After recent events regarding the so called attack on the biggest web hosting company in the world, GoDaddy.com, i was thinking about network- or Internet security and how this would evolve in the upcoming 5-10 years. Since the internet was never designed to be used with so many PC’s as we are currently connecting i would assume that somewhere down the road the internet (as we know it) has to change, evolve or maybe even be reinvented.
The beginning of this change has already become visible since we are out of IPv4 addresses and need to make the shift to IPv6 very soon. More and more internet company’s are now able to use both IPv4 and IPv6 simultaneously but most ISP’s did not yet implement IPv6 which basically means that 95% of the ‘normal users’ are still using IPv4. If this operation already takes ages for ISP’s – what will become of us ?
This morning i stumbled upon somebody that apparently had a similair idea and wrote a blog on ispam.nl, a website for dutch internet providers or web hosting company’s. The author of this blogpost states that the internet as we currently know it was designed with one soul purpose; communication between hosts that are not within the same physical location. Now, the year 2012, we do almost everything online. We share documents, financial information and much more – we have become fully dependent on the internet. Last month i had a slight problem with my internet modem and after two hours found myself going through all my boxes with cables in the hope i would still have my USB 3G dongle – just to show you how addictive the internet is.
Usability, Functionality, Security
When you think about it, everything evolves around these 3 key-words. The more you aim for one of these keywords the more you loose on the others and that is a bad sign. When you are designing a new software application, website, network or even ‘the internet’ and you give the user everything he wants you will end up having absolutely no security left. Did you ever meet a user that requested you to secure his/here account with a 19-character password, a token, SMS authentication and prefferably over VPN? Just to be safe, you know? Of course not. Users want to be secure but they do not want there ‘Usability’ to be effected. They want YOU to figure out how to secure it and not be bothered with it.
As the author of this blog also mentioned; we will always be using DNS servers to translate addresses (like www.apple.com) to an IP address of a server somewhere. If we wouldn’t use DNS for this that would mean you have to learn all IP numbers to visit a website – a bit like a phone number (yeaaaars back, remember?). I think we can agree that is not an option – neither a solution – so this means that DNS servers will always be a hazard. In the example of GoDaddy.com – 53 Mln. domain names were unreachable due to this attack.
Think about it. You wanted to access your bank account from anywhere – through the internet. You wanted flexibility and a better user experience, nice and easy. This also means you approved less security because now all that information is in your phone or can be accessed through it.