There has been considerable discussion over the last few days about Wired Magazine’s decision to publish a story detailing the inner workings of the Slammer worm. As more and more traffic moves over the Internet, the network is increasingly becoming a key element of the overall global telecommunication infrastructure, especially now that companies are starting to move telephone traffic over the net. Yet, most of the conversation relating to Internet security seems to focus on computer operating systems, pitting Windows vs. Linux, generally ignoring some of the potential issues relating to the lower levels of the network, namely routers. While I applaud Wired for distributing information that will be useful in securing windows servers in the future (their analysis of the Slammer worm showed how an attack can be performed), I was disappointed that the story did not include any details as to how we can secure those important components of the net. When cell phone networks start coming off the map, we know we’ve got problems. As more and more telecom traffic moves over the net, what will be done to secure it? As we all know, the net has been based on a long-time system of open collaboration and shared trust. As the universe of net users expands, we now have a full representation of every character in society, including some of the more unsavory ones. That last group might have some interest in taking down the net. With the emergence of Warhol Worms, the net is moving forward into an era of potentially increasing stability. In April 2001, after Netscape took down the DTD for RSS, I said
We need to ensure redundancy across the network as a whole.
At the time, my comments were centering around the evolution of a single format. As the net moves forward, the same words can be applied to the wider spectrum of protocols on the net. I dare hope that people will see this as a battle cry to enhance our key infrastructure. Otherwise, the next time something like the Slammer worm comes around, we may end up loosing more that 15% of net traffic; we may end up loosing access to a complete information infrastructure that could include mobile phones, land lines, Internet access, and more.