“Security” In a Digital Interconnected World
Download as PPTX, PDF1 like873 views
This document discusses internet security and resilience. It argues that security is about managing acceptable risks rather than stopping all threats. An open, collaborative approach based on technical standards and cooperation across borders is needed. Voluntary initiatives like MANRS that define best practices for routing security and encourage networks to implement them can help address complex issues in a way that preserves internet values. Pervasive monitoring shifts rather than eliminates surveillance and technical solutions must balance security with privacy and innovation.
“Security” In a Digital Interconnected World
- 1. www.internetsociety.org “SECURITY” IN A DIGITAL INTERCONNECTED WORLD Central Asian Internet Symposium, Bishkek 10 December 2014
- 2. The Internet Society 9 August 201422 Image from Wikimedia Commons: The Opte Project
- 3. The Internet Society The Internet invariants 9 October 20143 Global connectivity and integrity – Global reach and consistent view from any point Permission-free innovation – Yet undiscovered functionality Accessibility – Anyone can contribute and become part of it Spirit of cooperation – Foundation for evolution and resiliency
- 4. The Internet Society The complexity of the security landscape 9 October 20144 Open platform – open for attack and intrusion Permission-free innovation – development and deployment of malware Global reach – attacks and cybercrime are cross-border Voluntary collaboration – hard to mandate
- 5. The Internet Society 5 Users Expectations: trust User trust in networks, devices, and transactions essential in driving social and commercial interaction Security, Stability, Confidentiality, Integrity, Resiliency and Scalability are tools to achieve trust
- 6. The Internet Society Why do we care about “security”? We want to be “secure” and feel “secure” … BUT … Policy measures that are premised on stopping bad things, rather than protecting what is valued, provide no guide as to how far those measures should go. AND … If we are not careful, the spectre of cyber threats can be used as a vehicle for control of networks and how they are used, plus pervasive monitoring 9 October 20146
- 7. The Internet Society Throw out preconceptions 9 October 20147
- 8. The Internet Society Understanding security Security is not an end in itself There is no such thing as absolute security: there will always be threats We need to think about “secure” in terms of residual risks that are considered acceptable in a specific context. Resilience is key There are “inward” and “outward” risks Risks may require more than one actor to manage Collective and shared risk management 9 October 20148
- 9. The Internet Society Resilience 9 October 20149
- 10. The Internet Society Inward and outward risks 9 October 201410
- 11. The Internet Society 9 October 2014
- 12. The Internet Society Ingredients for cybersecurity solutions 9 October 201412 International cooperation – Most of the issues are cross-border Preservation of Internet values – A fine balance Technical foundation – Solutions based on open standards Collaborative responsibility – Industry self-regulation
- 13. The Internet Society Things you can do as an operator Detect, close or protect open resolvers and other potential amplifiers Deploy best practices aimed at improving routing hygiene Deploy anti-spoofing measures, preventing traffic with spoofed source IP addresses Deploy DNSSEC (validation) to secure name resolution for your customers Detect and mitigate infected and compromised devices on your network Cooperate with other networks in detection,tracing back and mitigation of attacks 9 October 201413
- 14. The Internet Society What you can do as a government Foster a collective and shared risk management approach to security that: draws from voluntary collaboration preserves the fundamental characteristics of the Internet (“the Internet invariants”) furthers objectives that will benefit citizens (e.g. economic and social prosperity, participation in a global community) preserves fundamental rights Focus on “cyber-resilience” Build trust not distrust Use the experience of your diverse stakeholders to develop policy (“the multistakeholder approach”) Creatively use the range of tools in the policy toolbox 9 October 201414
- 15. The Internet Society 15 Example: Pervasive Monitoring
- 16. The Internet Society Pervasive Monitoring 9 October 201416
- 17. Statistics, Web Traffic • HTTPS increased 4% to 17% from 2008 to 2014, for all web traffic (Source: IIJ)
- 18. Pain Points and Hot Debates • There is no single reason behind the increasing use of encryption, but the change has a real impact on the world • Operator business models, technical solutions for various things, censorship will be harder (both good and bad kind), … • All this will cause friction • Motives of players are not fully aligned
- 19. Reality Check • “Everything is in the clear” approach is clearly unworkable • Encryption will reduce the number of parties that see traffic • But not eliminate them — content provider, browser vendor, CAs, proxy provider, corporate IT department, … • World still moves ahead on a voluntary basis on what technology is chosen and on what technology a particular party can adopt • Surveillance shifts, not eliminated • Useful technical things done in different ways, not eliminated • Some potential bad outcomes to avoid —- MITMs, regulation limiting security, fragmentation, device control, …
- 20. The Internet Society 20 Example: Routing Stability, and Resilience
- 21. The Internet Society Spotlight on a voluntary bottom-up initiative The MANRS (Mutually Agreed Norms for Routing Security) - https://www.routingmanifesto.org/manrs Defines a minimum package (“a set of commitments”) Raises awareness and encourages action through the growing numbers of supporters Demonstrates that industry is able to address complex issues, even where they may not directly benefit Clear and tangible message: “WE DO AT LEAST THIS AND EXPECT YOU TO DO THE SAME” 9 October 201421
- 22. The Internet Society The MANRS … in more detail Principles of addressing issues of routing resilience – Interdependence and reciprocity (including collaboration) – Commitment to Best Practices – Encouragement of customers and peers “The package” indicating the most important actions – BGP Filtering – Anti-spoofing – Coordination and collaboration High-level document specifying “what” – “How” is in external documents (e.g. BCPs) 9 October 201422
- 23. The Internet Society Principles 1) The organization (ISP/network operator) recognizes the interdependent nature of the global routing system and its own role in contributing to a secure and resilient Internet 2) The organization integrates best current practices related to routing security and resilience in its network management processes in line with the Actions 3) The organization is committed to preventing, detecting and mitigating routing incidents through collaboration and coordination with peers and other ISPs in line with the Actions 4) The organization encourages its customers and peers to adopt these Principles and Actions 9 October 201423
- 24. The Internet Society Good MANRS Prevent propagation of incorrect routing information Prevent traffic with spoofed source IP address Facilitate global operational communication and coordination between the network operators Facilitate validation of routing information on a global scale. 9 October 201424
- 25. The Internet Society Participating in MANRS 1. The company supports the Principles and implements at least one of the Expected Actions for the majority of its infrastructure. Implemented Actions are marked with a check-box. 2. The company becomes a Participant of MANRS, helping to maintain and improve the document, for example, by suggesting new Actions and maintaining an up-to-date list of references to BCOPs and other documents with more detailed implementation guidance. 3. This category is for network operators, or other entities acting in this role (e.g. a network equipment vendor, running its own network infrastructure) 12/18/201425
- 26. The Internet Society Status update 9 October 201426 Launched 6 November 2014 with 9 participants One month later: 14 participants. Seeking committed network operators. Contact us: [email protected] or https://www.routingmanifesto.org/c ontact/
- 27. www.internetsociety.org Contact: Olaf M. Kolkman <[email protected]> 10 December 2014
- 28. The Internet Society Acknowledgement • Network topology map from ‘The Opte Project’ • Jari Arkko for the slides on the use on encryption • Logos and Trademarks from the respective companies 28
Editor's Notes
- #3: The open and global nature of the Internet, built on fundamental principles of open standards, voluntary collaboration, reusable building blocks, integrity, permission-free innovation and global reach, has enabled remarkable social and economic innovation in ways that we could never have imagined. At the same time, using the Internet is not without risk. Malicious actors also see opportunities to gain benefit through fraud, to thwart the activities of others, inflict harm or other damage, and to generally cause mayhem. It is important to appreciate that while malicious actors will exploit any opportunity, the Internet’s key characteristics are neither the origin nor the cause of the malicious activity.
- #4: The Internet is global because any endpoint connected to it can address any other endpoint. The integrity of the Internet means that information received at one endpoint is as what was intended by the sender, wherever the receiver connects to the Internet
- #8: Traditional approaches to security were principally concerned with external and internal threats, and the impact they may have on one’s own assets [in other words, threat-based and self-interested]. There is, however, a growing recognition that a security paradigm for the Internet ecosystem should be premised on protecting opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm.
- #9: It’s the Economy… Challenge the idea that “security” has to be a trade-off between that which you want to do and having an acceptable level of security. Reasonably understood risks
- #10: Like a human body that may suffer from viruses, but gets stronger and more resilient as a result, new technologies, solutions and collaborative efforts make the Internet more resilient to malicious activity.
- #11: The Internet, with its high degree of interconnection and dependencies, brings another dimension to the management of risks. Security and resilience of the Internet depends not only on how well risks to you and your assets are managed, but also, importantly, on the management of risks that you (by your action or inaction) present to the Internet ecosystem – the “outward” risks. Additionally, some risks need to be managed by more than one actor. This is the notion of collective and shared risk management – a notion that is well aligned with the “public interest” nature of the Internet. This latter aspect of risk management is not necessarily self-evident, especially since there is often no obviously identifiable immediate harm to the actors or their assets and, therefore, no direct business case that can be immediately associated with such effort. And, it also is human nature to seek outcomes that further our individual “self-interest”. However, such a narrow approach is counter-productive and, in the long-term, harmful to everyone’s interests – not only will it impact the security of the ecosystem, but it will also diminish the overall pool of social and economic potential that the Internet offers.
- #15: In developing global solutions, we need to keep in mind all the governance arrangements that are available, not just treaties, and that there are cultural and other differences between countries.
- #17: In developing global solutions, we need to keep in mind all the governance arrangements that are available, not just treaties, and that there are cultural and other differences between countries.
- #25: Prevent propagation of incorrect routing information Network operator defines a clear routing policy and implements a system that ensures correctness of their own announcements and announcements from their customers to adjacent networks with prefix and AS-path granularity. Network operator is able to communicate to their adjacent networks which announcements are correct. Network operator applies due diligence when checking the correctness of their customer’s announcements, specifically that the customer legitimately holds the ASN and the address space it announces. Prevent traffic with spoofed source IP address Network operator implements a system that enables source address validation for at least single-homed stub customer networks, their own end-users and infrastructure. Network operator implements anti-spoofing filtering to prevent packets with an incorrect source IP address from entering and leaving the network. Facilitate global operational communication and coordination between the network operators Network operators should maintain globally accessible up-to-date contact information. Facilitate validation of routing information on a global scale. Network operator has publicly documented routing policy, ASNs and prefixes that are intended to be advertised to external parties.