Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Filtering What it is – and isnt… Paul Brooks

Published byElijah Lyon Modified over 10 years ago

Similar presentations

Presentation on theme: "Internet Filtering What it is – and isnt… Paul Brooks"— Presentation transcript:

1 Internet Filtering What it is – and isnt… Paul Brooks pbrooks@layer10.com.au

2 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 2 Problem… Or is it a problem?

3 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 3 Agenda The Internet The InterWeb Not-the-InterWeb …in 15 minutes…

4 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 4 The Internet – filtering points Network (ISP) Filtering User-side Filtering User Filtering

5 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 5 ISP Network Filtering Typical ISP Network Diagram for end-user connection… User in ISP out ISP in Content Flows towards User

6 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 6 The Interweb – WWW requests User asks for www.badsite.com.ru/pornpics Block DNS request ISP first has to know www.badsite.com.ru is to be blocked – needs prior notification www.badsite.com.ru Thousands of names can point to same address User can bypass DNS request by just using the IP address in the browser Blocks every website on that machine name – www.bigpond.com? Massive collateral damagewww.bigpond.com

7 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 7 The Interweb – WWW requests User asks for www.badsite.com.ru/pornpics Block IP address ISP first has to know 212.34.214.6 is to be blocked – needs prior notification Thousands of sites can be hosted on the same IP address – massive collateral damage HTTP can use any port number, not just port 80 – under control of the site – so have to block all connectivity for all applications Golden opportunity for Denial of Service – deliberately host inappropriate content on www.bigpond.com/user/fakename

8 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 8 The Interweb – WWW requests User asks for www.badsite.com.ru/pornpics Deep Packet Inspection Attempts to look deep into packet contents to identify application, try to classify packets in real time and identify signatures of bad stuff e.g. reconstruct images on the fly – look for excessive flesh tones However… Doesnt scale – bandwidth required and number of images to be analysed increasing faster than Moores Law Still images being surpassed by streaming movies – impossible to analyse all movies/videos streaming in real time Forces all content through a gatekeeper box – poor reliability Indiscriminate Blocks medical sites, school swimming carnivals, baby photos….. Defeated by Secure HTTP – encrypted webpages, identical to online banking

9 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 9 Network Filter – where? Upstream Provider Link? Most ISPs have 3 – 30 upstream providers Peering Points – no provider In the ISPs Core? Single point of failure Poor performance of trombone traffic paths Huge traffic increase – multiply cost of longhaul transmission Misses content generated by other users of the same ISP At the PoP Most ISPs will need 5 - 30 gatekeeper boxes! great idea if you sell gatekeeper boxes, not practical in real networks

10 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 10 Fundamental Issues ISP-level filters cant tell if you are accessing photos of your own kids, or someone elses ISP-level filters cant tell the age of the user requesting the photo – can only be used for verified illegal content, not for inappropriate content Easily circumvented using public anonymous proxy sites – the URL the ISP sees is completely different from the eventual URL being accessed Easily circumvented by encrypted webpages – HTTPS, SSL encryption

11 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 11 User-side Filtering Software filter on a users PC Can be customised per user – Mums level of filtering can be different from children Mum must remember to log out, or the next person to the keyboard uses her permissions Lists of inappropriate sites needs to be kept up to date Relatively easy to work around – public proxies, admin user can disable Generally complicated for an unsophisticated user to install and keep up to date

12 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 12 Not-the-InterWeb The Internet, and inappropriate content, is not just exchanged using HTTP (WWW) Email USENET aka Network News Peer-to-peer – e.g. bittorrent RSS - Podcasts Instant Messenger – MSN, Yahoo, etc Skype …..and many others

13 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 13 USENET News Message boards, Predates WWW >50,000 newsgroups active

14 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 14 USENET news Messages are like Email – text encoded attachments Images split into dozens or hundreds of messages Messages can be distributed across multiple newsgroups Until all parts of a binary document (image, program, zip- file, movie) are received, the binary document cannot be reconstructed and analysed Even if it is inappropriate content, no way to block it until it has already been distributed

15 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 15 Files broken into hundreds of small pieces Central torrent servers only have lists of peers with pieces, no content themselves Collect pieces from hundreds of PCs while serving your pieces to hundreds that need them Looks to the ISP network like hundreds of random connections to other random IP addresses Can be encrypted - no way of knowing what is inside the files No way to analyse files until all pieces are downloaded Cannot be blocked once started – the swarm of active sharers is self- sustaining Peer-to-peer transfers

16 10th March 2008 TCCM Cyber Savvy - March 2008 - (c) Layer10 16 What it isnt… ISP-level filtering is not very effective – too easy to go too far, and doesnt solve the problem The problem to be solved hasnt yet been articulated clearly Are we blocking illegal content, blocking undesirable content, and who does the classification? No substitute for POS Parent Over the Shoulder

17 Thank you Paul Brooks Director, ISOC-AU pbrooks@layer10.com.au www.layer10.com.au

Download ppt "Internet Filtering What it is – and isnt… Paul Brooks"

Similar presentations

The Internet.

The Internet.
Community of Practice (COP) Content Management Author R.A. Dalton, MKMP, Master Facilitator 1.

Community of Practice (COP) Content Management Author R.A. Dalton, MKMP, Master Facilitator 1.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Peer-to-peer and agent-based computing Peer-to-Peer Computing: Introduction.

Peer-to-peer and agent-based computing Peer-to-Peer Computing: Introduction.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
The Internet and the World Wide Web. Una DooneySlide 2Internet and WWW What is the Internet? This is the physical infrastructure or backbone of computers,

The Internet and the World Wide Web. Una DooneySlide 2Internet and WWW What is the Internet? This is the physical infrastructure or backbone of computers,
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Spring 2014 RMS/EOC Proctor Caching Training. Agenda 2 Proctor caching overview Downloading & installing Cache test content.

Spring 2014 RMS/EOC Proctor Caching Training. Agenda 2 Proctor caching overview Downloading & installing Cache test content.
Unit 1: Module 1 Objective 10 identify tools used in the entry, retrieval, processing, storage, presentation, transmission and dissemination of information;

Unit 1: Module 1 Objective 10 identify tools used in the entry, retrieval, processing, storage, presentation, transmission and dissemination of information;
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Peer to Peer (P2P) Networks and File sharing. By: Ryan Farrell.

Peer to Peer (P2P) Networks and File sharing. By: Ryan Farrell.
Introduction to the Internet September 7, 2005 Lecture 1.

Introduction to the Internet September 7, 2005 Lecture 1.
Sangeet Bhullar Director, WISE KIDS www.wisekids.org.uk Promoting Positive and Safe Internet Use www.wisekids.org.uk WISE KIDS Pilot Internet Mentor Programme.

Sangeet Bhullar Director, WISE KIDS Promoting Positive and Safe Internet Use WISE KIDS Pilot Internet Mentor Programme.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
1 Review For Exam 3 (Part 2) BUS3500 - Abdou Illia, Fall 2009.

1 Review For Exam 3 (Part 2) BUS Abdou Illia, Fall 2009.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
1 Web Content Delivery Reading: Section 9.2.2 and 9.4.3 COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
Lesson 19 Internet Basics.

Lesson 19 Internet Basics.

Similar presentations

Ads by Google