Managing Network Security
The End of the Internet as we Know it
by Fred Cohen

Series Introduction

Networks dominate today's computing landscape and commercial technical protection is lagging behind attack technology. As a result, protection program success depends more on prudent management decisions than on the selection of technical safeguards. Managing Network Security takes a management view of protection and seeks to reconcile the need for security with the limitations of technology.


The Early 1900s

In early 1900s, the United States made a transformation from the wild west to a 'civilization'. It was not the first time a wild country had been 'civilized' and it would and will not be the last. This change was marked by the industrialization of the society. Among other things, this included a movement from small businesses toward a small number of dominant large businesses in any one field of endeavor. While small businesses continued to exist, the end of the frontier marked the shift of power from individuals to organizations.

For some time the lawlessness continued, and it took a long time to eliminate many of the pockets of resistance, but eventually, the United States became a relatively civilized place. As these changes took hold and continue to take hold, many things were and are still lost. People no longer carry sidearms at all times in most places in the U.S. Small businesses are heavily intertwined and not very self sufficient. There are more restrictions, people who break laws that would have never been allowed to stand 100 years ago end up in prison, and even political correctness becomes vital to survival.

This shift from lawlessness to civilization is reflected in the changes we are seeing in the Internet, and for those of us who know the sweet taste of freedom from the early days of the Internet, many of the recent changes taking place reflect, not the civilization of the Internet society, but rather the part of the industrial age when the robber barons were in control of the country.


The Robber Barons of the Internet

Everybody who experienced the changes in the Internet 1980s and 1990s knows that Bill Gates and Microsoft were the robber barons of their age. They stole from everyone and gave to themselves to form an empire by leveraging their monopoly status to force their will on the rest of us. But the Internet changed this, largely because the robber barons of that era could not get their arms around the new frontier as quickly as it was expanding.

Once the Internet went consumer, this all changed. The powers that were took up their positions, marking territories and trying to gain monopoly status by constraining their opposition. The AOLs of the world took the consumer's desktop by using loss leaders to gain market share. When the bubble grew, to their credit, the AOL leadership took the opportunity to diversify and became a real power house across a much broader spectrum.

The cable companies moved into the Internet space because DSL couldn't do what they could do for the customers. And as soon as they had enough power to take advantage, they did just that. As DSL companies started to fail, cable companies raised rates, started restricting services, and just recently, demonstrated their immense power by taking 4.1 million people off line at the peak of the holiday buying season in a failing economy in order to gain a few scores of millions of dollars in leverage. The consumers were their leverage, they knew how much they could be squeezed, and they squeezed all they could get. And along the way, they also changed the rules of the road.


Why is the IP Space like the Radio Spectrum?

The IP space, like the radio spectrum, is a limited resource. There are only so many total IP addresses available, and who owns the critical resource has power. Owning a small number of IP addresses will not help you survive for long, because only those who are large enough to afford large chunks of the IP space are allowed to buy into the space at the top level. Those that have their piece of the pie will hold into it with a vengeance, and eventually, based on increased demand, they will charge for the supply whatever the market will bear.

The impact of this on the average person is not immediately obvious, but it will be when you come to understand that you need a stable IP address in order to have an Internet server. The nature of the design of the Internet is such that IP addresses are the key to server survival, and the space is rather finite. The major owners know this and thus they are doing everything they can to eliminate the ability of those who haven't paid them large sums of money to have a place in the IP space. The reason is that without a place in the space, you cannot have your store front, your email address, or any of the things that make you a supplier. As the large dollar interests squeeze out the small suppliers, they gain the ability to control the market. If this sounds like the big chain stores moving into the local strip malls, you understand the issue.

The notion that Internet Protocol Version 6 (a.k.a. IPv6) will expand the IP address space is an interesting one, but I don't think it has a chance of surviving. While IPv6 could work from a technical standpoint, it would put control over the IP space out of reach of the majors for some time. Yes, they would find a way to do it eventually, but why should they? IPv4 is, like the width of railroad tracks, likely to be with us for a very long time. For those who don't know the story, I'll summarize it briefly. The width of modern US and European railroad tracks is a direct result of the width of the average Roman horses ass.


CyberCrime and CyberTerrorism Plays into the Robber Barons' Hands

Many of the so-called hackers of the Internet think that they are successfully protesting against the robber barons when they deface sites or carry out Internet sit-ins - so-called hactivism. It is unfortunate that they are wrong, and indeed they often destroy the very cause they claim to be supporting.

If there wasn't Internet crime, they would have created it. Indeed some of them did. Crime is a great convenience for those who wish to grab for more power. They can take the moral high ground by claiming it's all for the benefit of us all, as they dismantle what we thought were our rights. The vast majority of the public can't tell the difference, the media is largely owned by these robber barons, and those that are not have too little voice and too little understanding to prevent the rest of society being rolled over. Of course the criminals are unknowing conspirators, and they are helping the robber barons out a lot these days.

What crime won't do, war will. Ask the citizens of the United States in a few years when another Presidential candidate gets caught using the newly super-empowered intelligence agencies to win the Presidency. Or will the people be sufficiently cowed by that point not to even care? Yes, the current 'War Against Terrorism" is one of the greatest excuses for grabbing for power in a long time, and it is being used to its fullest. The mythical cyber terrorist is the symbol of the day - used to push away the last remains of the freedom we once knew in the Internet space.


How Does it Happen?

It's happening today. ISPs now restrict outbound use of TCP port 25 - the email port - so that email has to pass through their email server and use their email addresses. If you want your own domain name, you have to pay them for the email addresses, the web server, and the bandwidth. Use another provider, and you will find your packets slowed down at the interface. If it is strange to you that from the same starting point I can get faster connections by logging into a remote server and going from there to my ultimate destination rather than going directly from my starting point to the remote destination, you will understand the issue.

In order to gain financial advantage and leverage over customers, ISPs are tying performance to where you go. In some cases, you can't get there from here. It's done in the name of spam prevention or countering Internet pornography, but in the end, it means that you cannot access large parts of the Internet from some places so that they can control what you see and who you buy from. Ask a question about it and you will hear the most ridiculous and widest variety of foolishness for explanations that you can imagine.

Law enforcement monitors emails, encryption is made harder and legal blockades are attempted to prevent its use. Intelligence agencies force providers into allowing monitoring of email. ISPs control the flow of email and of web access so that you can only go through the corporate and government observation posts. Web sites are removed because they have content the government wants to suppress. Free speech in the Internet is quashed. Yes - it's happening right here and right now. We are becoming "civilized". How long till we rebel? It depends on how well they have measured how far they can push us so that we bend and do not break.


Conclusions

As Benjamin Franklin once said "The man who trades freedom for security does not deserve nor will he ever receive either." Thankfully my editor corrected my previous misquote of this famous saying before going to press.

Yes, in the end, I think it is better to live in the society I live in today than in the one of the late 1800s, but not because my freedoms are more restricted. Indeed, I have more freedom despite more restrictions. The increased freedom comes from the advances in technologies, but don't confuse them... I could have these technologies and a LOT more freedom as well.

Coming soon to an Internet site near you - ways to avoid the restrictions your ISP has placed on you...


About The Author:

Fred Cohen is researching information protection as a Principal Member of Technical Staff at Sandia National Laboratories, helping clients meet their information protection needs as the Managing Director of Fred Cohen and Associates, and educating cyber defenders over-the-Internet as a practitioner in residence in the University of New Haven's Forensic Sciences Program. He can be reached by sending email to fred at all.net or visiting http://all.net/