Bad Beowulfs &c

jok707s at mail.smsu.edu jok707s at mail.smsu.edu
Sun May 14 03:39:16 PDT 2000 

Nathan L. Cutler mentions the speed with which many of the security holes are 
discovered and how fast the fixes are developed and made available.  This 
leads him to argue that a centralized "map" of Internet weaknesses would 
become obsolete fairly quickly.  Of course, there is a big difference between 
a patch being *available* and that patch being actually *applied* to all the 
appropriate systems.  I'm sure that there are some network admin types on this 
list, so it seems reasonable to ask this question: how many of you can 
honestly say that you *always* keep fully updated with *all* the security 
procedures that you should have in place?  How far behind do you sometimes 
get?  Of course, I'm not asking anyone out there to reveal any really 
dangerous secrets about their systems.

There was also a mention of possible non-electronic, strictly physical attacks 
on the Net infrastructure.  If a large & dispersed terrorist group were 
planning something big, they could combine hi-tech, medium-tech, and low-tech 
attacks to do the most damage.  Perhaps beowulfs and other computers could be 
used to analyze the "topologies" for these broader scenarios as well.

In summary, I would say that the amount of disagreement on this list about the 
level and variety of security threats (both beowulf and non-beowulf) is a good 
argument for doing some appropriate war-gaming.  Even if such gaming is 
already in progress, we could always use more; there are too many possible 
scenarios.  Consider all the possible permutations and combinations of beowulf 
cluster configurations that have not been tried yet; we might need a beowulf 
just to calculate how many arrangements there could be for each given number 
of nodes.  (BTW: has anyone done these kinds of calculations yet?  Just 
curious.)

Anyway, I was thinking that a number of different parts of the business 
community would have an interest in sponsoring further research on all these 
Internet vulnerabilities.  Besides such obvious ones as the security firms, 
there are also the insurance companies.  And how about all those venture 
capitalists who are pouring their dough into wild & crazy dot-coms?  Wouldn't 
they like to know the survival chances of the overall environment that they're 
investing in?

If anyone knows someone who knows someone who might be willing & able to offer 
a research grant, give them my email address. . . .

Thanks once more for the feedback.  If I dream up any more nasty questions, 
I'll be sure to let you folks see them.

Joel

More information about the Beowulf mailing list