a reality. Dare to dream.

And if you can make up a better solution, the world should beat a path to your door. Until then I'll just continue to believe my solution is the only one.

Roger A. Grimes is contributing editor of the InfoWorld Test Center. He also writes the Security Adviser blog and the Security Adviser column.

« PREVIOUS PAGE | 1 | 2

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

Why San Francisco's network admin went rogue

Can you really live without Microsoft Office?

San Francisco's mayor gets back keys to the network

Mac (in)security: How to secure Macs in business

>> Talkback: Have your say

Virtualization: A Step by Step Approach to Success
Your virtual machines can be up and running in a matter of minutes. HP and Citrix have integrated XenServer with HP ProLiant servers and management tools, powered by hardware-assisted Intel Virtualization Technology to enable high- performance, cost-savings solutions for server consolidation and disaster recovery. Sponsor: HP

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

A Closer Look at SaaS Purchasing Behaviors and Attitudes - Citrix Online recently conducted a survey on the subject of SaaS purchasing behaviors and attitudes by gathering feedback...
Configuration Assessment: Choosing the Right Solution - Configuration assessment lets businesses proactively secure their IT infrastructure and achieve compliance with important...
SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse - Data continue to grow while queries are becoming increasingly complex. Through participation in Oracle's Optimized Warehouse...
Five Steps to Secure Outsourced Application Development - How can you ensure that code delivered to you by your offshore partner is secure? This Whitepaper will cover the risk in...
Global Shared Memory: Performance and Productivity Breakthroughs - It's been called "hitting the memory wall," and it refers to the way data access hierarchies can impose unwanted limits ...
How IT Quality Managers Respond to SOA Change - This paper describes the challenges an HP customer and other IT quality managers face when applying traditional test tools...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

•

Application development

•

•

•

•

•

•

•

•

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

Internet security: What will work

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
SGI - SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse Microsoft - Learn about the software-based VoIP solution from Microsoft. Vizioncore - Complete Solutions for Virtual Server Management Microsoft - Meet Windows Server 2008. The server unleashed. HP - Whitepaper: How IT Quality Managers Respond to SOA Change Xerox - Experience the colorful side of business at www.frugalcolor.com IBM - Webcast: Take control of your content- leverage MOSS HP - Whitepaper: Software Quality Management for SOA AT&T - Thinking about IMS AT&T - Factors to consider when comparing DSL or Cable AT&T - Going mobile with today's technology AT&T - What to expect from a Technology Assessment. Polycom - Telepresence For The Enterprise GoToMyPC - Research Brief: Providing Secure and Cost-Effective Remote Access AppAssure - Keeping the E-Mail Flowing Tripwire - Secure your virtual and physical environments with the same software. CA - Efficient - Flexible - Compliant PGP - Is Your Data Safe? Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Curl - IT Guide: Rich Internet Application (RIA) Security Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. Cirba - Advanced Workload Analysis Techniques		Rackspace - Go Green Without Sacrificing Server Performance CA - Manage your IT more effectively. AT&T - Measuring mobile productivity CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event Cirba - Consolidating Workloads onto Mainframes AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist