Trust is a fundamental requirement for people to use the Internet with confidence, and Cisco continues to find opportunities to make the Internet even more secure.
I am happy to share that we are a founding sponsor of a new public benefit consortium called the Internet Security Research Group (ISRG). The goal of the ISRG is to advocate the use of SSL/TLS technologies by promoting the installation, use and maintenance of digital certificates for Internet services such as Web servers.
Digital certificates provide the anchor for secure communication, and more certificates enable more trusted network traffic. This initiative will significantly reduce the total surface area of exposure by preventing untrusted traffic from becoming bigger attacks.
Currently, deploying secure Internet services requires an intricate series of administrative steps. The ISRG is developing a set of open, standardized APIs for managing certificates and an initial Certificate Authority (CA) that implements these APIs. The vision is that all Internet services will seamlessly acquire and renew certificates during the normal server installation and maintenance processes. Over time, this frictionless approach should greatly expand the number of Internet services that are more rigorously secured.
The ISRG is launching with a diverse set of commercial and non-commercial sponsors. One of the reasons Cisco supports the ISRG approach is their commitment to the open community – its protocols and APIs will be open standards. The ISRG will develop them using a collaborative process, and as much of the software as possible will be open source. The CA it operates will make all records of issuance and revocation available for public inspection, for complete transparency.
Learn more about our involvement with the ISRG and how we collectively plan to support the ubiquitous use of encryption to keep our Internet safe.
Tags: internet security, padmasree warrior, security
Securing the Critical Internet Infrastructure is an ongoing challenge for operators that require collaboration across administrative boundaries. Last September something exceptional happened in Ecuador, a small South American country. The entire local network operation community got together to be pioneers in securing its local Internet infrastructure by registering its networks in the Resource Public Key Infrastructure (RPKI) system and implementing secure origin AS validation. This project is a great example on how a global technology change can be accelerated by maximizing its value to local communities.
The global inter-domain routing infrastructure depends on the BGP protocol that was initially developed in the early 90s. Operators know that a number of techniques are needed to improve BGP security (a good reference can be found here). Although these improvements, it is still possible to impersonate the entity with the right of use of Internet resources and produce a prefix hijack as the famous attack in 2007. The IETF, vendors and Regional Internet Registries have been working inside the SIDR working group to create technologies that allow the cryptographic validation. The initial outcomes of this effort have been the RPKI and the BGP origin AS validation; two complementary technologies that work together to improve inter-domain routing security.
Read More »
Tags: BGP, BGP Security, Inter-domain, Internet edge, internet security, IXP, LACNIC, Peering, routing, RPKI, security, Service Provider, SIDR
Add this to your list of parties spoilt by the Internet revolution: national sovereignty.
We all know that the borderless nature of the Internet is stretching longstanding technical and legal definitions. But recently, my colleague Richard Aceves and I got to talking about the mish-mash that social media is making of culture, language, and national identity. It should come as no surprise that cultures and languages are being diluted by the global online discussion, in the same way that the advent of television and radio had a dampening effect on certain regional spoken colloquialisms and accents. Richard will examine some cultural questions in a forthcoming blog post, while I’ll be discussing the psychological impact on national sovereignty.
Judging by the proliferation of Internet policies and legislation, it is pretty clear that bureaucrats and politicians in capital cities around the world are worried that the Internet (with special thanks to social media) is simultaneously eroding both their authority and their national identity. Read More »
Tags: Cisco Security, internet policies and legislation, internet security, social media