The new state of the network: how security issues are reshaping our world

1
The new state of the network how security issues
are reshaping our world

• Terry Gray
• UW Computing Communications
• Quarterly Computing Support Meeting
• 28 October 2003

2
security in the post-Internet erathe needs of
the manyvs. the needs of the few
3
2003 security annus horribilis

• Slammer
• Blaster
• Sobig.F
• increasing spyware threat
• attackers discover encryption
• hints of more advanced attacks
• and lets not even talk about spam

4
2003 security-related trends

• more critical application roll-outs
• more mobile devices
• growing wireless use
• VoIP over 802.11 pilots
• faster networks
• new network designs (e.g. lambda)
• class action lawsuits
• RIAA subpoenas
• SEC filings on security?

5
Security Trouble Ticket Trend
6
impact

• end of an era say farewell to
• the open Internet
• autonomous unmanaged PCs
• full digital convergence?
• say hello to
• one-size-fits-all (OSFA) solutions
• conflict... everyone wants security and
• max availability, speed, autonomy, flexibility
• min hassle, cost
• the needs of the many trump the needs of the few
  (but at what cost?)

7
consequences

• more closed nets (bug or feature?)
• more VPNs (bug or feature?)
• more tunneling -firewall friendly apps
• more encryption (thanks to RIAA)
• more collateral harm -attack remedy
• worse MTTR (complexity, broken tools)
• constrained innovation (e.g. p2p voip)
• cost shifted from guilty to innocent
• pressure to fix problem at border
• pressure for private nets

8
consequences (2)

• mindset computer security failed, so network
  security must be the answer
• pressure to make network topology match
  organization boundaries
• network of networks evolution
• 1982 minimum impedance between nets
• 2003 maximum impedance between nets
• loss of Network Utility Model
• Heisen/stein networking...
• uncertain and relativistic connectivity

9
metamorphosis Internet paradigm

• 1969 one network
• 1983 network of networks
• 199x balkanization begins
• 2003 heat death begins
• 2004 paradigm lost?

10
how we lost it inevitable trainwreck?

• fundamental contradiction
• networking is about connectivity
• security is about isolation
• vendors sell what users want, not need
• conflicting roles
• the networking guy
• the security guy
• the sys admin
• oh yeah and the user
• insecurity liability
• liability trumps innovation
• liability trumps operator concerns
• liability trumps user concerns

11
observations

• system administrator view
• some prefer local control/responsibility
• some prefer central/big-perimeter defense
• some underestimate cost impact on others
• user view
• want unlisted numbers
• want enough openness to run apps
• network operator view
• frustration over loss of diagnosability
• despair over loss of utility vision
• dismay over increasing mgt cost, complexity

12
observations (2)

• feedback loop
• closed nets encourage constrained apps
• constrained apps encourage closed nets
• tunneling, encryption trends undermine perimeter
  defense effectiveness
• isolation strategies are limited by how many
  devices you want on your desk.
• roads not taken
• What if windows XP had shipped with its integral
  firewall turned on?
• What if UW had mandated and funded positive
  desktop control?

13
grays defense-in-depth conjecture

• given N layers of topological device defense
• MTTE (exploit) k N2
• MTTI (innovation) k N2
• MTTR (repair) k N2
• NB there is also vertical D-I-D for
  info/session protection, e.g. IPSEC SSL but
  those equations would look different.

14
never say die

• goal simple core, local policy choice
• how to avoid OSFA closed-net future?
• design net for local open or closed choice
• pervasive IPSEC
• asymmetric connectivity (unlisted numbers)
• combine with tools for rapid response
• wont reverse trend toward closed nets,
• but may avoid undesirable cost shifts
• alternative only closed nets, policy wars

15
questions? comments?