Problematic of a Safer and more Robust Internet

Similar documents
Before the. Committee on Energy and Commerce Subcommittee on Communications and Technology United States House of Representatives

FAQ (Frequently Asked Questions)

Fortinet Network Security NSE4 test questions and answers:

ProCurve Networking IPv6 The Next Generation of Networking

Draft WGIG issue paper on Network and Information Security

Introduction to The Internet. ISP/IXP Workshops

The Value of Content Distribution Networks Mike Axelrod, Google Google Public

Network measurement II. Sebastian Castro NZRS 27 th May 2015 Victoria University


The Network and The Cloud: Addressing Security And Performance. How Your Enterprise is Impacted Today and Tomorrow

IPv6 Tunneling Over IPV4

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Chapter 5. Data Communication And Internet Technology

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

Overview. Lecture 16: IP variations: IPv6, multicast, anycast. I think we have a problem. IPv6. IPv6 Key Features

Reduce Your Virus Exposure with Active Virus Protection

CPNI VIEWPOINT. SECURITY IMPLICATIONS OF IPv6. Disclaimer: MARCH 2011

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Application Defined E2E Security for Network Slices. Linda Dunbar Diego Lopez

Topics of Interest Iraklion, Greece June 2008

Internet Operations and the RIRs

Internet-Praktikum I Lab 3: DNS

Telecom Business Continuity Solutions FOR INTERNAL USE ONLY

Computer Network Foundation. Chun-Jen (James) Chung. Arizona State University

F5 Intelligent DNS Scale. Philippe Bogaerts Senior Field Systems Engineer mailto: Mob.:

SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION

DNS Best Practices. Mike Jager Network Startup Resource Center

Introduction to the DANE Protocol

Proxies. Chapter 4. Network & Security Gildas Avoine

The Importance of High Customer Experience

VPN Technologies: Definitions and Requirements

Solution for Virtualization to Ensure Optimal Network Security Environment

UMTS/GPRS system overview from an IP addressing perspective. David Kessens Jonne Soininen

Internet and Services

Chapter 6. By Frankie, K. F. Yip MSN: Facebook:

Current Counter-measures and Responses by the Domain Name System Community

No need to operate a DHCP server. If a server s IP address changes, clients will lose the ability to access it!

Top-Down Network Design

Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.

NETWORK TO NETWORK INTERFACE PLAN

VPN. Date: 4/15/2004 By: Heena Patel

IPv6 Advantages. Yanick Pouffary.

Step-by-Step Configuration

Jarkko Kuisma

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division

Public-Root Name Server Operational Requirements

Internet Bodies.

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

November Defining the Value of MPLS VPNs

Why Managed DNS Services

MPLS VPN Security Best Practice Guidelines

Anonymous CPS 182s 9/20/2003. ISP-3: The Rise of the Internet Service Providers

ITL BULLETIN FOR JANUARY 2011

G-Lab: A Future Generation Internet Research Platform

DDoS attacks on electronic payment systems. Sean Rijs and Joris Claassen Supervisor: Stefan Dusée

Use Domain Name System and IP Version 6

A Mock RFI for a SD-WAN

F5 Silverline DDoS Protection Onboarding: Technical Note

Charter Text Network Design and Configuration

Enterprise Buyer Guide

AT&T. ip vpn portfolio. integrated. IP VPN solutions. for the enterprise. Communication Systems International Incorporated

FileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January

Introduction to The Internet

Bandwidth Management in MPLS Networks

Advantech WebAccess Device Driver Guide. BwSNMP Advantech WebAccess to SNMP Agent (Simple Network Management Protocol) Device Driver Guide

FAQs for Oracle iplanet Proxy Server 4.0

Securing DNS Infrastructure Using DNSSEC

21.4 Network Address Translation (NAT) NAT concept

< Introduction > This technical note explains how to connect New SVR Series to DSL Modem or DSL Router. Samsung Techwin Co., Ltd.

Integrating F5 Application Delivery Solutions with VMware View 4.5

Evolution and convergence of network infrastructure towards Future Network solutions IPv6

DNS Basics. DNS Basics

ICANN- INTERNET CORPORATION OF ASSIGNED NAMES & NUMBERS

RedRapid X WIRELESS MODEM ROUTER. Quick Installation Guide (DN-7060)

Securing end devices

Deploying DNSSEC: From End-Customer To Content

Next Generation Networks Convergence, evolution and roadmaps

Overview. Firewall Security. Perimeter Security Devices. Routers

IPv6 Addressing. Awareness Objective. IPv6 Address Format & Basic Rules. Understanding the IPv6 Address Components

Transparent LAN Services Offer Visible Benefits

Network Address Translation (NAT)

1.264 Lecture 37. Telecom: Enterprise networks, VPN

VoIP network planning guide

Chapter 2 Introduction

AL RAFEE ENTERPRISES Solutions & Expertise.

Security of IPv6 and DNSSEC for penetration testers

Non-intrusive, complete network protocol decoding with plain mnemonics in English

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Small Business Server Part 2

Next Steps In Accelerating DNSSEC Deployment

DNSSEC - Why Network Operators Should Care And How To Accelerate Deployment

DNS traffic analysis -- Issues of IPv6 and CDN --

A Domain Name for your PC

Chapter 9. IP Secure

Campus Network Best Practices: Core and Edge Networks

BREAKING HTTPS WITH BGP HIJACKING. Artyom Gavrichenkov R&D Team Lead, Qrator Labs

Transforming the Internet: from IPv4 to IPv6

Application-layer protocols

Network Infrastructure Under Siege

Transcription:

Problematic of a Safer and more Robust Internet

What is the Internet?(1) A Network of Networks which share a common set of protocols A place where many live, work and play. A critical resource for many business that depend on E-commerce A network always under pressures - More users, devices connected and traffic

What is the Internet? (2) A network theoretically impossible to map - Or count its users - Or list vulnerable hosts (or fix them). - Or keep track of bad actors (or arrest them) The Internet has become a new ecosystem - Like biology: can be studied but not understood

Consequence The Internet must become and remain safer and more robust

How is it operated?

How is it operated? The core is built by non-experts ISP - Very little off the shelf technology or training - Vendor defaults completely inappropriate Thus: no admission control on customer traffic The edge is held by Host operators nonexpert technologists - The Internet is full of dangerous places/people - PC and DSL market allows universal access Thus: wide scale vulnerability and abuse

Example of past challenges(1) Internet HOST.txt file - Listed every internet-connected host of the day - Impossible to update,maintain and scale Solution: DNS Classeful Internet addressing - 100 ''A'',15000 ''B'',2000000 ''C'' networks - Impossible to create and maintain routing table - Foreseeable lack of IP address Solution: CIDR

Example of past challenges(2) DNS allow only 13 root servers - Consequence of early IPv4 design choices - Host population demands vastly better coverage - Vulnerability to DDOS Solution: Anycast billion hosts allowed in IPv4 - Not enough for each person - Not enough for each cell phone Solution: IPv6

Example of past challenges(3) The Internet doubled in size every 16 months from 1990 to 1999 - More users, devices, applications Solution:Faster links ( from 56K to up to 2.5G ).com explodes - Impossible to obtain short name - More domain names business Solution: new gtlds

Necessary Next steps(1) Make Infrastructure stronger, more robust Increase Interconnexion between ISPs - Stop depending on few/large intermediaries - Every metro needs its own IP exchange Increase technology training - Students in school - Vendor engineers - ISP operators and home users

Necessary Next steps(2) Add security to the core Internet protocols - Layers 3 and 4 - Routing http://www.ietf.org/internet-drafts/draft-ietf-rpsec- routing-threats-06.txt - DNS : was never secure, but must be http://www.ietf.org/internet-drafts/draft-ietf-dnsext-dns-threats-07.txt Make mirror copies of important servers - root and TLDs

Necessary Next steps(3) Secure the edge - Filter customer's traffic (RFC 2827) - Better software engineering - Wider used of updated software - Control access to devices (routers) - Use of security protocols and tools (patches, strong authentication, antivirus, S/MIME,PGP, SSL/TLS,SSH,IPsec, firewall..)

Can this be achieved? (1) Changes to the Core is complex - Required the coordinated actions of many providers and users - Takes long time for the IETF community to obtain consensus and tune protocols - DNSSEC design started in 11/1993 - Many things done - Many things to be done

Can these be achieved?(2) - Root key distribution and authentication - Signing root zone - Policies for crossing both non signed and signed zones etc.. - Performance and scalability test An idea can work well in laboratory and testing, but fail in public broadband Must follow the robustness principle - Be conservative in what you do, be liberal in what you accept from others

Can these be achieved?(3) Different level of development - Faster links in us, eu, jp etc... - Slow and long latency links in many developing areas More expensive routers needed Regulations restrictions etc...

Can these be achieved?(4) Innovation at the edge and end-to-end security - is recommended(rfc 1958 and 3439) - All designs must scale readily to very many nodes per site and to many millions of sites. - Principles that seemed inviolable a few years ago are deprecated today. - Principles that seem sacred today will be deprecated tomorrow.

Can these be achieved?(5) All of this will cost more money -Increase size and training level at ISPs -Increase training available to home users -Increase interconnectivity between ISPs Internet usage fees will probably increase New challenges will probably show up - Normal life cycle of things

Some good news Many Network Operators groups (NOG) - Provide forum for the exchange of information among ISPs about problems and solutions Many Emergency Response Teams - Disseminate infos about vulnerabilities Fast Fibers link reaches some other parts of the world Many governments is getting involved in Internet's development and governance

Other tracks of reflexion When can it be achieved? - by 2009? 2014? Is the current management and engineering systems of the Internet (ICANN/IANA, IETF...) efficient? - Many complaints about ICANN/IANA procedures - Many complaints about IETF s mechanisms - Problems identified in www.ietf.org/rfc/rfc3774.txt

Conclusions Biggest Internet engineering problem - Scaling lnternet Vulnerability is a problem for society - Safety is more important than money and fun All must be taken seriously - African's operators must assume their part of responsibility

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information