Big Brother across the sea 5

[jimbojimbo]

My wife came to me. She couldn't access Oprah.com. I told here that is absolutely correct. The web site is hosted on what appears to be an AkamiTechnologies web server and I block all connectivity (which wasnt' easy since it covers about half a dozen different subnets).

Akami Technologies is what I would call a "very invasive" company often opening up numerous connections on the PC without any feedback as to what they are doing. My daughter downloaded and installed AIM which opened the holes. I understand this is probably a hosted app but there is nothing stopping them from opening up anything on your PC.

The question? How do you stop industrial espionage in an age when software is developed on a global scale while the US government has failed to provide a means to limit access over the internet. The specific servers I has connections open with traced to an what appears to be an overseas location.

Download an app and open up another hole. How do we force the US Government to make a closed Internet optionally available. I believe a huge opportunity was missed with the advent of IPv6. After all. Why would someone in Timbuktu be accessing a local bank account in Florida? Shouldn't this access be completely denied?

Although I have no greater faith in US companies at least there is a neck here in the US I can go after. If the site is in Russia or the Congo what are the odds of successful prosecution?





Jimbo

 

[mrdenny]

Akami is simply the bandwidth provider which you are using to get access to oprah.com's server. Oprah.com is hosted on a AT&T IP address and owned by Harpo Studios.

When I go to oprah.com I see calls being made to 2o7.com and 2mdn.net and doubleclick.net. These are all ad sites which the oprah.com site uses to display adds on the webpage and/or to track site usage.

This is all very normal. most sites (including tek-tips.com) use third party advertising sites to put the banner ads on the sites to make additional revenue. These advertising sites could be hosted on the Internet.

It's not the responsibility of the US Government or any other government to secure the Internet. The Internet was designed as a global open network so that anyone can provide information to anyone else that wants it. It is the responsibility of everyone who connects to the internet to protect themselves from the script kiddies and state sponsored hackers which may which to break into their company. This is the same as how it is the responsibility of every company to secure their physical environment (buildings, offices, etc) from break in.

Yes some applications that you download access the internet without your permission. This is called phoning home. Most apps do so these days, and there usually isn't anything you can do except not install the application.

Building this secure internet you speak of isn't possible for both technical and financial reasons. The cost to attempt to do so would be in the hundreds of billions of dollars. From a technical reason who do you lock out, foreign countries? What about the hackers who live here in the US? How do you keep them off? If it's a government provided network then every US citizen has the right to access it.

The Internet is not run by the US government, and it should be as it is an International computer network. It is setup and run by third party for profit companies which provided the bandwidth that allows various computer networks to speak to each other.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2008 Implementation and Maintenance / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Admin (SQL 2005/2008) / Database Dev (SQL 2005)

My Blog

 

[lgarner]

I agree completely. I can't imagine a case where government filtering, aka "censorship", would be a good thing.

For example, people do travel. Would you prevent them from accessing their accounts from overseas? Or prohibit US-based companies from having foreign customers? That would make us even more isolationist than we already are.

As for Akamai: They're a caching company used by many large websites to offload traffic and server load. Akamai is no more or less "invasive" than your own ISP.

 

[jimbojimbo]

I thought I would get this kind of response. What you zero'd in on is censorship. What I specifically noted was an option to restrict myself. What I am looking for is the ability to restrict connectivity based on geography. If I don't want to go to a web site in a nation that supports hackers or has limited legal options to prosecute than I would like that option. It would have been simple with IPv6. I have been able to eliminate a tremendous amount of spam by not accepting mail from different country codes. I agree that end users are responsible in part for their own security but just look at Microsoft Windows (like leaving the windows in your house open while you're gone). I am a technical user so I do have above average capabilities to protect myself. My home network has several layers of protection which most users don't. Losses from hackers are already estimated in the billions so wouldn't providing the capability for end users to restrict certain transactions be beneficial?

PS: I'm not what you would classify as an "isolationist". I've been almost all the way around the world, have been on mission trips to foreign countries, and have lived in Italy for a couple of years.

 

[mrdenny]

If users want to restrict access so that websites in a specific country can't be accessed then buy this list of IP Subnet to country mappings and block access to those subnets.

http://www.analysespider.com/ip2country/ip_country.html

IP address assignments doesn't change from country to country very often; so problem solved.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2008 Implementation and Maintenance / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Admin (SQL 2005/2008) / Database Dev (SQL 2005)

My Blog

 

[lgarner]

What actually caught my eye was "How do we force the US Government to make a closed Internet optionally available."

At that point the Government is acting as the firewall and making decisions about what traffic gets passed. It'd be extremely hard to implement in a flexible manner, and extremely detrimental if it's not flexible. The only way that comes to mind is to have a duplicate set of backbones and put customers on their choice of "filtered" or "non-filtered".

The questions that come to mine are a) can the goverment do it effectively, and b) can we trust them to do it? I think the answers are "No" and "Absolutely Not".

I think that you absolutely should be able to protect yourself from other countries, and you should be able to obtain and implement measures to do so. I simply think that the US (and any other) Government should keep their hands off.

Also, the "isolationist" comment was directed at Government-level sanctions, blockades, and such activity. Not at any person's choices.

 

[Sympology]

Also I don't want to alarm you, but most Spam and Child Porn originates in the US, and most companies "phoning home"
(Adobe, Microsoft, Apple) are US companies.

http://www.ditii.com/2007/10/25/us-top-spam-originating-country/

http://www.buffalonews.com/339/story/182919.html

Also you ask why someone in a foreign company would access a bank account. They are called travellers,ex-pats etc etc. I often access my accounts abroad, using a common sense approach. TIt is also called international commerce. You would be unable, for example, to buy goods from abroad, send emails to foreign relatives etc etc.

You also have a major technical issue. Take email.

You send a mail to Joe blogs around the corner from your house. You are on Hotmail, he is on Yahoo. The mail goes to hotmail who insert a banner from Dell, running in Australia, then bounces to another hotmail server in Canada, as there is an issue with your "local" site. This sends it to Yahoo, who, due to load, bounce it to an EU based host, they then forward it to his local host, who insert an ad from HP, running in Mexico.
How do you block this?


You would be far better of stopping the software being installed in the first place, rather than isolating yourself from the the rest of the world, after all that is what the internet is all about.



Most people spend their time on the "urgent" rather than on the "important."

 

[strongm]

>but most Spam ... originates in the US

You need to read both the article and the actual report more carefully. The US is the top spam relaying country. As Sophos, the originators of the report the article references, said when presenting the previous quarter's results:

For every spam campaign, the spammers, the compromised computers used, and the people being deluged by the unsolicited mail are often located in totally different parts of the world

 

[Sympology]

Yes but as you can understand, if you block access to say China, because spam is being sent by US pc's, blocking a single host to your pc is going to make little or no ddiference if the host sending to your account is based in your own terroritry, be it US, France, China, Russia or whatever.
Yes it may stop access from a machine in China, but if they are using a relay, it becomes pointless.

If you propose banning China / Russia / any one else that you are paraniod about as a whole getting to your "safe" internet, how do you expect to do any commerse with these?
Who will deem what is safe?
For example the US sees Cuba as a "hostile" country. I had a great holiday there a the other year. the wife has had great times in China, Pakistan, Russia, Estonia and many more "bad" countries.
Our firewalls detect as many attempts at entry from the US and Europe as from China and Russia. In fact the system I am running to monitor our core servers is Russian, so I have no issues with these "bad" countries



Most people spend their time on the "urgent" rather than on the "important."

 

[strongm]

>if they are using a relay, it becomes pointless

Can't argue with that.

 

[tfg13]

The other thing I am going to key in on is your use of IPv6 as an optional "protection". In all honesty, it's even more chaotic with IPv6. With the tunneling protocols that are built into IPv6, it opens, as you stated earlier, windows to your house. Even though Windows in my opinion is lacking in it's own built in security, it is the education factor that is the greatest issue. Don't blame a company for making a bad product, don't buy it.

MrDenny,
I totally agree with what you have stated, and a star to you!

 

[jwenting]

When you start giving the government the authority to determine what's "safe" for you to access, don't be surprised if you very quickly can't access anything the government doesn't like, like information about corruption within its organisation, political opinions that are counter to its ideas, etc. etc. etc.

People are, as they should be, responsible for their own behaviour.
In that the internet is one of the last bastions of freedom this world has left except in places like Iran, Cuba, and China which realise this and see it (correctly) as something that would limit their control over their enslaved populations.

 

[Grenage]

I think "enslaved" is really the wrong word to use.

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer

 

[kmcferrin]

How do we force the US Government to make a closed Internet optionally available.

You don't. For starters, a "closed Internet" is not the Internet. Secondly, the US Government doesn't own or run the Internet. Thirdly, nobody ever forces the US government to do anything they don't want to do. It's not right, but it is the way that it is.

What I specifically noted was an option to restrict myself.

That's easy. Either unplug your PC or install security software that lets you restrict your own connection. Either way should work.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows Server Virtualization
MCSE:Security 2003
MCITP:Enterprise Administrator