 |
||||||||||
| Email Solutions |
| How Mailborder Works |
| Mailborder FAQ |
| Mailborder Pricing |
| Security Central |
| Articles and Tutorials |
| Latest Spam News |
| Bugtraq Vulnerabilities |
| Internet Storm Center |
| Sophos Virus Alerts |
| Sophos Security News |
| Security Focus News |
| My Account |
| Control Panel Login |
| Instant Registration |
The Internet Insurrection
Author: Jerry Benton
Thomas Paine vs. Plato
If history has taught us anything, it has taught us that people are capable of anything ranging from the most heinous acts of evil to saintly acts of compassion. In the attempt to minimize the former, societies have tried to implement various forms of governorship. In what seems to be one big trial-and-error experiment, mankind has yet to nail this down to a science. Plato believed that people were incapable of governing themselves and should have their lives dictated by philosopher kings. On the other hand, Thomas Paine believed that the best government is the one that governs least. Fast forward to today and try to fit either of these philosophies to our societies. More specifically, try to think about what the Internet would be like under each of these ideals.
“I took the initiative in creating the Internet”
Contrary to his own personal beliefs, Al Gore did not invent the Internet. But the people that did create this modern wonder did have some sort of plan for how things were supposed to work and these ideas were documented in a series of documents known as Request For Comments (RFC) that date back to 1969. Of course, these are technical documents and naturally do not take human nature into account. When we add people into the mix the natural human behavior of taking advantage of any weakness or loophole kicks in and the result is chaos. And this is not just any chaos, it is global chaos. To quote a penguin from the movie Madagascar: “Well this sucks”.
One Society
With the birth of the Internet mankind has found itself a part of a new homogenous society. It may only be a virtual society, but the Internet is now a very real part of every conventional society’s being. And as with any society, there are rules. Of course the public version of the Internet was originally conceived as free society with little to no rules aside from the RFC’s, but this model quickly fell victim to predators and hoodlums. At this point Plato’s philosophy starts to make sense. Of course the Thomas Paine version of freedom exists as the norm, but for sensitive networks typically found in most organizations, a real sense of order and a solid policy is required for mere survivability.
Bringing Order to Chaos
The oldest and still most used aspects of the Internet are email and World Wide Web (WWW) access. Both of these technologies have evolved from simple text emails and basic Gopher services to feature rich items such as S/MIME email and dynamic web content. But with these enhancements more complexity has been introduced. And the more complex a system becomes, the more likely it is going to have holes for misuse or exploitation. To combat this natural side effect of technological evolution, some human controls have to be implemented. In the world of information technology these human controls come in the form of usage policies to provide guidance for operators. However, policies alone are still not enough. If a policy is going to be effective, it must be enforced. And in order to know if a policy is being followed, some sort of monitoring is required. And finally, there must be some sort of mechanism to correct non-compliance.
Modern Plato
Monitoring email and Internet usage is practically impossible in a large organization without some sort of technical system designed to monitor these types of activities. To tackle the issue of email, I created a redundant mail gateway system that not only processes email to remove spam, viruses, and other dangerous content, but it also records every single transaction. Transaction records are retained for ninety days and new records are reviewed daily. This system has proven to be amazingly efficient, reliable, and useful for not only monitoring policy issues, but for also troubleshooting technical issues with email delivery. For example, if a user is suspected of violating email policy, that user’s entire history of email transactions for the past ninety days can be called up on demand. If the user is suspected of transmitting unofficial email the transaction records will clearly show this. If the user is suspected of transmitting banned items such as video clips, the video clip itself is quarantined and can be reviewed by both technical administrators and policy administrators.
To enforce WWW usage a combination of monitoring, black hole techniques, and address blocking is used. Monitoring is accomplished through daily reports generated by log parsing system that summarizes usage on a per user basis from a proxy server, which is required to access the Internet and cannot be bypassed to achieve anonymous surfing. Abnormal activity is automatically flagged by the system and reviewed by administrators. To prevent access to undesirable sites that are considered inappropriate or technically dangerous, black hole measures are taken. This is accomplished by simply creating authoritative zones on our own DNS servers for the undesirable domains and refusing queries for those domains. This works in tandem with IP address blocking on our border router since changing an IP address for an undesirable web site is not difficult and is totally transparent to the rest of the Internet world. In reverse, if a malicious site changes its domain name and maps it to the same server, or IP address, it is still blocked but this time by the border router. The down side to this system is that these blocking mechanisms can grow infinitely large and start to consume an abnormally large amount of resources. However, these lists are maintained by a parent organization and they have been consistent in their efforts to date. If this mechanism became outdated or too difficult to maintain, we would most likely move to a commercial solution such as WebSense.
Plato’s Hammer
Obviously, it’s not enough to tell someone they can’t do something on the Internet. I claim that it’s obvious because of lessons learned in the past. I can tell our users not to try and stream music over the network, but some of them will try it. Some of them don’t care. Some of them think I won’t know they are doing it. Some of them think it’s some sort of right and I am violating their Civil Rights. And some of them think that they are smarter than the technical administrators and can get away with it. In a perfect organization I could just tell someone that certain activities are a “bad thing” and they won’t do them. Since some people don’t listen, we monitor. And when we catch users doing “bad things”, they get mashed with the proverbial hammer. Personally, I’d like to use a real hammer on some people, but that request keeps getting denied for some reason.
With that being said, when a user is caught violating policy, the user is immediately suspended from accessing the network for a week and must attend the new user briefing for reprogramming. On the second violation the term is one month and another joy ride in the new user briefing. On the third violation the user is suspended indefinitely until the head of our organization determines the course of action to be taken. Of course these items can slightly vary. For example, child pornography will win the user an all expenses paid personal visit with an FBI agent sporting Ray-Bans and a Glock. At that point the user’s fate is out of our hands. But I think the least of the user’s worries will be attending the new user briefing again.
The Circle of IT Life
Enforcing policy is one big circle. First, we create the policy. Then we educate people on the policy. Then we monitor for violations of the policy. In between mashing users for violating policy we update the policy and again educate the users and then once again monitor. It never ends. It’s grueling and seriously lacks a fun factor. But unfortunately, it is a fact of IT life. Without this circle our networks would plunder into chaos and eventually become a liability rather than an asset. Although I don’t agree with Plato and his philosopher king theory as it applies to our tangible lives, I do agree when it comes to our virtual lives. The current rapid development and overall general misunderstanding of the Internet often leaves too much room for error for the laymen to self-govern on the information superhighway.