“Security.” A broad topic. Historically it’s largely been out of KanREN’s wheelhouse. So much of the traditional security paradigm has been aligned with individual institutional policy that it’s hard for an R&E network (within the network itself) to meet everyone’s needs. Simple things like BCP38, blocking Windows file services, etc. have been the bulk of what we do — very important things, just not very flashy ones to be sure.
In recent months, while gathering with peers at national level events, I’ve started to see a new paradigm form where R&E networks can take a more effective, direct role in the security puzzle. The Denial of Service Attack (DoS) — and in particular, the Distributed kind (DDoS) are eclipsing many traditional security related events in their impact. Now that being online is absolutely critical, taking an organization off-line is a remarkably juicy target.
Sure, there are commercial alternatives for scrubbing and delivering clean traffic, but the cost is absolutely exorbitant. I believe R&E networks, thanks to their close relationship with their members, will develop a great new set of layered approaches that extend from their member organizations through upstream providers to help mitigate denial of service. I call this, “Building Defensible Networks”. By layering solutions, including that exorbitant scrubbing, black-hole routing, re-alignement of institutional practices with NAT, combining open source and commercial solutions, etc., our community is uniquely positioned to build an adequate defense, at a more affordable price. Why? Because the farther “upstream” you can push denial of service mitigation and remediation, the more effective it is — and with nearly any security solution, implementing it in layers is more effective and efficient.
My prediction is that within the next 12-18 months, making a network defensible will be just as important as making it low loss or low latency. There is already a great deal of collaborative effort happening within the Quilt and Internet2 communities around these solutions. A new metric in measuring performance is upon us, and it’s about defense. KanREN is participating in the effort, and in collaboration with our community will meet the coming challenges!