All the latest UK technology news, reviews and analysis
|
|
|
15 Jun 2010
BGP route hijacking is another reason why the structure of the internet needs to be changed. The border gateway protocol (BGP) is used by ISPs to establish the best routes between each other.
Joffe explained that an incident in China in April had proved the inherent weakness of the protocol. The state-owned China Telecom had transmitted routing information back to the country's own ISP, IDC China Telecommunications, rather than to the rightful ISPs owned by Dell, Apple and Yahoo.
Around 38,000 networks were affected by the incident, or roughly 10 per cent of the world's internet routes.
"The amount of work needed to do this was staggering. But these are the things IT departments just don't know about as they happen outside the organisation," said Joffe.
"There is no way for enterprises to solve these problems themselves and there is no way for the internet community in general to solve the problem without making significant changes to the plumbing of the internet.
"We need to redesign the system and rebuild it from scratch otherwise we will be building in securities forever."
Meanwhile, in the short term, Joffe said that UK organisations need to become more aware of the problems and of traffic being hijacked, and to communicate more with law enforcement agencies and competitors.
"You need to all collaborate as the bad guys will attack all of you at some point," he warned.
McCalla added to this, advising attendees to regularly review their security processes and train staff. He also warned that the internet is about to get even more complicated.
"At the moment it is just human beings that use the internet but soon it will be machines like fridges as well. The internet of things is coming fast. The government is already pushing the rollout of smart meters," he said.
An attendee at the event, IOActive president and founder Joshua Pennell, a greed that the internet needs a more secure critical infrastructure.
"I plan to let my customers know about the emerging trends in research I have heard here today," he said. "Organisations need to work on a different security strategy."
Meanwhile, Robert Holmes, managing director of the Corporation Service Company, suggested that the increasing sophistication of DNS attacks marks the "second coming of the internet".
"This would change the game for everyone," he said.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
ASP.NET Web Developer ( ASP.NET, C#, SQL Server, CSS...
THIS ROLE IS LOOKING AT IMMEDIATE STARTERS AND WITH MULTI...
Sales Consultant - Data Centre, Colocation, Hosting...
Senior Interaction Designer (User Experience, UCD, Interactive...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Why everyone want to trust the internet ?
Why does everyone want to secure the Internet ? It is not secure by design and that is the best way to be. A secure Internet would be AOL or Compuserv and we don't want that. So if you are not competent enough to secure yours systems by layer or to be proactive about breaches don't wine about why we should scrap the internet and go back to buildind your own private network if you need to trust it. Frame relay still exist.
Posted by: Jean-François Rousseau 17 Jun 2010
"Why everyone want to trust the internet ?"
I think you are confusing security with proprietary interfaces. The internet is now a business platform as well as a consumer playground. You are correct that we don't want the internet to be rigidly controlled by one (or even a few) self-appointed judges but that is not a reason not to tighten up the securty of the fundamental protocols. You are incorrect to basically throw anyone who is not security literate to the wolves. Some people have other things to do with their lives. It is surely better for everyone if the number of threats (and their severity) can be managed by the infrastructure rather than relying on everyone being aware, never clicking on anything suspect and never making a mistake in configuration. We can already see how well that is working.
Posted by: J Mangan 17 Jun 2010