acm - an acm publication



Ubiquity, Volume 2000 Issue March, March 1 - March 31, 2000 | BY William Paul Fiefer 


Full citation in the ACM Digital Library

Someday soon your home will be a network domain. Your appliances will have IP addresses and will communicate with each other and over the Net with their manufacturers. You will control them remotely from, say, your Palm Pilot or cell phone (although most likely you will prefer these to be melded into a single device).

Your home will be part of several larger domains, including your neighborhood association, your workplace(s), your professional societies, and the people you call your pals. Further, you will create domains as you need them, to establish ad hoc work groups or to explore common interests with other people. Part of the richness of your life will reside in the number of domains you inhabit.

There even will be architectural domains, for example, the Sears Tower or Comiskey Park, so these large engineered structures can be remotely administered from a single point. Cities and then nations will get on the domain bandwagon. It is not hard to imagine. These entities will be called "dynamically generated domains" or "dynamically generated networks" or "virtual private domains." To keep snoops out during those moments when you are transferring strategic plans or love letters, you will encrypt the information you share on the Net in a way only your intended audience can decipher.

Firewall to the Rescue

The killer application at the heart of this new form of social interaction will be the lowly firewall. This tool rising to prominence is the one we rely on to keep bad people out of our computers (and networks) and bad programs in our computers (and networks) from jabbering to the rest of the world.

Your corporate domains already are firewalled. But your house will need a firewall, too. Do you want some cracker spoofing your refrigerator into shutting off, or turning your thermostat all the way down in the dead of winter, or opening your garage door while you are not home? The same goes for the architectural domains. We do not want crackers shutting off the elevators in the Sears Tower.

To handle these new responsibilities, firewalls will have a fuller set of features. Firewalls need to control inbound and outbound traffic, of course, and do so at a tight granularity (down to the IP address and port). They do this using a file called a ruleset and each domain needs a different ruleset. As you interconnect and work on and disconnect from the various domains of your networked world, your firewall must refer to, or generate, the proper ruleset to maintain the level of security you require. These rulesets will be important files that reveal much about you.

As a matter of fact, the firewall is the ideal point to establish your domain interconnections. It will function like a television tuner and you will move from channel to channel (domain to domain) as you exercise your daily activities over the Net. The firewall must be able to protect you properly when you are a member of several domains simultaneously.

So, too, is the firewall the ideal locus for encryption on each of your virtual domains. It must handle the passphrases and public keys that are the heart of cryptographic protocols. It must not divulge their secret elements.

Finally, the firewall is the ideal tool for traffic analysis of a domain, and for the knowledge management that implies. The information stream crossing a firewall is the definitive archive of interaction between systems. The logs kept by the firewall will be of even greater detail than those today, akin to how airplane flight data recorders collect much more information than models from 20 years ago, and the firewall should perform analysis on this data to tell you, for example, who in your company or association or group of pals uses the Net in the most similar ways and thus would make great companions.

Protecting the Protector

As the Net increasingly pervades our lives, we will need to be nodes on many more domains and we will need flexible protection from our firewalls on each of these domains. The architecture of IPv6, the new Internet, makes this all quite easy to do. There are only three slight clouds over this picture and they serve to mark the zones where many billions of dollars will be made.

First, privacy will be under tremendous pressure, since we can profile someone by their Web surfing, and corporations and governments will need to be held in check by strong legislation and social structures that limit their intrusion upon our personal selves.

Second, the issue of liability needs to be sorted out. Who, for example, is responsible when the firewall lets in a cracker who turns up your oven and burns your roast; who changes the settings on a hospital X-ray machine and administers a lethal dose to a patient; who cracks your encrypted message and changes your financial data and forces your corporation into litigation?

Finally, comes the task of making the complex configuration of firewalls easy and reliable for the end user. Homes will need firewalls but will John and Jane Doe want to build and maintain them? Who will construct and maintain the rulesets of our lives? The local security firm that installed our burglar alarms? Our insurance carrier? Our ISPs? Not everyone wants to be a network administrator and security specialist. Who will teach the person who installed your burglar alarm about the TCP/IP protocol and its services? What additional skills will be needed to protect the network that is your health club or the one that is your neighborhood?

In the end, as more bandwidth flows across that last mile of wire to the home and connects many more devices in many more ways, the question of what the Net is and what its sub-boundaries are will be a rich source of amusement, opportunity, and prosperity in the days, months, and years to follow.

William Paul Fiefer is a Web project publisher who brings small- and medium-sized nonprofit organizations and businesses to the Web. He may be reached at [email protected].


Leave this field empty