Richard Rumelt, in his excellent blog "Strategy Land" wrote a post: "We Need to Rebuild the Internet" in which he asserts that "anonymity is a design flaw in the Internet". I agree that anonymity is a significant problem, however its causes are assignable to deeper design flaws and decisions that have implications for the future resolution of problems like spam and vulnerabilities of the Internet backbone (and thus every person, organization and state relying on the Internet) to cyberattacks.
NAT
In my view, the anonymity problem arises from a coupling of the Internet design assumption of identity-based trust within its most basic Internet protocols (BGP, SMTP) and the widespread adoption of Network Address Translation (NAT) in the 1990s. The 1990s witnessed explosive growth in Internet access that quickly exhausted the supply of unique Internet network addresses. Earlier in the decade, it became clear that this expansion was coming and that the Internet, if it continued using the existing addressing scheme, would be unable to support the coming expansion. The solution that was adopted is known as Network Address Translation (NAT). ISPs, since the 1990s use NAT to provide Internet addresses to their customers in a way that permits more endpoints on the Internet than there are unique Internet addresses. The price that was paid, however, was the introduction of anonymity to Internet traffic. One might think that this was an elegant solution, and in some ways it was indeed. However, the designers of NAT meant it to be a short term fix to a big and significant problem. They knew that it violated assumptions of trust and identity that are a fundamental part of the Internet's design.
Twenty years later, ubiquitous use of NAT across the Internet has created an environment where unscrupulous persons, willing to violate the law for financial gain or other malicious purposes, operate with impunity under the shield of anonymity. This is the ultimate cause of the spam that shows up in your inbox, the anti-virus software you run, the wasted bandwidth transporting spam and malware to your workplace only to delete it (hopefully) upon receipt, the multiple, expensive prevention systems that your workplace spends its money on instead of the valuable projects that would further your organization's objectives, and, perhaps most worrisome, the vulnerability of our communities and states to devastating cyberattacks.
IPv6
With change comes opportunity! IPv6 is a (sort of) new Internet addressing scheme that has the potential to solve the problem that gave rise to NAT. However, NAT is embedded in firewalls, routers and switches everywhere. The coming transition to IPv6 from IPv4 could eliminate the use of NAT on the Internet and eliminate the problem of endpoint anonymity. Eliminating anonymity will expose script kiddies and other unsophisticated cybercriminals while raising the cost of admission for those more motivated.
Learn More
For a detailed explanation of NAT read this 2004 article by Geoff Huston of the Centre for Advanced Internet Architectures and for more timely information about the future of the Internet, check out his blog at www.potaroo.net.
For an introduction to trust issues with BGP read this ars technica article: "Gaping hole opened in Internet's trust-based BGP protocol".
Saturday, December 10, 2011
Saturday, December 3, 2011
Illegal Downloads
Welcome to EDUberGeek and thank you for taking a look at my new blog!
The idea of blogging has been rattling around in my brain for some time now. I explain social networking to people often, lecture about the benefits of Web 2.0 to my students but I have yet to "eat my own dog food". So, here goes ...
University of Alaska just announced that within a week they will throttle student Internet bandwidth to control the practice of illegal downloading. You may not be aware that, since July 1, 2010, colleges and universities in the US are required by law (Higher Education Opportunity Act - 2008 or HEOA) to use "technology-based deterrents" to combat unauthorized distribution of copyrighted material.
Maybe the cold arctic air is slowing the synapses of those folks up in Alaska. First off, 2Mbps is plenty of speed to download videos and music, legal or not. This reminds me of when the teacher punished everyone in the class when nobody owned up to who threw that eraser! If only someone could invent a way to throttle just the bandwidth made available for certain kinds of undesirable traffic! Or maybe detect the traffic when it happens and give the student a warning. Oh what? There's an app for that? Check out UNC's approach to this problem.
To comply with HEOA, we decided to employ deep packet inspection to identify types of Internet traffic entering and leaving our campus network then make bandwidth available to that traffic flow according to traffic policy rules. Our rules also consider the network addresses of the two computers involved, one on the Internet and one on campus. This allows us to provide high bandwidth for legal sites like hulu, netflix, youtube and itunes but restrict bandwidth for P2P downloads.
Things are heating up over this U. of Alaska's decision. I don't think that's the kind of heat they want.
Learn More: Copyright Criminals, Copying Right and Copying Wrong ..., Cisco NBAR, EDUCAUSE
P.S. (to really smart network engineers out there - you know who you are)
Two technologies we don't have and could really use:
The idea of blogging has been rattling around in my brain for some time now. I explain social networking to people often, lecture about the benefits of Web 2.0 to my students but I have yet to "eat my own dog food". So, here goes ...
University of Alaska just announced that within a week they will throttle student Internet bandwidth to control the practice of illegal downloading. You may not be aware that, since July 1, 2010, colleges and universities in the US are required by law (Higher Education Opportunity Act - 2008 or HEOA) to use "technology-based deterrents" to combat unauthorized distribution of copyrighted material.
Maybe the cold arctic air is slowing the synapses of those folks up in Alaska. First off, 2Mbps is plenty of speed to download videos and music, legal or not. This reminds me of when the teacher punished everyone in the class when nobody owned up to who threw that eraser! If only someone could invent a way to throttle just the bandwidth made available for certain kinds of undesirable traffic! Or maybe detect the traffic when it happens and give the student a warning. Oh what? There's an app for that? Check out UNC's approach to this problem.
To comply with HEOA, we decided to employ deep packet inspection to identify types of Internet traffic entering and leaving our campus network then make bandwidth available to that traffic flow according to traffic policy rules. Our rules also consider the network addresses of the two computers involved, one on the Internet and one on campus. This allows us to provide high bandwidth for legal sites like hulu, netflix, youtube and itunes but restrict bandwidth for P2P downloads.
Things are heating up over this U. of Alaska's decision. I don't think that's the kind of heat they want.
Learn More: Copyright Criminals, Copying Right and Copying Wrong ..., Cisco NBAR, EDUCAUSE
P.S. (to really smart network engineers out there - you know who you are)
Two technologies we don't have and could really use:
- a "copyright" filter that examines network traffic and determines if it is copyrighted
- an "illegal" filter that determines endpoint intent with regard to breaking the law ... LOL
Subscribe to:
Posts (Atom)