# The Internet ## Layers and chokepoints --- ## Housekeeping for the web version I haven't found a way of doing alt text for full screen images in reveal.js, because of the bodge used to display them. So I have used the notes field instead. You can access this from speaker view (press "S"). --- # Hello! ## We're Alex and Neil --- # Rules --- # Rules No such thing as a silly question --- # Rules No such thing as a silly question Join in! --- # The Internet --- ## You use it, but what _is_ it? --- ## The Internet is not the web You can access the web via the Internet --- ## The Internet is not Facebook! --- # Okay, so that's what it is *not*. But what _is_ it? --- (Turn your audio on for the next slide) --- # US senator Ted Stevens (2006) (Two clips edited together) <audio data-autoplay data-src="./ted_stevens.mp3"></audio> <aside class=notes>Giving a speech on net neutrality</aside> --- <section data-background="truck.jpg" data-background-size="contain"> <aside class=notes>Alt text: Photo of an old truck, with a rusted red cab and a wooden trailer, sitting in a dusty field, with dusty yellow hills in the background</aside> </section> --- ## Be careful searching for truck photos!  (inews.com) <aside class=notes>Neil Parish MP</aside> --- <section data-background="truck.jpg" data-background-size="contain"> <aside class=notes>Alt text: Photo of an old truck, with a rusted red cab and a wooden trailer, sitting in a dusty field, with dusty yellow hills in the background</aside> </section> --- <section data-background="tubes.jpg" data-background-size="contain"> <aside class=notes>Photo, in black and white, of lots of pipes</aside> </section> --- # A network of networks --- # Standards and norms --- > Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. --- > On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. --- > Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here. --- ## A Declaration of the Independence of Cyberspace John Perry Barlow (1996) --- <section data-background-image="declaration_qr.png" data-background-size="contain"> </section> --- ## Legal norms "USB-type C to become EU's common charger by end of 2024" --- ## Informal standards "RFCs": requests for comments RFC 5321: SMTP RFCs 1034 & 1035: DNS --- <section data-background-image="rfc.png" data-background-size="contain"> <aside class=notes>Alt text: Screenshot of RFC 5321, for the Simple Maile Transfer Protocol </aside> </section> --- ## Formal standards ISO 27001, ETSI standards --- ## Legislative norms enforcing formal standards Ofcom GC A2 --- > Communications Providers must comply with any relevant compulsory standards and/or specifications listed in the Official Journal of the European Union for the provision of services, technical interfaces and/or network functions... --- # Code as law Your actions on someone else's computer are constrained by the code running on that computer --- # The OSI model ## It's only a model --- # Chokepoints ## Places to exert control --- # Layer 1 ## The physical layer --- ## What? Cables, fibres, radio --- ## Who? Openreach, Cityfibre, Ubiquiti --- ## Chokepoints Unplugging cables Cutting fibres Fibre splicing Spectrum jamming --- # Layer 2 ## Data link layer (e.g. Ethernet, MAC) --- ## What? Bridges, switches, NIC drivers --- ## Who? Intel, Cisco, Mikrotik --- ## Chokepoints Port mirroring MAC address blocking (but MACs are easily changed) MAC address spoofing Wi-Fi deauthentication --- # Layer 3 ## Network layer (e.g. IP) --- ## What? Routers --- ## Who? Router manufacturers (FireBrick, Cisco, Nokia) Retail ISPs (A&A, BT, Vodafone) --- ## Chokepoints Routing through an inspection appliance Packet injection Suspending your account (DDTRO) Throttling Blackholing (dropping traffic) BGP abuse IMEI blacklisting (to stop a device from authenticating) --- # Layer 4 ## Transport layer (e.g. TCP, UDP) --- ## What? TCP / UDP ports --- ## Who? ISPs, server operators (e.g. Facebook) --- ## Chokepoints Blocking ports (e.g. preventing traffic to incoming port 22, or outgoing on 53 other than to the ISP's own DNS) --- # Layer 5 ## Sessions (e.g. PPTP, L2TP) --- ## What? Controls session initiation, management, and termination --- ## Who? Server operators --- ## Chokepoints None are obvious? --- # Layer 6 ## Presentation layer (e.g. TLS, MIME types) --- ## What? Encryption, content types (MIME) --- ## Who? Certificate authorities (Let's Encrypt) --- ## Chokepoints Withdrawal of certificates Certificate poisoning MiTM / TLS inspection --- # Layer 7 ## Application layer (e.g. DNS, http) --- ## What? All sorts of applications http: hypertext transfer protocol ftp: file transfer protocol WebRTC: real-time voice/video dns: domain name service --- ## Who? All sorts of providers --- ## Chokepoints Injecting into http traffic (e.g. iframes, or adverts) DNS blocking (most common approach in the UK): copyright injunctions, sanctions Account suspension (e.g. stopping someone's Facebook account) --- <section data-background-image="rt.com.91.215.41.4.png" data-background-size="contain"> <aside class=notes>Screenshot of the output of the dig comment, looking up A records for the domain name rt.com. It returns an IP of 91.215.41.4.</aside> </section> --- <section data-background-image="rt.com.0.0.0.0.png" data-background-size="contain"> <aside class=notes>Screenshot of the output of the dig comment, looking up A records for the domain name rt.com. It returns an IP of 0.0.0.0 (because the DNS has been filtered / interfered with).</aside> </section> --- # Layer 8 ## People --- ## Who? Users, employees --- ## Chokepoints Account suspension / disconnection *Norwich Pharmacal* orders: account information Threats / subverting employees --- <section data-background="xkcd_security.png" data-background-size="contain"> <aside class=notes>The XKCD cartoon number 538. The comic has two panes. The first pane is entitled "A Crypto Nerd's Imagination". Person A says "His Laptop's Encrypted. Let's build a million-dollar cluster to crack it." Person B says "No good! It's 4096-bit RSA!". Person A replies "Blast! Our evil plan is foiled". Second is entitled "What would actually happen". Person A says "His laptop's encrypted. Drug him and hit him with this $5 wrench until he tells us the password." Person B says "Got it".</aside> </section> --- # XKCD 538 "Security" Randall Munroe https://xkcd.com/538/ CC BY-NC 2.5 --- # Layer shifting VPNs, Tor, and other layer-shifting technologies --- ## (Usually encrypted) tunnels, on top of other layers So "layers" gets a bit murky --- ## Chokepoints Blackhole IPs of known Tor guard or exit nodes Blackhole IPs of VPN concentrators --- # Other chokepoints --- ## App Stores Content removal Malicious apps --- ## Payment service providers Removal of payment facilities (Digital Economy Act 2017) --- ## Ancillary service providers Advertising industry --- # What questions do you have? ---