170 likes | 178 Views
Explore the evolution of internet security and the impact of network isolation on connectivity. Dive into the challenges of adapting to a fragmented online landscape and the consequences of overlooking operational integrity. Reflect on the loss of the network utility model and the rise of liability concerns, leading to a shift from innovation to risk aversion. Evaluate the future of cybersecurity in a world where the perimeter defense is no longer sufficient. Join the conversation on redefining internet paradigms and finding a balance between open networks and secure systems.
E N D
disconnect: security in the post-Internet era Terry Gray University of Washington S@LS workshop, chicago 12 August 2003
alternative titles • strained bedfellows:--protection for promiscuous connectors • open minds and closed networks:--confessions of a True Believer • life in the post-Internet era:--my journey to unenlightenment • defense in doubt:--preventing the post-Internet apocalypse • the Perimeter Protection Paradox:--searchin’ for security in all the wrong places
outline • thesis • metamorphosis • grief counseling • what we lost • how we lost it • consequences • critical questions
thesis • the Open Internet is history--”get over it“ • cheer up, things could be worse--and will be if we aren’t careful • we can still make good decisions--to avoid even worse outcomesS@LS goal: evaluate alternative futures
metamorphosis: Internet paradigm • 1969: “one network” • 1982: “network of networks” • 199x: balkanization begins • 2003: balkanization complete • 2004: paradigm lost?
metamorphosis: workshop goal • 2000: “network security credo” • 2001: “my first NAT” • 2002: “uncle ken calls” > quest • 2003: “slammer” > intervention • 2003: “dcom/rpc” > wake
metamorphosis: success metrics • nirvana then • open Internet / network utility model • successful end-point security • nirvana now? • operational simplicity • admin-controlled security • user-controlled connectivity
grief counseling • denial • anger • bargaining • depression • acceptance--simultaneously!
what we lost: network utility model • the network utility model is dead--long live the NUM • all ports once behaved the same • simple • easy to debug • now they don’t: • bandwidth management polices • security policies
what we lost: operational integrity • lost: network simplicity, leading to • lower MTBF • higher MTTR • higher costs • lost: full connectivity, leading to • less innovation? • frustration, inconvenience • sometimes less security (faith, backdoors)
how we lost it: inevitable trainwreck? • fundamental contradiction • networking is about connectivity • security is about isolation • conflicting roles: strained bedfellows • the networking guy • the security guy • the sys admin • oh yeah… and the user • insecurity = liability • liability trumps innovation • liability trumps operator concerns • liability trumps user concerns
how we lost it: firewall allure? • firewalls = “packet disrupting devices” • perimeter protection paradoxes • large-perimeter FWs benefit: • SysAd, SecOps, maybe user • at expense of NetOps • the best is the enemy of the good • microsoft rpc exploit has guaranteed that the firewall industry has a bright future
how we lost it: disconnects • failure of “computer security” • vendors gave customers what they wanted, not what they needed • responsibility/authority disconnects guarantee failure • failure of networkers to understand what others wanted • not a completely open Internet! • importance of “unlisted numbers”
consequences (1) • mindset: “computer security” failed, so “network security” must be the answer • extreme pressure to make network topology match organization boundaries • ”network of networks” evolution • 1982: minimum impedance between nets • 2003: maximum impedance between nets • Heisen/stein networking: • uncertain and relativistic connectivity
consequences (2) • more self-imposed denial-of-service • firewalls everywhere • uphill battle for p2p • more tunneled traffic over fewer ports • one FTE per border --with or without firewall • troubleshooting will be harder • NAT survives unless/until a better “unlisted number” mechanism takes hold • security/liability will continue to trump innovation/philosophy/ops costs
critical questions • should we build net topologies that match organizational boundaries? • will end-point security improve enough that perimeter defense will be secondary? • is it too late to try to offer users a choice of open or closed nets? • is the trend toward a single-port tunneled Internet good, bad, or indifferent? • is there any chance IPS or DEN will make it all better? • what’s the best way to implement an “unlisted number” semantic?
discussion! • how do we redefine the Internet, going forward? • I.e. how do we “reconnect”?