By Jonathan Yarden
We're all painfully aware that the Internet is highly vulnerable to malicious activity, and the rapid spread of the MyDoom e-mail worms only proves this even more. In addition to software unreliability, the crux of the problem remains poor understanding and operation of computer systems.
Insecure computer systems endanger the entire Internet, and the risks posed by insecure computers on broadband networks are very real. The governments of the world are beginning to recognize and respond to the severity of this problem.
In cooperation with more than two dozen regulatory agencies worldwide, in January the U.S. Federal Trade Commission (FTC) launched the Operation Secure Your Server program, an international initiative designed to eliminate unsolicited e-mail and close security holes.
I find it interesting that the primary goal of this initiative focuses on stopping spam, particularly because considerable risks from lurking DDoS agents exist as well. However, spam is a worldwide problem and a hot industry topic, and it's an issue that most Internet users can identify with.
Spam is only a small part of the overall Internet security puzzle, but perhaps it's the most visible problem with insecure systems. We've got to start somewhere, and anything that helps publicize and educate people about their responsibility to keep their systems secure will improve Internet and computer system security in the long run.
I was somewhat surprised to learn that Operation Secure Your Server relies heavily on the publicly available DNS "blacklists" used to track sources of unwanted e-mail. Realtime Blackhole Lists (commonly known as RBLs) have somewhat of a unique role in Internet security.
RBLs operate using lists of IP addresses, and you can query them using common DNS requests. Dozens of different public RBL services exist, as well as a few commercial ones. Some RBLs specialize in listing open proxies and open relays; others list different categories of unwanted or vulnerable services.
However, people operate RBLs, and people often make mistakes. And like any computer system, RBLs are only as good as their data is valid.
Nobody will argue that open proxies and open relays are bad. However, simply relying on RBLs to block spam implies that spam is the principal incentive to secure your server, but it's only one of many reasons.
The problem is that RBLs aren't always accurate. There are considerable ongoing arguments about erroneous RBL listings, and there have been reports of RBL operators ignoring requests for removal. Self-appointed spam hunters typically operate and manage most RBLs, and the definition of what is or isn't spam is a hotly debated issue.
I agree with the goals of Operation Secure Your Server, but I'd like to see more of a focus on worldwide agreement toward stopping offshore spam operations entirely. In my opinion, RBLs are not the entire solution—particularly to the problem of educating Internet users.
I think Operation Secure Your Server is a good idea, but it's still a little too complex for the average computer user to understand—and that could hinder the initiative's long-term success. With Operation Secure Your Server, the FTC doesn't delve deep enough to address the real source of Internet security problems, which is a lack of understanding of Internet security in general.
Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.