What enterprises need to know about Internet traffic blocking
Traffic blocking by Internet carriers has stirred up some controversy in the security industry. Expert Kevin Beaver discusses the pros and cons of blocking network traffic.
Last year, Internet service provider and telecommunications carrier Level 3 Communications announced a decision to start blocking Internet traffic to and from servers it believed were being used for malicious or illegal activity. The company decides which network activity is potentially malicious using a methodology that involves combing through online resources, and analyzing log files and traffic patterns, and more, before it takes action to block traffic. Many people are skeptical, and believe that judging and controlling network traffic is a slippery slope.
The risks of traffic blocking
There are certainly potential side effects to Internet carriers blocking network traffic -- namely, legitimate customer machines that are infected with malware being accidently blocked. Also, Internet traffic blocking could hinder certain business activities of legitimate enterprises that have fallen victim to malware attacks. Similar to Web content filtering, when carriers block traffic that's otherwise legitimate, business transactions may cease. When there is a carrier making those security decisions on behalf of the enterprise, there's a lot of ambiguity that makes things complicated. For instance, who decides what's malicious and what's not? What if certain Internet traffic needs to go to a region of the world in question? How are disputes resolved?
Even with the risks of network traffic blocking, in a world where we have government agencies and third-party companies outright spying on everyone's Internet activity, I'm not sure where the rub is with carriers doing their part to help out. In fact, many people rely on cloud service providers to provide the same services through technologies, such as cloud access security brokers and SIEM. The difference is that an enterprise knows what it is signing up for with cloud services, and that may not be the case with Internet carriers.
The controversy around Internet traffic blocking
I believe if a company makes it a policy to take a stance on something, it's their prerogative. At least, in this case, Level 3 is making it known. Do those who argue against carriers taking such actions also disagree with Apple saying no to FBI backdoors? In many situations, people making these decisions on the behalf of their businesses may not be in a position to do so -- hence the need for a functional security committee.
The average enterprise today is drowning in security challenges. Many issues are because of basic security oversights that are completely in the hands of enterprise security admins, managers and the executives in charge. If it's OK for network and security admins to block bad traffic on their own networks -- often without consulting anyone else in the organization -- what's the difference? When malicious traffic is blocked by carriers, in all but the oddest of cases, everyone wins. It's the network version of physical security. It's similar to how many businesses have various levels of security in order to access their buildings and people; systems are protected, resources are preserved and criminal activity is prevented. Organizations that don't agree with Internet traffic blocking, or cannot find a way for it to mesh with its internal policies, have the option to exercise the power of the free market and go with another carrier.
Carriers tracking and blocking malicious network activity is not a foolproof security control. That said, it's foolish to not want vendors such as this to be a part of the network security solution.