Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed


09 Aug 2009

Why can't we make the Internet secure?

In a discussion about a recent denial of service attack against Twitter, someone asked

Some class of suppliers must be making money off of the weaknesses. Anybody out there have a prescription for the cure?

Sure, but you're not going to like it.

The Internet was originally a walled garden, where its operators knew who all the users were and could eject anyone who misbehaved. It's not surprising that its design was robust against technical failures, but not against malicious behavior by people who had access to it, and it had essentially no security other than its physical perimeter. Fortunately or unfortunately, the design was robust enough to scale up many orders of magnitude to the Internet of today without any fundamental changes to the design or security (non-)model.

Similarly, the most popular operating system on the net, Microsoft Windows, was originally designed for standalone computers and then disconnected office LANs, again with wide open access within the LAN, and the security model mostly being a physical perimiter, with utterly predictable results when it was attached to the public Internet.

Popular web applications such as blog hosting and content management systems are riddled with exploitable security holes because people select them for being cheap and full of glitzy features, not because they're secure or reliable.

It's no surprise that retrofitting security to an existing design is really hard, both because of design issues, and because users hate anything that makes their systems harder to use. Even the stuff that doesn't directly annoy users is expensive, and the key to understanding the Internet's economic model is to realize that everyone foists off costs on other parties as much as they can.

Hence we have millions of virus and worm ridden PCs, with nobody from the users who own them to the vendors that sold the insecure software to the ISPs (Internet Service Providers) through which the worms propagate taking responsibility for fixing the damage they enable. We have untracable DoS attacks, with hosts forging their source IP addresses with impunity, because it's too expensive for networks to do proper ingress filtering.

Irresponsible ISPs and networks, not all of them, but we know who they are, continue to get connections from Network Service Providers (wholesale networks) that don't want to know what their customers are doing. McColo festered for years until the Washington Post named and shamed its providers, who then turned them off overnight.

The basic answer to your question is that the people who run the net, all umpteen million of us, have collectively decided that it's cheaper to live with the damage that criminals cause than to deal with the problems that let them do it. Change that attitude, then we can talk.

  posted at: 13:54 :: permanent link to this entry :: 1 comments
Stable link is


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

Experian gets a slap on the wrist
116 days ago

A keen grasp of the obvious
Italian Apple Cake
452 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

My Mastodon feed

© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.