Firewall Father Wants WikiLeaks Prosecuted

WikiLeaks’ head, Julian Assange should be prosecuted for putting lives at risk, and cyber-threats are dangerous because of the very democracy of the Internet, says Bill “Ches” Cheswick, the AT&T technical lead who is widely credited as the father of the firewall.

Cheswick has a lot of security opinions to share with eWEEK Europe, on a visit to London, but we need to sort out the paternity issue first. “Am I the father of the firewall?” he says. “There are probably about ten fathers of the firewall,”

This may be false modesty. If you check the Wikipedia entry on firewalls, his name comes first. He co-wrote (with Steven Bellovin) the first book on the subject in 1990 (Repelling the Wily Hacker), and coined the term “proxy”.

He remains a lead member of technical staff at AT&T, the former owner of Bell Labs, where he and Bellovin worked in the late 1980s to develop practical systems to keep malicious network activity out of connected systems.

Firewalls have become a standard

With “ten fathers” it means firewalls were inevitable: “if any one of us had been hit by a bus, we would still have firewalls today.” Luckily, Cheswick wasn’t hit by a bus, and is around for us to talk to.

And certainly his early firewall years were exciting ones: “I was running the Bell Labs firewall in 1988 when the Morris Worm came out, and that did not get us,” he says. As the first malware to replicate on the Internet, the Morris worm raised the profile of Internet security, resulting in the formation of CERTs and more widespread use of firewalls.

Since then, firewalls have become a standard commodity, available as free software, and efforts to increase their mystique with new terms such as “application layer” or “Intrusion Prevention Systems”, are mostly marketing hype, Cheswick believes.

“We did deep packet inspection in 1987,” he says. “We just didn’t call it that.”

And he was never convinced the firewall was the all-powerful solution it was marketed as, since insider threats and the physical perimeter are just as important: “I consider the firewall to be middling level security at best.”

Cyberwar – attacks anyone can make

Looking at today’s security landscape, he is interested to see the apparent confirmation, with Stuxnet, that government agencies are involved in making malware, but “It is not a surprise,” he says.

He doesn’t like the term cyberwar.  “I think the word is wrong, because in some sense it is war but it is fury and sound signifiying little,” he says. “It is just espionage.”

He does concede that DDoS attacks can be destructive and politically motivated, and spotted some early ones.

“In 1999, I was doing the Internet Mapping Project at Bell Labs,” he said “I watched Serbia during the bombing in May of that year, and it just went away from the Internet. I realised we needed a foreign policy, and that’s normally reserved for government, not people in their pyjamas.”

In fact, the Internet can be a dangerous weapon, which is “really the first state of the art technology that is so democratic that anyone can do it.” Ordinary citizens can’t get the materials to build an atom bomb, he says – although Cheswick himself has downloaded several chapters of the US bomb-making primer, written at Los Alamos, which eventually leaked out of a Russian KGB site – “but I can build software that will attack the hell out of some country.”

As an aside, he says he is concerned that germ warfare might become equally democratic, as new techniques are bringing down the cost of genetic manipulation.

WikiLeaks should stand trial

Governments can learn from WikiLeaks, but he believes the whistleblowing site was wrong: “I suspect that people have died and I would support criminal action against WikiLeaks,” he says. “My big concern is that leaks like this are inherentlty anonymous, and if you are going to publish this sort of thing, you have people’s lives in your hand.”

But what can governments learn from Wikileaks? Keep data separated, with bulkheads: “As I understand it from State Department network information, the State Department is no longer on SIPRnet,” says Cheswick.

Continued on page 2