Slashdot Mirror


Fort N.O.C.'s Security in Obscurity

penciling_in writes "Brock N. Meeks of MSNBC reports on his recent visit to VeriSign's secret location: 'The unassuming building that houses the "A" root sits in a cluster of three others; the architecture looks as if it were lifted directly from a free clip art library. No signs or markers give a hint that the Internet's most precious computer is inside humming happily away in a hermetically sealed room. This building complex could be any of a 100,000 mini office parks littering middle class America.' The report goes on to say: 'Access to the Network Operations Center, the "NORAD" of the Internet's traffic monitoring, requires the electronic badge and then a double biometric hand print scan.' And here are Karl Auerbach and Robert Alberti offering their interesting analysis of this report on CircleID."

8 of 297 comments (clear)

  1. "A" is in Dulles, VA by havaloc · · Score: 4, Interesting

    Although the article says that the location is a secret, a link from the article to www.root-servers.org happily tells you that server A is in Dulles.

    1. Re: "A" is in Dulles, VA by El · · Score: 4, Interesting

      How come Homer and Krusty look like clones? Haven't you ever heard Matt Groening's explanation of this? The original joke in the first "Krusty" episode was that Bart had no respect at all for his father Homer, and yet he worshipped this television personality that looked exactly like his father... guess the irony was too subtle for most people.

      --

      "Freedom means freedom for everybody" -- Dick Cheney

  2. Cool... by Shoten · · Score: 5, Interesting

    It's cool to see someone write about the building you used to work in! I worked in this building, a bit more than 2 years ago. I was in Network Solutions' consulting arm, whose DC office was in that building, two floors under the NOC. The security really is as spectacular (and low-key) as you'd expect. You would NOT believe the camera surveillance they have facing outwards...you can see some of it, but you can't see some of them at all. And the cameras themselves are startlingly cool...there's a small strip mall across a major highway from the facility, with a clear line of sight. One of the security guys showed me how far the zoom worked, as he zoomed in on a guy smoking in front of a bookstore in the strip mall...about half a mile away. It was still a clear picture.

    When 9/11 happened, we were not allowed back into the building for a couple of days, but all they had to stand up as barriers were road cones. Luckily, they're finally moving to a location that isn't just obscure and secure, but armored, as I hear their Mountain View, CA location is.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  3. In the case of a nuclear attack? by Sean80 · · Score: 4, Interesting
    OK so I have to admit I don't understand the technology here any more. Back in the day, they say the Internet was built to withstand a nuclear assault. With phrases like "the Internet's most important computer," how can this be true?

    If this building were destroyed by a nuclear weapon, what would be the impact on the Internet?

    1. Re:In the case of a nuclear attack? by Wingchild · · Score: 4, Interesting

      Back in the day, they say the Internet was built to withstand a nuclear assault.

      DARPA was running a research project to build a networking system capable of intelligent self re-routing in the case of points of failure, so that a single network outage couldn't prevent traffic from flowing through. The extended concept for ARPANet was that if a major segment of the network vanished it might still be possible for data to be routed, hence the `it can get nuked and still survive` quotes people toss around.

      Most unfortunately the internet itself is not always as robust; if certain routers are knocked out, large segments of the networks behind them stay unreachable for long periods of time, mainly because of serious network mismanagement on the part of the people who really ought to know better.

      One can also never understimate the power and prevalence of Backhoe Fade.

  4. Oh, for the days of hosts.txt by shoppa · · Score: 4, Interesting

    Back in the good old days, if you had a recent copy of hosts.txt all this was irrelevant :-). But it's been most of a decade since just anyone could download it.

  5. Re:Is this really a secret? by Zeinfeld · · Score: 4, Interesting
    Isn't this "secret location" in Palo Alto? Seems to me there are probably thousands of people (e.g. telco employees) that know where it is...

    Nope, VeriSign was never in Palo Alto. It was dotCom era, rents in Palo Alto were way high by that time. VeriSign started in Redwood Shores and then moved to Mountain View. These days they own the old Netscape campus.

    The operations center is another matter, those are in unmarked buildings at several locations. If you look at some of the displays of root server locations you will see blobs in the San Francisco and Washington D.C. areas. Well duhh! Who would have guessed that the DNS servers would be so close physically to MAE West and MAE East?

    The Circle ID stories are both slashdotted. So we can't hear if Karl and co are saying 'nah, we don't need high bandwidth roots capable of a good slashdotting' which if they were would be somewhat ironic.

    The point that the article does not really mention is that at the moment running the DNS roots is done on a voluntary basis. ICANN is getting a free ride here. After the DDoS event in 2002 it was clear that 1) the roots were a major target 2) There was a big difference in the quality of service.

    Given the importance of the roots shouldn't we actually invest something so the people running them can afford to do the job well? VeriSign can afford to run its systems the way it does because it has revenue from other sources. How do you justify the cost of a high end four way server to be dedicated to root ops if you are a non-profit? ICANN could at least pay for hardware and bandwidth.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  6. Re:LINUX Analogy by karl.auerbach · · Score: 4, Interesting

    Microsoft - or SCO (if it had the cash) - could go out and try to buy all the root servers. There is nothing to stop the root operators from selling out.

    Nor is there anything that prevents root server operators from giving preference to queries coming from paying IP addresses.

    All of that is hypothetical, but without legally enforceable obligations, we're just hoping that nothing changes for the worse.

    And things *do* change - for example, back in the 1980's SCO was a fun company here in Santa Cruz.