Responding to these events must first and foremost be based on legal and business factors backed by top management and with appropriate legal advice Perhaps the most basic policy question is whether to emphasize countering the threat and continuing operations or involving law enforcement early in the process Countering may or may not stop the problem or even act as a challenge to the attacker However, it may especially if you find and close a security hole you discover end the problem quite quickly Involving law enforcement personnel will often leave you vulnerable for a longer time, because they want to gather evidence Evidence-gathering may jeopardize the privacy of other users On the other hand, if they can successfully identify and prosecute an offender, it is very hard for attacks to continue if someone is behind bars Most amateur offenders have no real economic resources, so suing them is futile But if the attack is being performed for commercial reasons such as industrial espionage or large-scale spamming, there may be a potential for financial recovery Regardless of your policy, good record-keeping when an exploit begins is essential to any subsequent action You will need it to build technical defenses even if law enforcement is never involved More complex is the situation where you are contacted by another service provider and told that an exploit is being launched from one of your hosts, either customer or infrastructure One of the complexities of the situation here is that the person responsible for that host may be completely innocent It is fairly standard practice for malicious crackers to launch their exploits through a series of machines between their actual host and the host that attacks the target You need to investigate this situation yourself to begin with and decide if your customer is cognizant of the process If the customer is innocent, you need to try to block the path the attacker is using If the customer is not innocent, then you need to consider terminating the customer s access for violation of your acceptable use policy (you do have one, don t you ) and decide if further legal action is appropriate You will have to give careful thought to the legalities and ethics of responding to requests for information about your customers either from other service providers or from law enforcement Legal advice may very well be needed, especially if a court order is involved
Looking Ahead
In this chapter we have concentrated on physical and closely related aspects of the carrier environment, but primarily on the transmission system 7 deals with the provider edge, principally with subscriber management functions there (in contrast with logical functions in 10) 8 deals with the logical structure inside the carrier, including IP routing and sub-IP protocols s 9 through 12 deal with intraprovider and interprovider routing
The Provider Edge: Layer 1, Layer 2, and the PSTN
All that Sunday I listened to people who said that the mere fact of spiking down strips of iron to wood, and getting a steam and iron thing to run along them was progress, that the telephone was progress, and the net-work of wires overhead was progress They repeated their statements again and again Rudyard Kipling A vast pulpy mass, furlongs in length and breadth, of a glancing cream-color, lay floating on the water, innumerable long arms radiating from its centre, and curling and twisting like a nest of anacondas, as if blindly to catch at any hapless object within reach No perceptible face or front did it have; no conceivable token of either sensation or instinct; but undulated there on the billows, an unearthly, formless, chance-like apparition of life Herman Melville, assuming giant squids were used for local loops Calling an access system Ethernet does not automatically make it successful or cheaper David Thorne, Presentation to IEEE Ethernet in the First Mile group
There s an old story of a visitor to New York asking a local How do I get to Carnegie Hall The New Yorker, a musician, replied, Practice, man Practice In the previous chapter, we looked at the Carnegie Hall of service provider networks, the increasingly optical core It is literally the part of the network in light The more mundane problem remains: How do the bits get there from the subscriber locations, especially those served by elderly copper pairs This chapter deals with the physical facilities that directly connect to the customer assumed here to be an enterprise and the interconnections among various wholesalers of customer services 9 deals with the logical aspects of the customer side of the customer-IPSP interface
