<<< Date Index >>>     <<< Thread Index >>>

[IP] more on Fort N.O.C.'s




Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Wed, 21 Jan 2004 16:14:16 -0600
From: Bob Alberti <alberti@xxxxxxxxxxxx>
Subject: RE: [IP] Fort N.O.C.'s
To: dave@xxxxxxxxxx
X
Ah yes, "Security by obscurity,"

http://en.wikipedia.org/wiki/Security_through_obscurity

"Many people believe that 'security through obscurity' is flawed because...
secrets are hard to keep."

I'm glad the guys guarding the A Root Servers are up on the latest security
trends. Of course, you could hide the A Root Servers at the heart of the
Minotaur's maze, but they're still going to be "right over there" in
cyberspace, at 198.41.0.29

     :
 7  so1-3-0-2488M.ar1.DCA3.gblx.net (67.17.68.33)  52.274 ms
 8  InterNAP-Ken-Schmid-Ashburn-3.ge-2-3-0.ar1.DCA3.gblx.net (208.50.25.194)
50.903 ms
 9  border12.ge2-0-bbnet1.wdc.pnap.net (216.52.127.17)  50.888 ms
10  verisign-9.border12.wdc.pnap.net (216.52.118.78)  50.227 ms
11  65.205.32.154 (65.205.32.154)  51.598 ms
12  65.205.32.42 (65.205.32.42)  52.234 ms
13  198.41.0.29 (198.41.0.29)  70.563 ms

Reminds me of a local ISP, "Glasspath" (a casualty of the DotCom Crash),
which bragged that it was safer from hackers because it was situated inside
an old bank vault.

http://twincities.bizjournals.com/twincities/stories/2001/08/13/story7.html

Once you run that fiber through the wall of the vault, you're letting in a
lot of the world.

"'...If this site just vanished off the Internet, it would automatically
[switch] over to one or two other locations,' Silva said.  These are the
so-called 'warm back-ups' that VeriSign has on stand-by at all times.  The
Internet never sees them, Silva says, but they can be up and running within
15 minutes and in that time Internet users wouldn?t even notice a hiccup in
traffic."

And this process is tested... how?  when?  This testing is independently
audited... when?  by whom?  These audit results are compared against what
criteria?  These critera are set by what body?

Or are we playing fast and loose and depending on the word of a fellow who
could be laid off tomorrow at the whim of a "volunteer" corporation?

I'm sure that Sean Gorman would have something to say about the security
value of "security by obscurity"...

http://www.washingtonpost.com/ac2/wp-dyn/A23689-2003Jul7?language=printer

"Using mathematical formulas, he probes for critical links, trying to answer
the question: 'If I were Osama bin Laden, where would I want to attack?'

"For this, Gorman has become part of an expanding field of researchers whose
work is coming under scrutiny for national security reasons."

So while we can rest easy that the Verisign A Root Server is protected by
"obscurity", the Internet itself remains vulnerable to network-based attacks
and well-placed backhoes.  And the organization that's supposed to be
"managing" the Internet?  Too busy playing politics, consolidating power,
and forging Afghani ccTLD contracts...

http://www.theregister.co.uk/content/6/34883.html (previously cited here on
IP)

Bob Alberti, CISSP, President                            Sanction, Inc.
Phone: (612) 486-5000 ext 211                             PO Box 583453
http://www.sanction.net                             Mpls, MN 55458-3453

"I'd like to be secure, but how can security help day-to-day business?"

-----Original Message-----
From: owner-ip@xxxxxxxxxxxxxx [mailto:owner-ip@xxxxxxxxxxxxxx]On Behalf
Of Dave Farber
Sent: Wednesday, January 21, 2004 3:31 PM
To: ip@xxxxxxxxxxxxxx
Subject: [IP] Fort N.O.C.'s


http://www.msnbc.msn.com/Default.aspx?id=4009568&p1=01%7C%7C%7C%7C004

Fort N.O.C.'s
The heart of Internet security lies in obscurity
Technicians monitor Internet traffic in a Verisign network operating
center. A new center has recently gone operational and will replace the one
seen here.
By Brock N. Meeks
Reporter
MSNBC
Updated: 8:52 p.m. ET Jan. 20, 2004

ANYTOWN, Va. - The ?heart? of the Internet, the so-called ?A? root that is
the Internet?s master addressing computer, resides here on the third floor
of a nondescript four story building, housed in massive flat-black aluminum
cage that looks like it could double as a gym locker for a mountain troll.
All this sits in a nondescript town at the end of a nondescript ribbon of
highway that?s just a Little League outfielder?s throw from suburbia. And
that?s just the way VeriSign Inc., the company responsible for
administering the ?A? root, wants it.  For that matter, that?s just how the
Department of the Homeland Security, which has designated the root servers
as critical homeland security infrastructure, likes it, too.

The unassuming building that houses the ?A? root sits in a cluster of three
others; the architecture looks as if it were lifted directly from a free
clip art library.  No signs or markers give a hint that the Internet?s most
precious computer is inside humming happily away in a hermetically sealed
room.  This building complex could be any of a 100,000 mini office parks
littering middle class America.

?Once terrorism became the buzzword and the Internet became the lynchpin of
global commerce people started to get serious about their paranoia,? that
the Net could very well be a target.

­ Christopher Ambler
President, Ambler Internet Consulting
?That?s called ?security through obscurity,?? says Christopher Ambler, a
long time Internet veteran and principle of Ambler Internet
Consulting.  ?And that?s the first line of defense and that has
traditionally been the main line of defense for root servers,? Ambler says,
referring to the collection of thirteen computers located around the world
that act as the main arteries for all the Internet?s addressing traffic.

But Ambler nearly chokes on the word ?defense? noting that ?up until two
years ago nobody gave a rat?s ass for security of the root servers because
if the Internet went down it would have been an annoyance to some
researchers and nerds.?

Today it?s a different story as the world?s economy cruises the Internet?s
fast lane.  ?Once terrorism became the buzzword and the Internet became the
lynchpin of global commerce people started to get serious about their
paranoia,? that the Net could very well be a target, Ambler said.

Volunteer duty
In addition to the ?A? root, which maintains the central address book for
the Net and in turn sends updates to the other 12 root servers, VeriSign
also administers another root server in the Washington, D.C. area but in a
different facility that is miles and miles away from where the ?A? root
sits.

Each of the <http://www.root-servers.org/>root servers is operated on a
volunteer basis; they are scattered around the world with the U.S.
operating the majority of them.  These root operators are a collection of
academic, non-profit, scientific and governmental
institutions.  Historically the root operators have formed a loose
collation that coordinates and cooperates out of sense of duty, not
regulation or contract.

VeriSign is a publicly held company that inherited operation of the ?A?
root via an acquisition.  In addition, the company runs both the .COM and
.NET databases, making it one of the most powerful and influential forces
in the Internet.  As such, VeriSign?s actions often end up being only
slightly less controversial than the sport of dwarf tossing.  The most
recent dust-up being VeriSign?s ?site finder? product that redirected a
mistyped or non-existing Web address to a VeriSign-owned search page
instead of simply returning a ?site not found? message.  VeriSign was
accused of hijacking such traffic and using it to potentially profit
from.  The company has temporarily shut down the site while it ?reviews?
its options.

While controversy is a by-product of being the biggest player in the game
there also are advantages.  The biggest is in the amount of money available
to throw into security and VeriSign isn?t shy about touting the $150
million it has invested in various security measures.

But that figure isn?t just what VeriSign spends on securing the root
servers -- that money also buys protection for a host of services VeriSign
provides.  The root servers are unwitting benefactors of a company carrying
out its fiduciary responsibility to to protect its entire business line.

?From our perspective, I think that clearly we are the leader in that
particular area, that we provide more back-ups than anyone else does,? says
Ken Silva, vice president of Network Security for VeriSign.  ?The advantage
of us running the root servers that we run is that we do invest in this
infrastructure,? said Silva, a 20 year veteran of the nation?s top spy
agency, the National Security Agency.  He believes that none of the other
root server operators can match VeriSign?s investment.

Inner chamber
While security outside the VeriSign building is non-existent, inside is
another story.  An electronic badge is required to get into the reception
area.  Visitors are ?tagged and bagged? and made to sign de facto
non-disclosure agreements before being lead to an elevator.

Another badge is needed to access floors three and four.  Off the elevator
and again badges are needed to access any of a dozen doors.

Access to the Network Operations Center, the ?NORAD? of the Internet?s
traffic monitoring, requires the electronic badge and then a double
biometric hand print scan.

Silva offers up his badge and then scans his hand.  The door clicks open
and he herds his small group into a much smaller hallway, briskly steps to
another door, swipes his badge and reaches to place his hand on the second
biometric scanner.

Abruptly he pulls his hand away, like a small child sensing the heat
radiating from a stove burner.  ?Can you pull that door closed?  I didn?t
hear it click,? he asks of the person standing nearest to the first door.

?Click.?

Silva offers up his second hand scan and the door to the NOC opens.  Inside
there is plush carpeting and the hushed atmosphere of a library.  The NOC
is ringed in tasteful subdued lighting more suited to seduction than
network protection.

In front there are 13 huge flat panel monitors.  One of the screens shows
Internet data loads on the root servers all over the world.  It?s the same
screen that the Department of Homeland Security has real-time access to.

Along the sides of the room CNN and CNN Headline News are playing; the
techs monitor the world news in case of natural disaster.  When asked why
only one of the 24-hour cable news networks is being monitored Silva says a
bit sheepishly, ?Oh yeah, we should have switched that [to MSNBC] I
 suppose.?

It is in this place, on these monitors, Silva says, that VeriSign?s
technicians would be among the first to see any tell-tale sign that the Net
was melting down.  ?But frankly, there?s little chance of that happening,?
he says.  On a scale of one-to-ten, ten being highest for the potential of
the Internet totally crashing, ?I?d give it a three,? Silva says.  ?The
Internet is more resilient that people give it credit for,? he says.

?Should the ?A? root fail for any reason... somehow if this site just
vanished off the Internet, it would automatically [switch] over to one or
two other locations.?

­ Ken Silva
VeriSign VP of Network Security

Even if someone managed to simultaneously take out all 13 root servers in
some kind of coordinated attack there are back-ups in place to shoulder the
load.

?Should the ?A? root fail for any reason, sudden network drop or a backhoe
out there [cutting a line], somehow if this site just vanished off the
Internet, it would automatically [switch] over to one or two other
locations,? Silva said.  These are the so-called ?warm back-ups? that
VeriSign has on stand-by at all times.  The Internet never sees them, Silva
says, but they can be up and running within 15 minutes and in that time
Internet users wouldn?t even notice a hiccup in traffic, Silva says, owing
to the fact that the majority of a user?s web experience is ?cached? on a
local Internet Service Provider.

Contracted responsibility
The other root server operators aren?t investing at VeriSign levels in
security measures, but they are cutting deals that, in essence, allow a
root server to clone itself on computers owned by other willing
organizations.  This type of redundancy provides powerful disaster
preparedness.

But there is no requirement or regulation placed on these root server
operators compelling them to practice good Internet security.

The Internet Corporation for Assigned Names and Numbers (ICANN), a
non-profit body contracted to the U.S. government to help administer the
Internet and oversee the doling out of domain names, drafted a Memorandum
of Understanding (MoU) that sets out recommended minimum security standards
for all root operators.  But nothing in the ICANN document carries the
force of law.

That begs the question of whether the root operators should be under
contract to ICANN to run the roots.

The root server operators ?have no contract with anyone, no guarantee of
level of service, they could turn [the root servers] off tomorrow with no
consequences at all because they are doing it out of the kindness of their
heart,? said Internet consultant Ambler.  ?ICANN needs contracts with the
root server operators that specify minimum levels of service and minimum
levels of security and the root servers need to be paid for that,? he said.

Internet pioneer Dave Farber said he would like to see the root server
operators ?held accountable? for creating a secure environment.  However,
Farber said he?s not in favor of mandating how that should be accomplished
because ?that?s going to give you diversity, otherwise it?s the old
Microsoft Windows game: if everyone is using the same software and someone
finds a hole then everyone is vulnerable at that point.  Variety is the
spice of life.?

But in a contract situation, where there are strict performance clauses and
requirements, legal liability issues will inevitably crop up, Farber said,
as would the issues of who do you sue and where do you sue.  ?I think it?s
a bag of worms,? he said.
  © 2004 MSNBC Interactive

-------------------------------------
You are subscribed as alberti@xxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/