IS2K2 internet and society conference 2002: a community experiment speak out: join the discussion
current interviewcurrent discussionpast discussionspollingquestions
 

 
transcript

Scott Bradner, Senior Technical Consultant at Harvard University and Area Director in the Transport and Sub-IP Areas of the Internet Engineering Task Force

Harvard's digital identity from the connectivity point of view should be invisible. It just should be fact of life; it should be a piece of the air. It's just there. There isn't anything that should be identifiable as the Harvard backbone, or the network in the dorms, or the network somewhere else, because it's just a function, just like a power grid. So it shouldn't be something identifiable. There shouldn't be a digital identity as far as the network is concerned—it should just be there.

But in saying that, that means it has to be pretty much transparent, it has to serve full functionality. So this is different than a corporate environment. Where a corporate environment by definition wants to restrict the kinds of traffic that goes through it—you have a firewall between the corporation and the rest of the world—well, Harvard doesn't have that. Part of the spirit of open inquiry requires us to let you and me and somebody else experiment with new applications, and having a firewall in place inhibits the ability to do that kind of experimentation. It also threatens us because a firewall does help block certain kinds of attacks—and the machines on Harvard's network are under constant attack.

There is a discussion that is just really starting to get underway of how to deal with Harvard's openness and the requirement for openness in the research university community as a tension against the security. We have to be careful—we're working on that. What's at stake is the ability to be able to try new things, whether it's new types of telephones… the phone here on my desk is an IP phone. That happens to be one that the university is using in a trial, but I have one at home which somebody else has given me, and I should be able to bring that in and just use it here. If there's a firewall in place, that would block that, and I would have to go get cooperation from the firewall operator in order to be able use it. In a research environment that is a bad thing.

But that same thing is not a bad thing when you're talking about a business environment. The development office or some of the administrative systems—those should be protected by a firewall. There's information at Harvard which has privacy concerns, significant privacy concerns—significant information about students, information about subjects and experiments, information about hazardous materials and how to use them—there's lots of information at Harvard which can be either a privacy threat or a security threat, and we have to worry about how to protect that. Your grades and things like that need to be protected. There should be a firewall there but it should be very close to the server that is performing the operations so you're not blocking off the research space.

If we look at what the Internet model is, the original Internet model, as described in the Reed, Saltzer, Clark paper — the end-to-end argument paper — the Internet's best solution to problems is end-to-end. If we want to protect the security of information, the most reliable way to do that is on the computer where the information is. If you protect the network by putting a firewall in, it makes the assumption that everybody behind the firewall is somehow pristine and trustworthy, and that's an unwarranted assumption. Historically about 70 percent of attacks against computer systems come from within the organization. Whether it's universities or businesses, it's the same.

So a fundamental to protecting this is to protect at the source, protect the machines that have the information on them are threatened with attack. Protect there, make sure the software is up to date and you have all kinds of virus protection—whatever you have, but on the machine. You encrypt the data. You make sure that people can't have access to them by making sure there are a limited number of accounts, and the passwords are good. and that you only allow secure encrypted access to it. You do all of those things as a beginning step. You don't rely on what I've called crustacean security, where you've got this hard outer shell and this soft mushy inside. You have to get down there and protect the thing itself.

But if you focus in on that... if you're focusing in on doing end-to-end security then there's not a conflict between openness and security because the machines which need to be secure are secured themselves. That doesn't mean the machine next to it can't run a new application, a new telephony or a video application. The Internet got to where it is by people being able to innovate. Things which get in the way of that innovation are detrimental to the future, not only of the Internet, but of the use of the Internet. The library community at Harvard is doing tremendous things with putting up digital materials, putting up ways to find the materials that we have here at Harvard, and to inhibit their ability to put up new applications is going to be a detriment to the University. So we need to preserve the openness, and the best way to do that is to protect what we need to protect where we need to protect it, and recognize as a principle that the open inquiry is the fundamental principle of a research university of this type.

At one level it's the complexity of the solution. The end-to-end solution is more complex, and you have to depend on more people being willing to participate. We want to open this university so students can do research. That means the student machines have to be secure, because otherwise people will take those machines over and use them as bases for attack, and that's a problem when you have as many students as we've got, with as many different varieties of operating system and as much variety of clues as to operate that the students have—this goes to the researchers also. We have a great education process and a great enforcement process facing us to ensure that to work. So that's the hard solution. Openness is not the easy solution, it's the hard solution. The easy solution is to put in that firewall and pretend you're secure. So there's a tension there. It's going to cost us more effort, more money, more complexity, more operations issues to be open. It's going to cost us more money.

Back to Interview page
 

 

Organized by: The Berkman Center for Internet & Society