Internet and e-mail policy and practice
including Notes on Internet E-mail


2009
Months
Aug

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home


09 Aug 2009

Why can't we make the Internet secure?

In a discussion about a recent denial of service attack against Twitter, someone asked

Some class of suppliers must be making money off of the weaknesses. Anybody out there have a prescription for the cure?

Sure, but you're not going to like it.

The Internet was originally a walled garden, where its operators knew who all the users were and could eject anyone who misbehaved. It's not surprising that its design was robust against technical failures, but not against malicious behavior by people who had access to it, and it had essentially no security other than its physical perimeter. Fortunately or unfortunately, the design was robust enough to scale up many orders of magnitude to the Internet of today without any fundamental changes to the design or security (non-)model.

Similarly, the most popular operating system on the net, Microsoft Windows, was originally designed for standalone computers and then disconnected office LANs, again with wide open access within the LAN, and the security model mostly being a physical perimiter, with utterly predictable results when it was attached to the public Internet.

Popular web applications such as blog hosting and content management systems are riddled with exploitable security holes because people select them for being cheap and full of glitzy features, not because they're secure or reliable.

It's no surprise that retrofitting security to an existing design is really hard, both because of design issues, and because users hate anything that makes their systems harder to use. Even the stuff that doesn't directly annoy users is expensive, and the key to understanding the Internet's economic model is to realize that everyone foists off costs on other parties as much as they can.

Hence we have millions of virus and worm ridden PCs, with nobody from the users who own them to the vendors that sold the insecure software to the ISPs (Internet Service Providers) through which the worms propagate taking responsibility for fixing the damage they enable. We have untracable DoS attacks, with hosts forging their source IP addresses with impunity, because it's too expensive for networks to do proper ingress filtering.

Irresponsible ISPs and networks, not all of them, but we know who they are, continue to get connections from Network Service Providers (wholesale networks) that don't want to know what their customers are doing. McColo festered for years until the Washington Post named and shamed its providers, who then turned them off overnight.

The basic answer to your question is that the people who run the net, all umpteen million of us, have collectively decided that it's cheaper to live with the damage that criminals cause than to deal with the problems that let them do it. Change that attitude, then we can talk.


posted at: 13:54 :: permanent link to this entry :: 1 comments
posted at: 13:54 ::
permanent link to this entry :: 1 comments

comments...        (Jump to the end to add your own comment)

Improper SMPT relay banning
I like and agree with your article. Thank you.

But you should have been more precise when you wrote "... because people selected them for being cheap etc": these people are the IT business commercials.

I was an active IT&T specialist during the 80s and 90s.

Some anti-spam utilities like "spamcop.net", "mxrate.com", etc. are banning SMTP IP numbers having been reported as a potential source of SPAM. On a technical and legal point of view, such utilities are also scam.

It would be better if all SMPT service providers seriously get together at the relevant ITU-T meetings (http://www.itu.int/ITU-T/) and modernise the antediluvian SMTP relay standards, taking into account the huge amount of installed relays. Even as early as the end of the 80s, some ITU-T delegates did not accept such modernisation, because IT manufacturers and the Internet Society wished to protect business interests based on mailing lists (increase of volume bringing $ was very important at that time). It was and still is legally wrong: if an internet email user does not want to receive any messages sent by machines through mailing lists, email service providers must be able to fully satisfy them without having to ban some other service providers through doubtful, "big-brother"-like assumptions. As a result of anti-spam utilities like spamcop, delivery will become even more unreliable and performances will decrease for all e-mail service providers: it is like banning a freeway to all drivers at a specific spot, when one driver has a bad behaviour!

Decades ago, message relays should have included some security dispositions to reject any message sent by a machine through automated processes and only allow transfer of messages sent by an authentically identified human user. Although these security mechanisms are simple and have been well documented, it is only recently that the IT business has reluctantly started to implement them, e.g DKIM.

In fact, in terms of Internet security, the IT business behaviour is very similar to the Wall Street bad guys who have an unique "business value" consideration: only the short term accounting value is important for them; any other value is irrelevant... The time ($) that has been wasted by all internet email users all over the world because of this technical/commercial nonsense is beyond comprehension. We have had enough and this must cease.

(by Gerard F. Dubosson 06 Oct 2009 12:06)


Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

 
Name:
Email: you@wherever (required, for confirmation)
Title: (optional)
Comments:
Show my Email address
Save my Name and Email for next time

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access
53 days ago

A keen grasp of the obvious
My high security debit card
360 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.