Living on the East Coast, I often wonder how the early pioneers lived without Doppler radar and the Weather Channel. Today, we know about hurricanes weeks ahead of time, and you have days to batten down the hatches, gas up the car, and buy strawberry Pop-Tarts at Wal-Mart. Think I'm kidding about the last item? It's a consumer behavior proven to be an early indicator of where a hurricane will actually strike. Just look up the phrase "hurricane poptarts walmart" in your favorite search engine.
We often say that security should be baked in to any system from the start, but we usually don't do it -- especially with the Internet. In the early days, the architects of the Internet were just trying to get a few separated computers to communicate with each other. By the time the miscreants began showing up to wreak havoc and commit cyber crimes, it was too late to rebuild the Internet's basic underpinnings. It's been a hardscrabble fight ever since, with the good guys and end-users losing most of the way.
[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. | Get a dose of daily computer security news by following Roger Grimes on Twitter. ]
One of the best things we could do for the Internet is to create an early-warning system (EWS) to warn us against rapidly spreading malware, spam attacks, and the like. Having thought about this for years, I envision this EWS as being a free, centralized, Internet-wide service -- a DNS where participants could report and keep abreast of security events.
Here's how it would work: First, trusted devices or people would post notifications about malicious events to the service the moment they're noticed. Examples include the following:
- "IP address x.x.x.x is currently serving up a botnet"
- "XYZ Company is currently under attack by a spam worm and any email coming from them should be investigated more thoroughly"
From there, any person or device could query the health status of any destination or origination point. Thus, when my email server receives an email from a given domain, it would send a one-packet query to the "Internet health service" to see if the sender's domain has been reported as healthy or ill. In either case, it would require only one packet to be sent and one packet in reply.