Comments on: Securing Against BotNets

By: theo

theo — Tue, 15 Sep 2009 20:48:56 +0000

“What do you think, should there be mandatory computer security capabilities installed and updated in every computer and device connected to the Internet?“
No. However, I do agree that the Internet’s wild west phase may be drawing to a close, and that as stated elsewhere in the comments, the ISP’s of the world should (perhaps by mandate) take a more active role in securing the net. Most end user’s just want to use the web for e-mail, shopping, surfing and banking and bill paying. They just want the thing to WORK, like their toaster and television work. See one of the world’s 140 million blogs for more on this: someblackthoughts.com

By: SG

SG — Tue, 04 Aug 2009 22:00:11 +0000

Markus
Based on your comments, you are uninformed about what has taken place. I have been involved in cyber attacks and defense for since the mid 90s and you really need to listen and open you mind. While Kevin has done an ok job presenting what happens in public, the real concern is the classified attacks that are not made public. I am sure those influence his comments. This is a for non-classified data and I can assure you the classified side is much more of a target and sees more advanced attacks and use of BotNets.

By: Markus Wolf

Markus Wolf — Tue, 04 Aug 2009 18:16:04 +0000

Kevin calm down, don’t get your panties in a bunch. I’m sure you will never have a problem getting people in a big frothing lather over “cyber crimes”. It will go the way of the Y2K freakfest though.

By: daskro

daskro — Tue, 04 Aug 2009 15:33:15 +0000

The fact of the matter is the appropriate measures to minimize botnet attacks have been implemented by the big tech companies for years. They are secure enough so that disruption goes unnoticed. Alternatively, government agencies do not operate under the same paradigm. They have annual budgets dictated by tiers of bureaucracy that limit the size and scope of IT modernization efforts. These efforts are disjointed amongst departments and agencies and breed an inconsistency in policy & implementation. Now we have a huge assortment of IDIQ & SETA contracts for specialized IT security because the government is incapable of doing it themselves, qed the government lacks an IT department.

By: jenny

jenny — Mon, 03 Aug 2009 23:53:26 +0000

Maybe off topic? The attorney Mario Apuzo has stated in a complaint that they attacking his site and from what I understand google is in cohorts with them and it seems the group is international here is a link.http://puzo1.blogspot.com/2009/07/censorship-by-google-and-blogspot.html. Then my protection was switched off. second time. just info

By: Brian

Brian — Mon, 03 Aug 2009 23:31:39 +0000

Out military uses the best defense against botnets, its not on the same network, not even connected at all. There are public facing military networks but they are isolated from the regular network. The problems here relies in insecure public networks.
There are no effective defenses against large botnet networks when they reside on your netowrk. Filtering only works to a point but concentrated attacks against a relatively few nodes that makeup the internets core nodes by a relatively few number of bots would effectively shut down the internet.

By: markus Wolf

markus Wolf — Mon, 03 Aug 2009 19:33:19 +0000

“Botnets have been around for over a half decade, and nothing said in this article or of recent development is new, unexpected, or unprecedented. Technolytics is looking for some new security contracts.“
Thank you, I was just about to post something similar. Unfortunately people who don’t even know how email works will pass bills spending hundreds of millions on “cyber security”.

By: Ptsfp

Ptsfp — Mon, 03 Aug 2009 16:40:38 +0000

If computer security programs were mandatory by law, then I think Brian is on the right track.
I get bugged by relatives enough to “fix my anti-virus program” because an update didn’t go right. God forbid that an intrusion detection/ security system be added to the mix…
If it is mandated by law, then I believe that the Internet Service Providers (ISP) be tasked with the additional security responsibility. Make it hardware based and installed on their routers.
It would need to be hardware based for speed, but flashable for updates. Being hardware based, its code would be more protected against manipulation by malicious individuals.
Also, being at the ISP end, it would free the end users from another “Windows Update” program, and less tech support calls from relatives… :)

By: james b

james b — Mon, 03 Aug 2009 15:39:37 +0000

Why anyone would connect a mission critical system to the internet cloud is beyond me. The risk described in this article is created by lazy IT technicians allowing a known flawed and poorly understood operating system to manage their network traffic. Lease a dedicated line for goodness sake.

By: daskro

daskro — Mon, 03 Aug 2009 13:05:32 +0000

Botnets have been around for over a half decade, and nothing said in this article or of recent development is new, unexpected, or unprecedented. Technolytics is looking for some new security contracts.