The ISPs Role in Improving Internet Security - PowerPoint PPT Presentation

1 / 46
About This Presentation
Title:

The ISPs Role in Improving Internet Security

Description:

... from zombie computers, threatening online assets. ... Cost of Monopoly ... What roles to people play? Who makes the decisions? About what? What are ... – PowerPoint PPT presentation

Number of Views:89
Avg rating:3.0/5.0
Slides: 47
Provided by: Dan5259
Category:

less

Transcript and Presenter's Notes

Title: The ISPs Role in Improving Internet Security


1
The ISPs Role in Improving Internet Security
  • An exploration of the need, potential, and
    reality of ISP-assisted security mechanisms on
    the network fringe.

2
Why do we care about the fringe?
Id be really careful with the term fringe.
The truth is that MOST of the computers on the
Internet are at the edge. Servers are at the
edge, as are the users. The number of machines
that are really internal are the minority. So
there are lots of reasons to care about the
fringe. If you are talking about the role of
particular machines (i.e. broadband home users),
then you need to be more specific about what you
really mean.
  • Increasing numbers of broadband connections
    owned by non-security minded customers is quickly
    become a threat to our national Internet
    infrastructure

Can you be specific about what it is about having
increased numbers of high-bandwidth end-users
that makes the system more vulnerable as a whole?
Is it the speed at which worms or DoS attacks
can occur? Or is it something else?
3
What is the threat?
Again, since most of the computers are at the
edge, the fact that they are the source of
attacks is not surprising and doesnt make the
current situation any different from the past.
  • Worms replicate and propagate from the network
    edge, causing damaging traffic loads and
    potential Internet wide instability.
  • DDOS attacks are launched from zombie computers,
    threatening online assets.
  • The fringe offers a safe launching point for
    sophisticated attackers with stolen accounts, who
    can rarely be tracked or caught.

Again, I think you need to be more specific in
justifying this last statement. Why does the
fringe offer a safe launching point, and what is
the implication of having high speed connections
at the fringe?
4
What can we do about it? (1)
  • Attempt to minimize the number of compromised
    end-hosts in order to reduce the threat to key
    Internet assets and infrastructure
  • Note The point of this research is NOT to
    try and protect every computer on the
    Internet.

Do you mean to contrast end-user machines versus
servers? Both are really end hosts. Minimizing
compromised end hosts is probably not specific
enough. Again, you might want to be more
specific about what you actually mean as
infrastructure.
5
What can we do about it? (2)
  • Improve network transparency, attestation, and
    inter-organizational information sharing to be
    able to identify, block, and prosecute Internet
    attacks.

These are all strategies for dealing with the
problem. It might be more helpful to state
precisely what the desired end result is, and
then move to strategies. That is, if I want to
identify, block, and prosecute internet attacks,
then you need to justify why transparency etc is
a necessary/sufficient condition for achieving
that end result.
6
Why are we looking at ISPs?
  • The average user is not, does not want to be,
    and should not need to be a computer security
    expert any more than an airplane passenger wants
    to or should need to be an expert in aerodynamics
    or piloting. This very lack of sophisticated end
    users renders our society at risk to a threat
    that is becoming more prevalent and more
    sophisticated.
  • - Dan Geer, et al
  • CyberInsecurity The Cost of Monopoly

This slide and the next are more salient and
insightful ones of the entire presentation so
far. I would start with these, and then talk
about high speed end users after that
7
Why are we looking at ISPs?
  • The current model of individual users being
    responsible for their own computer security in a
    fend for yourself environment has left the
    Internet in a precarious state.
  • Its time to explore new possibilities. As the
    gate-keepers of the Internet, ISPs are
    positioned to potentially play a significant role
    in securing the Internet.

8
How to define an ISP?
  • Main Focus
  • Targeting consumer ISPs who control network
    edge infrastructure, not those providing
    back-bone services.
  • Security enhancements are geared toward broadband
    (cable/DSL) providers, since these high-speed and
    always-on connections make users both most
    vulnerable and a greater threat to infrastrucure.

9
How to define an ISP?
Some discussion of the Internet protocol stack
might be helpful in identifying the different
roles that an ISP can play. For example, an ISP
that has its own physical infrastructure is
different from someone who runs a virtual
topology on top of it.
  • Applicability
  • Some security mechanisms apply more to
    facilities based ISPs (who own/run the actual
    infrastructure than to virtual ISPs who simply
    lease lines from a cable/telecom infrastructure
    provider.
  • Other enhancements may apply more to companies
    providing service to residential users and small
    businesses, that is, groups without a dedicated
    and knowledgeable IT staff.

10
An Initial Framework to Classify Potential
Security Enhancements
Its hard for me to know what or why this
framework is being introduced. One way to remedy
this is to present the question first, and then
the framework as an answer (maybe not unique) to
the question. Without the proper motivation, the
framework becomes just more details that the
audience has to try to understand.
End-Host
  • The Actor Framework divides potential ISP
    security enhancements into three categories based
    on where they occur

Actor Framework
Network Traffic
Organizational Procedural
11
End-host Security Enhancements
  • These are security mechanisms implemented that
    involve individual users computers.
  • Frequently they represent the ISP facilitating
    good security common sense security practices.

One thing you might consider is putting the
definition of each of these enhancements on the
previous slide with the graphical representation
of their relationships. So a single slide with
all three on there. Then you might walk through
the examples one group at a time, or maybe try to
fit all three groups on the same slide (again
with the pictures).
12
Examples End-host mechanisms
  • Anti-Virus Software Update Subscriptions
  • Personal Firewall Software
  • Detection of vulnerable or compromised computers
    on the ISP network.
  • Protective Anti-Phishing software.
  • User Personal Security Education

13
Network Traffic Security Enhancements
  • These are powerful mechanisms that exploit the
    control an ISP has to analyze and control all
    incoming and outgoing network traffic.
  • These mechanisms are more technically complex,
    but also have a more far-reaching impact and can
    not only protect but also detect and block
    malicious out-going traffic.

14
Examples Network Traffic mechanisms
  • Egress-filtering on outbound traffic
  • Ingress filtering or proxy traffic from dangerous
    black-list.
  • Port blocking/throttling to prevent scans/attacks
    for common vulnerabilities and worm propagation.
  • Incoming/outgoing email virus scanning
  • Coordinated cross-ISP support for IP trace-back.

15
Examples Network Traffic mechanisms
  • General Deployment of Advanced Network devices
    that analyze or prohibit traffic to a significant
    degree
  • e.g.
  • - Intrusion/DDOS Prevention Systems
  • - Context Sensitive Firewalls (default deny)
  • - Active connection monitoring devices.

16
Organizational Procedural Security Enhancements
  • The policies, procedures and organizational
    relationships used by an ISP will also affect the
    impact it has on Internet security.
  • These mechanisms focus on the ability to
    effectively collaborate with other parties with a
    common interest in improving security.

17
Examples Organizational and procedural mechanisms
  • Effectively responding to abuse complaints of
    attacks originating within an ISP network
  • Accessible logs of traffic connections and
    associated user data to allow for later use as
    potential evidence
  • ISP collaboration for technology development and
    information sharing standards.

18
Examples Organizational and procedural mechanisms
  • Development metrics for quantifying the security
    of an edge ISP network.
  • IPv6 Deployment.
  • Operational guarantees on integrity of key data,
    such as DNS and BGP information.
  • Collaboration with US-CERT Information Sharing
    and Analysis Center.

19
A Second Framework to Classify Potential Security
Enhancements
Again, this needs proper motivation in order for
an uninformed audience to follow it.
Particularly if this is your own work and
framework, you need to justify why its worth the
effort for the audience to learn it. (I am not
saying its not worthwhile, simply that you
havent motivated it properly).
  • The method framework looks at the nature of
    the security enhancement and classifies it
    depending on how it attempts to improve security.

Protect Computer And Data
Detect Block Outgoing Malicious Traffic
Method Framework
Improve Traceability And Transparency
20
The Two Frameworks Together
  • The actor and method frameworks are independent
    of each other. That is, being in a given category
    in one framework does not imply being in a
    certain category in the other framework.
  • The combination of the two frameworks yield nine
    different categories of security enhancements,
    which we call clusters.
  • Classifying potential security enhancements into
    clusters gives us a useful tool to analyze these
    changes without having to look at each one
    individually.

21
Using a Matrix to Cluster Similar Security
Enhancements
  • A 3 x 3 matrix can be used to combine them into
    a single system for grouping and analyzing
    potential security enhancements.
  • This matrix allows us to place each security
    mechanism into a CLUSTER with similar
    enhancements

Method
A c t o r
22
The Two Frameworks Together
This is cute, but again needs motivation. What
benefits come from having this matrix in this
manner? Is this taxonomy exhaustive? Is it
insightful? Are you providing a systematic way
to catalog everything, or is there something more
to it? For example, one thing that would be very
interesting would be a situation in which one of
the boxes was NOT filled with a current security
mechanism and where its absence actually
suggested a new approach to thinking about how an
ISP could mitigate risk.
  • Each cluster contains an example of a security
    enhancement which falls within this category

23
So where from here?
  • We have now seen the potential for ISP security
    enhancements, but the next important question we
    want to answer is
  • If these mechanisms are technically feasible and
    well understood, why are few if any ISPs
    currently user them?

24
Looking at the Incentives
  • For ISPs, like any business, the decision to
    implement depends on both the potential value
    gain and the associated cost.
  • Value vs. Cost
  • decision on security enhancement

25
The goal Understand ISP Incentives
  • Key Assumption
  • ISPs have positive and/or negative incentives to
    implement certain types of security enhancements,
    and these incentives apply only to certain
    clusters of the framework matrix.

26
Assigning Incentives to Clusters
Only at this point does it become clear that you
are trying to find a way to understand the way in
which the economic incentives of ISP affect the
possible mechanisms that could be implemented.
This statement should come much earlier, and I
think it would help to make the presentation much
simpler.
  • For example An ISP may have an incentive to
    increase revenue by charging for security
    services. Logically, the main security
    enhancements that can be charge for are in the
    end-user protect computers/data cluster.

P B T
E N O
  • This corresponds to the upper-left corner cluster
    on the matrix. For each discussed incentive, we
    visually highlight the clusters that apply.
  • We abbreviate each of the six categories with a
    single letter to reduce clutter

27
Negative Incentives of ISPs
  • The following section will outline the negative
    incentives of ISPs, that is, forces causing
    service providers to be less likely to implement
    a given security enhancement

28
Negative Incentive Employee Time
  • Being a business, ISPs want to minimize the
    number of employees it needs for operation. The
    too main employee areas to consider for this work
    are network operations staff and customer service
    staff.

P B T
E N O
29
Negative Incentive Infrastructure Costs
  • Many security enhancements will require
    replacing or improving the ISP's current
    infrastructure. Some changes may simple require
    additional capacity for current infrastructure,
    but many security improvements are themselves new
    pieces of the network hardware sold by network
    security companies.

P B T
E N O
30
Negative Incentive Software Licensing Costs
P B T
  • End-host or network based protection schemes may
    require that ISPs license commercial software for
    each customer, leading to significant expenses.

E N O
31
Negative Incentive Carrier-only Responsibility
  • Currently ISPs are not liable either in the case
    that a computer on their network is compromised
    or an attack originates from their network.
  • Initial steps to help protect computer and
    detect attacks could move ISPs move closer to
    liability, something they would like to avoid.

P B T
E N O
32
Negative Incentive Increased Network Complexity
  • Network complexity is the enemy of network
    reliability, which is a top priority for
    operators. Security features can add complexity,
    leading to increased network problems.

P B T
E N O
33
Negative Incentive Consumer Complexity
  • A major selling point for Internet service is
    the simplicity with which it operates. Security
    mechanisms often require additional work on
    behalf of the user, increasing complexity.

P B T
E N O
34
Positive Incentives of ISPs
  • The following section will outline the positive
    incentives of ISPs, that is, forces causing
    service providers to be more likely to implement
    a given security enhancement

35
Positive Incentive General Customer Satisfaction
If you are going to contrast positive versus
negative, I would maybe choose a different color
for the positive boxes (maybe green).
  • While ISPs are not required to protect customer
    machines, the safety of an end-users computer may
    impact their overall satisfaction with the ISP,
    decreasing time spent with customer service, etc.

P B T
E N O
36
Positive Incentive Network Utilization
  • Compromised hosts often generate massive amounts
    of traffic as a result of scanning or
    denial-of-service (DOS) attacks.
  • This traffic uses up the finite amount of
    bandwidth and ISP has (or alternatively, is
    charged for), decreasing their overall quality of
    service or increasing bandwidth costs.

P B T
E N O
37
Positive Incentive Improved Network Monitoring
Ability
  • The sheer volume and noise associated with
    malicious traffic (incoming and outgoing) make it
    difficult for ISPs to effectively monitor and
    control their network.

P B T
E N O
38
Positive Incentive Legal Requirements
P B T
  • While only limited legal requirements currently
    exist, the possibility exists that they could be
    required at any cluster in the matrix.

E N O
39
Positive Incentive Service Differentiation /
Revenue Sources
  • If security enhancements are protective,
    visible, and relatively simple to understand,
    adding these mechanisms can be sold to customers
    for an increased monthly fee, or used to provide
    a higher perceived quality of service than other
    ISPs

P B T
E N O
40
Positive Incentive Improving Network clean-up /
outages
  • A bad worm/virus outbreak can lead to service
    degradation and large clean-up costs. Thus,
    certain types of prevention/monitoring may be
    valuable to the ISP to reduce later costs.

P B T
E N O
41
Positive Incentive Hacker Friendly ISPs and
Social Concerns
  • ISPs that pay no attention to network security
    and as a result host many machines used to launch
    attacks draw widespread criticism from more
    conscientious portions of the ISP community.
    This is especially true for large tier 1
    providers.

P B T
E N O
42
A Framework for Analyzing the Incentives for a
Security Mechanism
  • Having outlined the clusters to which these
    incentives apply, we can know ask the question
  • For security enhancements in cluster X, what are
    the incentives of Internet service providers?

The question is whether or not this is really
possible. Here, you would be most convincing if
you went through a few examples that illustrated
how the enhancements in a cluster are affected by
ISP incentives. Again, in order for the
framework to be valuable, you should be able to
provide some insight which was not immediate from
simply asking the question outright
43
What still needs to be better understood?
  • We need to further explore the RELATIVE STRENGTH
    of these incentives, which ultimate determines
    the ISPs final decision.
  • Additionally, there are likely MISSING
    INCENTIVES not considered in this outline.
  • This is the current focus of my research.

The fact that you believe there are missing
incentives makes me question the value of your
framework.
44
My working sources currently
  • Cybersecurity Center (Keith, Martin, et al)
  • Other members of Stanford CS Dept. (Yashar,
    Guido, etc)
  • Johannes Ullrich (DShield, SANS ISC)
  • North America Network Operators Group (NANOG)
    Forums and resources.
  • ISP-Security mailing list (havent contact yet)

45
Conclusions
Modeling incentives is inherently challenging.
The type of analysis that you suggest (if
pursued, expanded, and refined) could lead to a
qualitative assessment of the types of decisions
that an ISP is likely to make. But its
predictive power is apt to be limited, due to its
qualitative nature. I feel like there is a
fundamental question underlying your work here
that is never stated, but is really important to
what you are trying to do. One possibility is
how do the economic incentives of ISPs affect
their decisions to implement security
enhancements? This is a HUGE question and topic,
more than a dissertations worth. I think you
have done an admirable job in trying to get your
arms around all of it, but it may be too big. If
you want, I can try to help you narrow things a
bit, which may make things easier overall.
  • After getting a clear picture of HOW and WHY the
    ISPs make the security-relevant decisions, we can
    look at their incentives vs. the overall value
    and suggest areas in which to focus efforts to
    yield the most efficient and effect boost in
    Internet security.
  • Note This is not the focus of the research,
    just a conclusion that points to further
    potential work.

46
Maybe Questions to consider
  • What are the forces acting on ISPs?
  • How do ISPs make money (if they do)?
  • What is the organizational structure of an ISP
    business? What roles to people play? Who makes
    the decisions? About what? What are their
    responsibilities? How are they rewarded or
    punished? How do people within the organization
    make decisions?
  • Can you identify cases of perverse incentives,
    either in the way the ISP as a whole interacts
    with the outside world or within the ISP itself?
  • What are the security enhancement decisions
    facing ISPs, and how do the above issues affect
    them (if at all)?
Write a Comment
User Comments (0)
About PowerShow.com