Xref: utzoo comp.dcom.lans:2053 comp.protocols.tcp-ip:5620 Path: utzoo!utgpu!watmath!clyde!att!osu-cis!killer!mit-eddie!bu-cs!kwe From: kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) Newsgroups: comp.dcom.lans,comp.protocols.tcp-ip Subject: Network Security Keywords: network security virus Message-ID: <26314@bu-cs.BU.EDU> Date: 29 Nov 88 22:46:26 GMT Organization: Boston Univ. Information Tech. Dept. Lines: 27 I have been thinking about the role of the internet in the recent virus/worm attack. I have come (as have others, I am not claiming originality here) to these conclusions: The network was instrumentally involved in the worm/virus propagation. The network was instrumental in the fight against the virus, for the exchange of mail and code. Networks are secure when they operate properly. In order to have secure networks, we need network routing information exchange and network management protocols that are authenticated, robust, and secure against spoofing and malicious disruption. The ospfigp protocol is the best place to start to build robust, secure internetwork routing exchange protocols before we get bitten by a network bug. We need some *serious* authentication capability in SNMP. Discussion? Is ospfigp secure enough now? What about real authentication in SNMP? What have I left out (eg, arp cache security)? I leave security on a broadcast medium like Ethernet as a separate discussion topic (eg, snooping for passwords). Kent England, Boston University