Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Facebook The Internet

Should the Internet Be Secure By Default? (esecurityplanet.com) 154

darthcamaro writes: There are lots of tools and different secure protocols that could be used by internet service providers to embed security into the fabric of the internet, making the internet secure by default, but that's not something that Facebook's Chief Security Officer, Alex Stamos wants to happen. Instead of security by default, his view is that carriers should be neutral and let malicious traffic do whatever it wants.

"I believe strongly in the end-to-end principle, I think we should have neutral carriers in the middle and it should not be the responsibility of ISPs to secure the internet," Stamos said in a press conference at the Black Hat USA conference last week.

Slashdot reader Darth Technoid disagrees, calling a lack of security "the Original Sin of the Internet," and speculating that Vint Cerf and Bob Metcalfe "thought that future technology would resolve the issues." What do other Slashdot readers think?

Should the internet be secure by default?
This discussion has been archived. No new comments can be posted.

Should the Internet Be Secure By Default?

Comments Filter:
  • by MikeDataLink ( 536925 ) on Sunday August 06, 2017 @12:23PM (#54950807) Homepage Journal

    If they had built encryption in from the beginning it would have been obsoleted long ago. Would you still want to be running WEP? Then we'd all have to upgrade our routers every year to stay on the latest encryption that hasn't been compromised. Having endpoint to endpoint encryption is the right answer.

    And if that's not enough, we need an open and free internet and we need carriers to not be messing with any of my bits and bytes.

    • by DontBeAMoran ( 4843879 ) on Sunday August 06, 2017 @01:05PM (#54950991)

      My ISP has met the proposal half-way: depending on the situation, they don't do anything with the zeroes but they might filter the ones.

    • Having endpoint to endpoint encryption is the right answer. And if that's not enough, we need an open and free internet and we need carriers to not be messing with any of my bits and bytes.

      I agree but I'd actually go further and say that the only way to secure a network is with endpoint-to-endpoint encryption because how can anyone trust all the network providers in between? Once you send your packet out you have no control where different networks will route it and if it is routed through somewhere like the US, even if that is not the final destination, you know that the government there may potentially look at it.

    • by AmiMoJo ( 196126 )

      The encryption would just be upgraded, same as it was with WiFi, SSL and the like.

      But the more important point is that it would set the default assumption that every protocol needs to enforce privacy. HTTPS would be the original spec, not HTTP.

      • sigh...

        (a) stop modding yourself up with your sock puppet
        (b) "IP" is the original spec, not as you claim "HTTP"
        (c) SJW means what you codified into law that it means
    • by Arnold Reinhold ( 539934 ) on Sunday August 06, 2017 @01:56PM (#54951209) Homepage
      I attended a presentation on the ARPAnet in the early 1970's and I asked about encryption. I was told they were not including encryption because doing so would mean the entire project would be classified and they very much wanted to avoid that (this was a few years before DES was released). They also said that DOD intended to encrypt each communication link (link encryption) in its network, which would also protect against traffic analysis.
    • Lies. RFC 3514 [ietf.org] solved this problem long ago, but big government colluded with big business as usual to prevent it from happening. Corporations are the worst. It was so they could spy on us as a prelude to 9/11, which was in planning. Google wtf 7 learn the truth.
    • If it had been, hopefully it would have been implemented in a modular way, fully knowing that obsolescence would occur.
    • Back then, encryption would also have burdened the systems considerably. Modern systems make light of encryption.

  • by Anonymous Coward

    The original intent of the Internet isn't what we see here today. It was supposed to be a military and government communications system to withstand a nuclear war - and used by universities. Meaning, security wasn't even thought of because it was supposed to be a closed system.

    I bet they cringe at the .ru domain! Or the .cn one!

    And if a new internet is created - somehow - hackers will find a way to infiltrate it because that's what they do: find weaknesses that no one thought of.

  • How would we get all this entertaining news otherwise?

  • Go back to X25 (Score:5, Informative)

    by phayes ( 202222 ) on Sunday August 06, 2017 @12:33PM (#54950855) Homepage

    The revisionists claiming that those who designed the Internet were at fault for not predicting future deficiencies should return to using the OSI networks like X25 that were indeed conceived with every imaginable contributor's input -- but that were so unwieldily that they lost out to IP even with the weight of national every national telecom operator behind them. The AT&Ts the France Telecoms, the BTs, etc, all told us that IP was badly adapted to real world and that it would be quickly replaced with "proper" and "secure" OSI networks.

    Not encumbering IP with "solutions" to every future possible problem is in large part why we are using IP today, & not X25.

    • by Anonymous Coward

      You are a cow. MOOOOO! MOOOOO! Moo says the cow! YOU PACKET SWITCHED COW!!

      • by Anonymous Coward
        Ha! The joke's on you, buddy. I'm a Circuit Switched cow.
  • Define "security." (Score:5, Insightful)

    by ErikTheRed ( 162431 ) on Sunday August 06, 2017 @12:35PM (#54950857) Homepage

    Security means different specific things in different specific contexts. Security in transit, which seems to be what this is focusing on, is mainly a defensive step against nation-states. Most of us don't worry horribly about organized crime tapping Internet backbone switches - for now that's the domain of intelligence and military organizations. At that point the entire conversation veers off from science into philosophy - the proper role of the state (if any) in monitoring communications for stuff it doesn't like. This tends to break down better on the newer and cleaner authoritarian / libertarian axis than it does the older and more muddled conservative / progressive axis. Authoritarians want more control so that they can implement and enforce their agendas. Libertarians want less control because they (generally) believe that authoritarian structures - even those created and begun with the best of intentions - eventually get taken over by thugs and then are used for totalitarian purposes.

    • I'm reminded of an old joke on how different military branches define "secure". Imagine each branch of the military given an order to "secure that building".

      Army: The front door is blown off its hinges and a recon team storms in. Bad guys are killed or captured, while good guys are given water and blankets. A tank is parked out front, 24/7 patrols performed on the perimeter, and snipers posted on the roof.

      Navy: The exterior is given a fresh coat of paint. Broken windows are repaired. The inside is sc

      • One of my favorite jokes...

        If you're in the Army, what do you call that thing with the rotors on top?
        A chopper.

        If you're in the Air Force, what do you call it?
        A helicopter.

        And if you're in the Navy?
        A whirlybird.

        And what do Marines call it?
        *points up in the air* Ook! Ook!

        (I spent eight years enlisted in the Marines. It paid for my education.)

  • by Anonymous Coward

    I understand the sentiment, but the risk mitigation is low to none. Intercepting or hijacking encrypted traffic is done all the time, encryption is even used for C2 communications. Whether you have end to end encrypted communication, or even double-blind encrypted communications this does nothing to secure the end points at which that encryption occurs. Concerns around exposure and possible hacking, are much more likely user side followed by server side, than to be intercepted mid stream.

  • by Anonymous Coward

    "Dumb network, smart edges" is the key difference between the internet and the many networks it has replaced and is replacing. To give up that principle would just give rise to another dumb network, possibly first running tunnels through the "secure" internet and using it as dumb pipes. The internet is the evolutionary opponent to the "intelligently designed" protocols. It's winning for a reason.

  • by hey! ( 33014 ) on Sunday August 06, 2017 @12:45PM (#54950909) Homepage Journal

    If you can define what that means. But that's not even what the guy is saying. He's saying ISPs shouldn't be in charge of securing customers computers or traffic.

    If you imagine what a "secure by default" Internet would do for you, it would protect you from any unintended consequences from your actions. Now imagine how good ISPs would be at doing that for you. Most of them can barely run their own networks competently, much less understand their customers' businesses.

    ISPs certainly have a role in responding to certain kinds of cyber attacks, like DDOS, or attacks on DNS infrastructure. But they don't really have the ability to protect customers from themselves.

    • If you can define what that means. But that's not even what the guy is saying. He's saying ISPs shouldn't be in charge of securing customers computers or traffic.

      That's fine for larger corporate customers who at least in principle should be able to manage to secure their networks. But less sophisticated customers hugely out number the sophisticated ones so there HAS to be some mechanism for helping them to keep their little network and devices secure. If this isn't the ISP then who should it be? I like the idea of smart edges and a dumb network but we cannot assume that every edge has a tech savvy sysadmin on the end of it.

  • As the Internet currently exists, it simply cannot be "secure by default." To have such a system you need hardware and software designed from the ground up to be secure, but the current system was designed to be robust, which is pretty much the other end of the spectrum from secure. Everyone at every level of use would have to start all over again.

    A better solution might be to have separate networks for those who need such high levels of security; this would be cheaper and far more likely to happen. Still

  • The problem you not only need "security" but it also needs to be updateable. There is no foolproof software and or complex protocol proofs. There are all sorts of assumptions made which change all the time compounded by implementation errors and outright bugs. It may all be based on logic but you can't guarantee what makes sense today will make sense in twenty years.

    So you have to be able to update software and complex digital hardware. That is simply impractical. You can write a law saying pi=3 but that

    • Programmers and publishers need to be liable for the quality of their products where money is exchanged. There needs to be minimum standards and review.

      Right after you write about how software should need to involve money.

      If programmers are going to be responsible for the quality of their products, who'd be a programmer? I'm not paid anywhere near enough to provide personal legal responsibility.

      If you're comparing it to more traditional engineering, consider this. A professional engineer signs off o

  • ... I think we should have neutral carriers in the middle ...

    No way the current crop of ISPs are going to allow this to occur. It will destroy their plans to charge tolls on any and every aspect of the Internet.

  • Slashdot reader Darth Technoid disagrees, calling a lack of security "the Original Sin of the Internet,"

    Oh, those silly medieval peasants and all their famines! Why didn't they just eat at KFC?

    Seriously, when the Internet was developed, cryptography was in its infancy, connections were physically secured, and the backbone consisted of 16 bit processors with up to 32k of core memory, and I mean core memory. When the web was developed, it was still not really possible to encrypt everything.

    Long term, en

  • The internet is supposed to be a simple pipe. You open and close the 'valves' at your end. Leave everybody else alone.

  • Pick one - you can't have both.

    • I disagree. You can't have security without privacy.

      What is incompatible is convenience and security.

  • No such thing as absolute security or zero risk. The best strategy is to assume that nothing on the internet is safe and proceed accordingly. No one security strategy will work. Everyone using the internet should apply some kind of layered security depending on the value of what they want to protect. Then there are the bots that may not necessarily attack your machine but act as infection vectors and instruments of DDoS. Mitigating these things pretty much depends on how well the user is educated.
  • by Todd Knarr ( 15451 ) on Sunday August 06, 2017 @01:29PM (#54951049) Homepage

    The problem with embedding security protocols in the network itself is the same one we've seen with network capacity: the providers have little incentive to upgrade once they've invested in the initial roll-out. If we embed security at the level of the ISPs and backbone providers, we'll have a massive problem when that security is inevitably broken (whether by malicious action or simply advances in computing power making the algorithms it uses obsolete). We'd also likely see major abuses, either by laziness (your Linux OS isn't supported, we won't allow it to connect) or greed (good-bye routers, you'll have to connect computers directly for security to work and that means paying per computer to connect them). Good-bye having your own domain, for security all email has to be routed through your ISP's mail servers which only support your ISP's email addresses or you'll have to use webmail interfaces which also put you at the mercy of a mail provider (eg. no S/MIME signed/encrypted email unless your mail provider supports it and you give them your private key). And in general I distrust any claims that ISPs and backbone carriers will implement any kind of security correctly, they won't even implement current security measures like spoofed-address filtering.

    And what kind of security would we gain? This idea can't protect us from malicious actors gaining network access, ISPs can still sign up customers and there'll always be ISPs who can be fooled by false IDs or who won't look too closely at the background of a customer offering them money. It can't protect us from false identity claims, see above. It can't protect us from malicious content, we've already seen that in the way new exploits get past software designed for the sole purpose of detecting malicious content.

    I'm fine with the network enforcing things like default encryption of traffic, but it should be a case of IP-level protocols requiring endpoints to encrypt traffic (eg. all IPv6 traffic requires AH and ESP or the routers will reject it). Authentication should be done directly between the parties that need to authenticate, eg. your email provider issues x.509 certificates for it's users certifying they're who they claim to be (or at least own the address they're using), DNS registries issue certificates certifying that an email provider or mail server operator controls the domain name they're using to send email and so on. Example: if I'm operating my own mailserver for silverglass.org, I'd create my own master issuing certificate and get it signed by either my domain registrar (who'd be using a certificate signed by the registry) or the .org registry saying that my certificate is good for issuing certificates within the silverglass.org domain. Then part of turning on a new mail user would be me issuing them a certificate valid for the email addresses they've asked for. I'd also be issuing the server certificates for my own mailservers. During email handling (receiving a message from my server or delivering a message to it) one check would be "Is this server's certificate valid for the relevant domain for the message?". When you signed or encrypted email messages, you'd do so using a certificate I'd issued to you (saying "This is the true owner of the email address sending this message.") or another one issued by a party who knows your identity (eg. one from your employer saying "This is really our employee and he's shown us ID proving he's really X."). And as far as malicious content goes, well, we already have AV software in use but I've found that the only people who don't have a problem with malware are the ones who refuse to directly handle content from outside or unknown/unexpected sources. The only solutions I have are a) use less complex formats that don't require hairy error-prone code to parse and b) run programs that access that content in a VM that doesn't have unmediated system access (most OSes now are capable of running lightweight VMs or containers). No, languages won't solve the problem of vulnerabi

  • Should the roads be secure by default?
  • Yes and no (Score:2, Interesting)

    by hord ( 5016115 )

    Yes I want an internet that is secure by default. No this does not involve the carriers. I personally think this starts with distributed, federated identity meaning that your presence on the internet can be known to others but only to others you trust. Think BitCoin but for identity.

    For example, imagine you made your own authentication realm that was just a presence on the internet. You would create identities within it that represent you and people that you trust along with this trust relationship. It

    • Yes I want an internet that is secure by default. No this does not involve the carriers.

      This right here! There's been lots of talk about security by design or security by default, but none of it has ever involved the carriers or middlemen. I think the OP fundamentally misunderstood the debate.

  • More useful (Score:4, Interesting)

    by Anne Thwacks ( 531696 ) on Sunday August 06, 2017 @01:38PM (#54951103)
    It would be far more useful to have another Internet with no advertising at all even if we had to pay for it. Like Fidonet was.

    You can't actually find stuff on the Internet any more, because the first 2,500 search results do not even contain the search terms you used, but things you might conceivably been thinking of buying if you were someone else in a parallel universe.

    If you want "secure" as in privacy you might want to write it on paper and carry it there in person. I would suggest you avoid putting it in an electronic format of any kind.

    You might also wish to buy a tin foil hat from my Ebay shop - in case the thoughts leak from your brain.

    • Sounds like someone's lost their google-fu

    • It would be far more useful to have another Internet with no advertising at all even if we had to pay for it.

      Except people wouldn't. The vast majority of what we take for granted is supported by a model of advertising because we don't use the internet for a single thing. If I only wanted to get news from one paper I would subscribe to that paper. I don't and I sure as hell won't be paying $1 to 1000 different people every month.

      You can't actually find stuff on the Internet any more,

      You misspelt "I". Don't project your inability to use the internet on everyone else. There is far more information out there in a far more easily accessible manner with far better search to

      • A long history of subscription based media (newspapers, magazines, etc) says that people would be willing to pay for valuable content.
        • Of course they would until the point of saturation.

          Subscription based media survived on dedicated interest in specific topics. The internet is not that, not at all. The internet is a wealth of all information, and the vast majority would disappear if we forced it down this path.

          While you're at it, it's worth remembering why many of these subscription based media (especially generic ones covering wide topics) have failed recently, and why there are still survivors (mostly limited to very specific topics).

          • it's worth remembering why many of these subscription based media (especially generic ones covering wide topics) have failed recently,

            Mainly because you can get the information for free.

            • Not at all. Many forms of information have always been available for free. The big difference is now the breadth of information available, and I say this as someone who still subscribes to a few quality sources of very specific and exclusive pieces of information.

              • ok, why have subscription based media been failing recently then?
                • Competition. When I was young, we had two newspapers in our city, and perhaps half a dozen good news magazines available (I stuck to three). My parents could afford to pay for as many of these as they liked, and so we got both newspapers and Time magazine for news. Nowadays, there's a lot more than eight sources of written in-depth news readily available, and I tend to skip from source to source. Which three news sources should I follow, to the exclusion of others?

                • It's losing on economics. A lot of subscription based media is incredibly light and generic. It either lacks depth or lacks coverage for it's value. Media which retains great quality and depth are the ones that are surviving. Media that forces people to compliment itself with other media the fails.

                  • I think you need room in your theory for periodicals like Cosmo and National Enquirer.
                    • Both of those cater to wide breadth of information targeted at a very specific audience.

                      It doesn't need to be "good" in our eyes to be "valuable" in someone else's. But if you every read them you'll find they diversified their interests a lot over the years, and their parent companies even tried to expand the target audience (which failed spectacularly).

                      Here help prop up a media conglomerate:
                      https://www.fragrantica.com/pe... [fragrantica.com]

    • even if we had to pay for it.

      I don't know about you, but I've been paying to use the internet since the early 90's...

  • by Anonymous Coward

    The job of ISPs is to deliver packets quickly, not to waste time encrypting, an exercise that would be bound to disappoint because governments will insist on a clear stream, and they are one of the biggest threats.

    But encryption is not security. We already have great end-to-end encryption (and don't governments hate it?) The weakness comes at the two ends. Saying that the Internet should provide security for us is like saying banks should provide financial responsibility for us, or that roads should provide

  • The big mistake that so many ppl believe that TRUE TOTAL security is possible. It is not. The reason is that new approaches to defeat a security will be found. ALWAYS.
    What is really needed is the ability to change security quickly.
    For example, the DOD recently asked for ideas on how to secure the net and communication as a whole. With plug-gable architecture that can negotiate with the other side on what protocol and what settings, is the only possible solution.
    Likewise, for IOT and with our appliances
  • The phrase "Original Sin" isn't applicable. The technology for packet switching predates the technology for the encryption Darth Technoid would like to be applied to the packets. If you want to talk about making a transition from where we are now to something different, you can't just say "secure by default." You have to be very specific about the design of the technology for where you want to end up and then about the transition process to get there from where we are now. Otherwise, it's like asking "shoul
  • What is a "secure" internet?

    Secure for whom and against whom? If we let the government define what is safe and secure for us as citizens, we might be in for a totalitarian authoritarian run type of internet.

    We're already fighting viruses and worms, a "safe internet" won't secure against that, this is what we do on OS level to protect our computers, and that needs updating all the time - nothing is ever going to be 100% secure.

    But if you mean security against pr0n, hate-mail, cyber bullying, fake news and wh

  • Years ago, in mostly adoring interviews with Vint Cerf and Bob Metcalfe about security, I asked each of them how they screwed up so badly on security.

    They didn't. Jonathan Postel screwed up when he wrote RFC 821.

    By early 90's inaction to correct this was no longer Jon's fault. Today given 35 years of time having elapsed on a network with billions of users inaction is a "sin" anyone who can write a program that compiles is now on the hook for.

    They both didn't think that mattered quite as much as I do. Thus, I feel that the lack of security design is the Original Sin of the Internet.

    It really doesn't matter.

    Most operators don't route packets over random anonymous physical links they know nothing about nor do they partake in BGP sessions in a similarly unqualified and unfiltered manner. Operato

  • IMHO the biggest weakness of the current Internet is that every packet must contain the full source and destination. I'd like it to be more like a Russian doll-style, every node on the source side should only give a reference and the destination should be unwrapped layer by layer. So if I want to send a packet from 1.2.3.4 to 5.6.7.8 my node should send to 1.2.3.x and only relay to 1.2.x that "someone" from 1.2.3.x wants to contact 5.x with an ID, from 1.2.x it'll relay to 1.x that someone from 1.2.x wants

    • by gweihir ( 88907 )

      I can tell you have zero understanding of how modern router technology works. You also have zero understanding of the hundreds of proposals going into this and similar directions that failed because they were not feasible without essentially killing performance completely. You still find such papers submitted to conferences, but most of the community has realized around 10 years ago that it cannot be done.

  • Because the Internet cannot be "secure by default", unless you forbid everything, make all computers closed and unhackable and make writing software a capital crime. Of course, that needs to be done globally.

    While there are some fascist tendencies in that direction, they have zero change of succeeding in this regard, fortunately.

    The real solution is that commercial vendors must be made accountable for the insecure and often unpatchable crap they put out there. As soon as that happens, the problem will essen

  • Two people standing in a field having a conversation - that's the default human condition. Are there eavesdroppers? Are their communications subject to interception? Can somebody demand that somebody follow them around and write down everything they say or demand that all of their conversations are relayed via a biased third party?

    All of those are "no", so all of those things are violations of the default human condition (what some call "human rights" though that unnecessarily complicates matters). The

    • The default human condition, before technology, was everyone in the town knew everything about everyone else.
      Empires were raised and toppled by spies - If you needed to know what went on behind closed doors, you put a person behind those doors to listen.

  • If the internet was a proprietary, closed system, sure. Maybe.
    But it's not. You don't control every router on the internet. They're run by millions of individual people/companies, under hundreds of different legal jurisdictions.
    Trying to make it secure is a fools errand.

  • The whole point of security is that I can verify it. If I can't, it is not secure, period.

    Putting the carrier in charge means I can't. When they turn of encryption and authentication during nightly maintenance and forget to turn it back on - nobody will be the wiser.

  • Let applications decide what needs security, as it always was.

    The principal of a tool doing one job the best it can is still a good paradigm.

    Internet transit providers should only worry about about providing transit.

  • Imagine if all of our internet security was as screwed up as the broken CA system for https is!

    The result is we would need end to end encryption running over the resource eating but not actually trustworthy default security (with the deliberate hole for governments and organized crime)

    .

  • What the Internet is, was, and is supposed to be was laid out a long time ago and in a very non-ambiguous way [worldofends.com] and it's worked famously for a long, long, LONG time.

    It's wonderfully working as it was supposed to do.

  • A good example is the telephone network. It tries to have some security features, such as having identifiable source numbers. In reality that doesn't work and leads to false assumptions about the network.

    Essentially you cannot outsource security.

    The approach of the Internet is much saner. Just have a dumb network and have the endpoints do the actual security. This also allows for swift upgrades in security and for custom solutions addressing the specific security problems.

  • The public internet is unsecure by intention and design. Remember the origins of the internet, DARPANET etc? Independent of being literal truth the old story that "The first crime on the internet, was to use the internet for anything other than military reasons." speaks volumes and is grounded in reality.

    A main motivator for the U.S. military opening up the internet to outsiders was to spy on them. Given that background there is fundamentally going to be no-way to securely access the internet. Trying to,

  • Yes, the internet should be secure by default. However, that's a different question from "should ISPs be doing it?"

    ISPs are not trustworthy, so any "security" imposed by them is meaningless. The internet should be secure by default through the protocol definitions, and enforced the same way that all internet protocols are enforced: if you don't conform, then you can't really talk with anybody.

  • When ISPs are literally snooping on everything you do because they can then all the encryption in the world means NOTHING. We need an Internet where the ISPs keep their little brown noses to themselves and out of everyones business; their role in a publicly-accessible Internet should be to provide connectivity to the public, not act as an 'advertising platform' in the interests of companies. Now, if ISPs want to provide broadband services for FREE to everyone then I can see where they'd have a right to snoo
  • I'm not sure why people are trying to frame this in such a weird way, but agreed with the sentiment overall.
    It's not like ISPs should be against security, or that they shouldn't adopt secure practices... it's more like that they should not interfere with Internet traffic at all because it's not their right to do so.
    That's what the neutral argument stands for.

    The minute you make ISPs responsible for all sorts of things regarding the Internet is the moment they appropriate it, and then you are gonna get nick

Avoid strange women and temporary variables.

Working...