On Saturday Andy Abramson posted this

OPEN NET--The Time Has Come

In hockey, an OPEN NET means there is nothing to get in the way of a goal.

And the idea of the Internet was an open and interconnected network, without real boundaries or perceived limits.

That’s why I’m calling for the support of an idea called “OpenNet” a voluntary initiative on the part of private, public, education and governmental networks to begin to return to the premise the Internet was started for.

How will this happen? Very simply, but doing exactly what the Internet was set up to do, and what its protocols can enable. You see, this solution will let anyone on the network anywhere, but also keep those out from being on.

I want to see the organizations that are concerned establish a second “public network” not behind their own firewalls, but outside of it, that anyone who is allowed to access it, or granted “guest”
privileges to be able to do just about anything that IP allows. No blocking of services. No restriction on files size or time on the network, as long as they grant such permission.

While the hockey analogy took a minute to sink in, I spent 16 years coaching soccer teams, and the open net concept carries over nicely.

But, putting my corporate hat on, I've got issues with this whole concept. To do what Andy suggests requires some technology to create both the inside and outside net. For some organizations, it's a very minimal investment, and perhaps simply a configuration change.

But as a corporate security managerm I've still got problems. Why do I want to provide outside access to anyone? And where will the IP addresses come from? I'll have to dole out some kind of public address space via DHCP even for these outside users..

If I give my registered address space on the outside, I embrace some form of liability for how it gets used. A spammer, using my address space, can now send out millions of email messages that look like they came from my space.

And what happens when some outside user consumes large amounts of the bandwidth that I pay for? How do I recoup my monthly recurring charges?

I think it's a much larger issue. Wired networks vs. wireless networks certainly come into play. While I'm favorably disposed to an outside, or vendor network in the wired world, accss still has to be tightly controlled from a security perspective. I'm accountable to my upstream provider for conforming to an SLA of some kind.

While as a user I like the idea of access being open and free, as a network designer and security manager, I have to ask what's in it for me? I don't see a winning proposition that I can support yet, but I do like the basic premise. Now we just need to find a way to make it viable.


Technorati Tags: network access, network security, open networks

Technorati Tags: network access, network security, open networks