I was reading a Dark Reading interview with Vint Cerf, co-designer and the TCP/IP stack and chief Internet evangelist at Google. Anyone with that type of street cred is elite in my book. Vint shared his thoughts on the Internets biggest threats.
“His move from MCI to the post of chief Internet evangelist at Google in late 2005 led him to a part of the Net he hadn't focused on before: the applications. "Having spent a good portion of my career on the infrastructure of the Internet, it’s fun to work on new ways to use it."
Vint is a network/infrastructure guy now focusing on applications. I’ll give you one guess as to where he things the biggest threats are. Give up?
"Cerf says the biggest threats are the proliferation of spam, botnets, malware, and denial-of-service attacks. "Much work is needed to increase the security of the Internet and its connected computers," he says, "and to make the environment more reliable for everyone."
Cerf says the emerging Domain Name Security (DNSSEC) technology could help secure the Net's DNS servers, which have increasingly become targets. And more filtering of source IP addresses is needed. "And use of IPSec would foil some higher-level protocol attacks, and digital signing of IP address assignment records could reduce some routing/spoofing risks," he says. OSes need to be more airtight, too, and two-factor authentication should be more the norm than plain old passwords, he says.
I agree these are big and important threats, but I don’t think they are the biggest anymore. Far more damage can be done with simple web application hacks. I think XSS and CSRF are probably going to be the main threats over the next 10 years. Then again, I’m a web application and not a network security guy and have the same biases.