[IP] Fort N.O.C.'s

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Fort N.O.C.'s
From: Dave Farber <dave@xxxxxxxxxx>
Date: Thu, 22 Jan 2004 06:30:41 +0900
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx

http://www.msnbc.msn.com/Default.aspx?id=4009568&p1=01%7C%7C%7C%7C004

Fort N.O.C.'s
The heart of Internet security lies in obscurity

Technicians monitor Internet traffic in a Verisign network operatingcenter. A new center has recently gone operational and will replace the oneseen here.

By Brock N. Meeks
Reporter
MSNBC
Updated: 8:52 p.m. ET Jan. 20, 2004

ANYTOWN, Va. - The ?heart? of the Internet, the so-called ?A? root that isthe Internet?s master addressing computer, resides here on the third floorof a nondescript four story building, housed in massive flat-black aluminumcage that looks like it could double as a gym locker for a mountain troll.All this sits in a nondescript town at the end of a nondescript ribbon ofhighway that?s just a Little League outfielder?s throw from suburbia. Andthat?s just the way VeriSign Inc., the company responsible foradministering the ?A? root, wants it. For that matter, that?s just how theDepartment of the Homeland Security, which has designated the root serversas critical homeland security infrastructure, likes it, too.

The unassuming building that houses the ?A? root sits in a cluster of threeothers; the architecture looks as if it were lifted directly from a freeclip art library. No signs or markers give a hint that the Internet?s mostprecious computer is inside humming happily away in a hermetically sealedroom. This building complex could be any of a 100,000 mini office parkslittering middle class America.

?Once terrorism became the buzzword and the Internet became the lynchpin ofglobal commerce people started to get serious about their paranoia,? thatthe Net could very well be a target.


 Christopher Ambler
President, Ambler Internet Consulting

?That?s called ?security through obscurity,?? says Christopher Ambler, along time Internet veteran and principle of Ambler InternetConsulting. ?And that?s the first line of defense and that hastraditionally been the main line of defense for root servers,? Ambler says,referring to the collection of thirteen computers located around the worldthat act as the main arteries for all the Internet?s addressing traffic.

But Ambler nearly chokes on the word ?defense? noting that ?up until twoyears ago nobody gave a rat?s ass for security of the root servers becauseif the Internet went down it would have been an annoyance to someresearchers and nerds.?

Today it?s a different story as the world?s economy cruises the Internet?sfast lane. ?Once terrorism became the buzzword and the Internet became thelynchpin of global commerce people started to get serious about theirparanoia,? that the Net could very well be a target, Ambler said.


Volunteer duty

In addition to the ?A? root, which maintains the central address book forthe Net and in turn sends updates to the other 12 root servers, VeriSignalso administers another root server in the Washington, D.C. area but in adifferent facility that is miles and miles away from where the ?A? root sits.

Each of the <http://www.root-servers.org/>root servers is operated on avolunteer basis; they are scattered around the world with the U.S.operating the majority of them. These root operators are a collection ofacademic, non-profit, scientific and governmentalinstitutions. Historically the root operators have formed a loosecollation that coordinates and cooperates out of sense of duty, notregulation or contract.

VeriSign is a publicly held company that inherited operation of the ?A?root via an acquisition. In addition, the company runs both the .COM and.NET databases, making it one of the most powerful and influential forcesin the Internet. As such, VeriSign?s actions often end up being onlyslightly less controversial than the sport of dwarf tossing. The mostrecent dust-up being VeriSign?s ?site finder? product that redirected amistyped or non-existing Web address to a VeriSign-owned search pageinstead of simply returning a ?site not found? message. VeriSign wasaccused of hijacking such traffic and using it to potentially profitfrom. The company has temporarily shut down the site while it ?reviews?its options.

While controversy is a by-product of being the biggest player in the gamethere also are advantages. The biggest is in the amount of money availableto throw into security and VeriSign isn?t shy about touting the $150million it has invested in various security measures.

But that figure isn?t just what VeriSign spends on securing the rootservers -- that money also buys protection for a host of services VeriSignprovides. The root servers are unwitting benefactors of a company carryingout its fiduciary responsibility to to protect its entire business line.

?From our perspective, I think that clearly we are the leader in thatparticular area, that we provide more back-ups than anyone else does,? saysKen Silva, vice president of Network Security for VeriSign. ?The advantageof us running the root servers that we run is that we do invest in thisinfrastructure,? said Silva, a 20 year veteran of the nation?s top spyagency, the National Security Agency. He believes that none of the otherroot server operators can match VeriSign?s investment.


Inner chamber

While security outside the VeriSign building is non-existent, inside isanother story. An electronic badge is required to get into the receptionarea. Visitors are ?tagged and bagged? and made to sign de factonon-disclosure agreements before being lead to an elevator.

Another badge is needed to access floors three and four. Off the elevatorand again badges are needed to access any of a dozen doors.

Access to the Network Operations Center, the ?NORAD? of the Internet?straffic monitoring, requires the electronic badge and then a doublebiometric hand print scan.

Silva offers up his badge and then scans his hand. The door clicks openand he herds his small group into a much smaller hallway, briskly steps toanother door, swipes his badge and reaches to place his hand on the secondbiometric scanner.

Abruptly he pulls his hand away, like a small child sensing the heatradiating from a stove burner. ?Can you pull that door closed? I didn?thear it click,? he asks of the person standing nearest to the first door.


?Click.?

Silva offers up his second hand scan and the door to the NOC opens. Insidethere is plush carpeting and the hushed atmosphere of a library. The NOCis ringed in tasteful subdued lighting more suited to seduction thannetwork protection.

In front there are 13 huge flat panel monitors. One of the screens showsInternet data loads on the root servers all over the world. It?s the samescreen that the Department of Homeland Security has real-time access to.

Along the sides of the room CNN and CNN Headline News are playing; thetechs monitor the world news in case of natural disaster. When asked whyonly one of the 24-hour cable news networks is being monitored Silva says abit sheepishly, ?Oh yeah, we should have switched that [to MSNBC] I suppose.?

It is in this place, on these monitors, Silva says, that VeriSign?stechnicians would be among the first to see any tell-tale sign that the Netwas melting down. ?But frankly, there?s little chance of that happening,?he says. On a scale of one-to-ten, ten being highest for the potential ofthe Internet totally crashing, ?I?d give it a three,? Silva says. ?TheInternet is more resilient that people give it credit for,? he says.

?Should the ?A? root fail for any reason... somehow if this site justvanished off the Internet, it would automatically [switch] over to one ortwo other locations.?


 Ken Silva
VeriSign VP of Network Security

Even if someone managed to simultaneously take out all 13 root servers insome kind of coordinated attack there are back-ups in place to shoulder theload.

?Should the ?A? root fail for any reason, sudden network drop or a backhoeout there [cutting a line], somehow if this site just vanished off theInternet, it would automatically [switch] over to one or two otherlocations,? Silva said. These are the so-called ?warm back-ups? thatVeriSign has on stand-by at all times. The Internet never sees them, Silvasays, but they can be up and running within 15 minutes and in that timeInternet users wouldn?t even notice a hiccup in traffic, Silva says, owingto the fact that the majority of a user?s web experience is ?cached? on alocal Internet Service Provider.


Contracted responsibility

The other root server operators aren?t investing at VeriSign levels insecurity measures, but they are cutting deals that, in essence, allow aroot server to clone itself on computers owned by other willingorganizations. This type of redundancy provides powerful disasterpreparedness.

But there is no requirement or regulation placed on these root serveroperators compelling them to practice good Internet security.

The Internet Corporation for Assigned Names and Numbers (ICANN), anon-profit body contracted to the U.S. government to help administer theInternet and oversee the doling out of domain names, drafted a Memorandumof Understanding (MoU) that sets out recommended minimum security standardsfor all root operators. But nothing in the ICANN document carries theforce of law.

That begs the question of whether the root operators should be undercontract to ICANN to run the roots.

The root server operators ?have no contract with anyone, no guarantee oflevel of service, they could turn [the root servers] off tomorrow with noconsequences at all because they are doing it out of the kindness of theirheart,? said Internet consultant Ambler. ?ICANN needs contracts with theroot server operators that specify minimum levels of service and minimumlevels of security and the root servers need to be paid for that,? he said.

Internet pioneer Dave Farber said he would like to see the root serveroperators ?held accountable? for creating a secure environment. However,Farber said he?s not in favor of mandating how that should be accomplishedbecause ?that?s going to give you diversity, otherwise it?s the oldMicrosoft Windows game: if everyone is using the same software and someonefinds a hole then everyone is vulnerable at that point. Variety is thespice of life.?

But in a contract situation, where there are strict performance clauses andrequirements, legal liability issues will inevitably crop up, Farber said,as would the issues of who do you sue and where do you sue. ?I think it?sa bag of worms,? he said.

 © 2004 MSNBC Interactive

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] grad students or indentured labor?
Next by Date: [IP] Report Says Internet Voting System Is Too Insecure to Use (fwd)
Previous by thread: [IP] grad students or indentured labor?
Next by thread: [IP] Report Says Internet Voting System Is Too Insecure to Use (fwd)
Index(es):
- Date
- Thread