Getting to the Root of All E-Mail

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.washingtonpost.com/wp-dyn/articles/A33447-2002Mar28.html

By David McGuire
Newsbytes
Friday, March 29, 2002; Page E05 

Squatting unobtrusively on the banks of a man-made pond in an 
unremarkable corporate subdivision a few miles outside the Beltway, 
the home of the Internet's authoritative root server and master 
registry of dot-com addresses is virtually indistinguishable from the 
other red-brick office buildings that surround it.

Despite its humdrum facade, VeriSign's Network Operations Center (NOC) 
is one of the most important physical locations in the virtual world, 
and since Sept. 11 it has proven irresistible to dozens of government 
officials who have sought to assure themselves that the Internet is 
safe from physical and electronic attacks.

"Security and stability are like Siamese twins. You cannot have 
stability without security," said Mark Rippe, vice president of 
technical operations for VeriSign Global Registry Services. "If people 
can come and mess with your system, one way or another, you have no 
control over your systems. . . . Our primary function is the stability 
of the global Internet."

Obscurity is the first line of defense. The building is unmarked, its 
address unspecified in company literature and its managers 
tight-lipped about disclosing driving directions or identifying 
markings to strangers.

While the location of the building is not a true secret -- dozens if 
not hundreds of Internet addressing insiders know where it is -- it 
would be difficult for a casual vandal or criminal to stumble across 
it, Rippe said.

Visitors start with a stroll through a metal detector and past a guard 
desk, much as they would in any moderately secure office building. 
They take an elevator to the top floor, where security is tightest and 
inconspicuous cameras monitor the hallways. The few entrances to the 
operations center and server rooms can only be reached through 
antechambers called "mantraps" which are outfitted with scanners that 
read the unique contours of visitors' palms.

If an unauthorized visitor places his hand in the scanner it triggers 
a lockdown, sealing the intruder in one of the narrow, wood-paneled 
closets until security forces arrive to remove them.

Beyond the first mantrap, inside the operations center, a handful of 
employees keep tabs on rows of computer monitors and a wall of flat 
screens that continuously scroll diagnostics across maps of the world 
that show locations of key Internet servers. The constantly updated 
figures map the number of requests the servers are receiving each 
moment, and how well they are handling the load. 

> From here, technicians watch for unusual activity that could signal 
some sort of electronic attack.

"We see a lot of spikes or peaks or things that might indicate [denial 
of service] attacks," Rippe said. Those blips represent a much more 
substantial security concern for the addressing officials than do the 
threat of physical attacks, Rippe said. From the operations center, 
technicians can take steps to counter threatening electronic activity, 
Rippe added.

Adjoining the operations center, behind another mantrap, are twin 
rooms that house the essential computers that serve as the heart of 
the Net. Here, hundreds of whirring computer fans and an 
industrial-strength air conditioner drown out anything quieter than a 
close-range shout. Black, seven-foot-tall computer server towers are 
aligned in rows that stretch nearly the length of the room. The white 
floor is slotted to allow airflow and a steady, conditioned breeze 
streams up from below, making all metal surfaces in the room cool to 
the touch. Small dome-like security cameras, similar to those used in 
casinos, pock the white ceiling, evenly spaced between chemical fire 
suppression devices. There isn't a cranny of the server area where a 
person could hide from surveillance.

Between the server hedgerows are several equally tall storage units, 
where the continually updated master lists of the addresses registered 
in dot-com, dot-net and dot-org are stored.

And tucked away in a less-traveled back corner of one of the server 
rooms, behind the door of a black tower that looks no different than 
any of the others, is the principal reason for all the precautions: 
the A root server.

Most people envision the Internet as a global network that resides on 
no single physical system or network of systems. While that picture is 
roughly correct, key pieces of the Internet's technological backbone 
are concentrated in a handful of physical locations around the world.

The Domain Name System (DNS) makes the Web easy to navigate by 
translating long Internet protocol (IP) numbers into memorable Web and 
e-mail addresses. It relies on a hierarchy of physical root servers to 
inform computers connected to the Internet where they need to look to 
find specific locations online.

At the top of that hierarchy is the A root server, which every 12 
hours generates a "zone" file, which in turn tells a dozen other root 
servers spread around the world what Internet domains exist and where 
they can be found.

One rung below the root servers in the Internet hierarchy are the 
servers that house Internet domains such as dot-com, dot-biz and 
dot-info. Three of the largest and most widely used of those domains 
-- dot-com, dot-org and dot-net -- are run alongside the A root server 
at the Network Operations Center.

VeriSign manages the A root server and dot-com registry under 
contracts with the Commerce Department and global Internet addressing 
authorities. 

But despite the precautions that go into protecting the assets in the 
facility, Rippe said the Internet would not be irreparably harmed if 
the building were to vaporize tomorrow.

"The last thing I'd want someone to think is that they could put a 
bomb around their waist and hug the A root and think they're going to 
significantly impact the Internet," Rippe said.

Rippe said that while such an attack could kill many employees, the 
Internet's addressing system is designed to withstand the destruction 
of much of the physical infrastructure that houses it.

The DNS is built so that eight or more of the world's 13 master root 
servers would have to fail before ordinary Internet users started to 
see slowdowns, according to John Crain, manager of technical 
operations for the Internet Corporation for Assigned Names and Numbers 
(ICANN).

ICANN manages the DNS and sets policies for registry operators and 
domain name retailers.

"Theoretically, if 'A' were to disappear, we could pick it up from one 
of the other servers," Crain said. "Moving the place where the zone is 
picked up is very simple."

Although the functions of the A root server could be moved elsewhere, 
Rippe said that VeriSign is well aware that it makes a much more 
visible target than the other root servers, which perform their 
functions in comparative anonymity around the world.

Rippe said that he is always cognizant of the potential threat facing 
the building.

High-ranking U.S. officials have also started taking a greater 
interest in the security of the complex. After Sept. 11, as agencies 
and departments throughout the federal government began reexamining 
the security of the critical infrastructure under their jurisdictions, 
VeriSign hosted a slew of high-ranking visitors.

While the Web may be worldwide, American scientists relying on U.S. 
government funding created the technology at the core of the Internet 
and its global addressing system. The Internet may be a global 
resource, but much of its infrastructure is still ultimately 
controlled by the U.S. government.

In recent years, the government has ceded day-to-day management of the 
addressing system to the more internationally representative ICANN, 
but the Commerce Department still has final say in any changes made to 
the DNS.

Deputy Commerce Secretary Sam Bodman and White House electronic 
security adviser Richard Clarke took a guided tour of the center in 
November.

"The Internet is a critical component of our economy," said Commerce 
Department spokesman Trevor Francis. "The reason why you're seeing 
such a focus on VeriSign is that the safety and the integrity of these 
systems needs to be analyzed and needs to be improved upon regardless 
of how safe they currently are."

Francis said that Bodman and Clarke walked away from their visit 
satisfied with the security measures protecting the VeriSign facility.

Still, despite clean report cards from high-level observers, the 
center is likely to remain a focus of scrutiny for some time, as the 
most visible physical element of a global communications network that 
has become indispensable in government, commerce and day-to-day life.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.