Industry

Choosing an Internet Access Provider

Paul Krugman sounds upset. Like mine, his choices for better Internet access are simple

1. cable

You may notice that on this multiple-choice test, there's only one answer.

3:12:32 PM # Google It!
categories: Industry

Stupid Is as Stupid Does

Krugman then claims that telco providers will both 1) jack up broadband prices to maximize profits AND 2) restrict access to large sections of the Internet. These two things are inherently contradictory as cutting of large sections of the Internet will lower the value of access, and so reduce telco profits. But Krugman believes that these guys are some opaque combination of evil and stupid which limits their greed, harming both their profits and the public good at the same time. I, on the other hand, believe they are merely average in their intelligence, but limitless in their greed, so consumers are quite safe in their hands.
— Zimran Ahmed

That cracked me up. From my seat, it's often hard to tell the difference between the two, though I don't think you have to be evil — merely stupid is enough — to block off large sections of the Internet based on marketing agreements with content providers. For evidence of how stupid, compare the effectiveness of WAP and i-mode. The difference between the two being that WAP portals are, or were, captive.

2:04:11 PM # Google It!
categories: Industry

If You Can't See It, It Can't See You

A few days back, Scott Mace, referring to a Gartner report on deep packet inspection, makes some comments about the network's edge, in the sense that firewalls redefine what the end-points are. Well, yeah, but his comments are confusing:

[T]he edge is creeping closer to the nodes originating the service or providing the client.

Isn't that the functional definition of the edge, those nodes? His conclusion, that service must move out of the network itself, is the end-to-end model.

Brett Morgan points out that some Aussie students routed around firewall-based service degradation by encrypting their packets. I mentioned the same thing in June after reading an article trying to sell content inspection as a means of differentiating service levels: You can't inspect the content if you can't read it. Think of a border guard charged with keeping subversive content out of the country: if he can't read German, how can he tell the difference between Mein Kampf and Das Kapital?

In its conclusion, Gartner states,

Web services will force perimeter defenses to be more aware of what types of traffic they allow to access the network via port 80 as code, such as SOAP elements, and control messages, such as XML statements. Firewall vendors must offer solutions that can control this traffic.

The perimeter cannot defend against these attacks without knowing what's inside the perimeter. Without that, the perimeter device cannot predict what effect a particular SOAP message might have. What the perimeter device can defend against would be known attacks on flaws in the infrastructure. Though it may be able to identify attempts at buffer overflows and such, doing so will require application developers to think about the size of the messages they are passing — and that's highly unlikely.

Effective security balances usability with stumbling blocks. If the security precautions make things too unusable, then 1) they will impair the work that was meant to be done in the first place, and 2) the users will ignore them.

11:21:01 AM # Google It!
categories: Industry, Security, System Administration