About the authorAlex Henthorn-Iwane leads product marketing at ThousandEyes, which provides network intelligence solutions that enable organizations to gain insight into each user's digital experience across all networks. Prior to joining ThousandEyes, Alex worked with Big Data Network Analysis, DevOps Orchestration, and internet routing monitoring technologies at Kentik, Quali, and Packet Design. With recent news that the Russian government has signed the "Russian law on the Internet", it is stating its intention to use another Domain Name System (DNS). This news, along with Iran's recent test of a nationwide firewall, is one of the latest pieces of evidence to show that it appears "no one is safe." a growing number of countries are trying to take control of their Internet infrastructure. In the case of Russia, it seems that some structural changes to its Internet have been going on for some time. In 2012, the Russian government began blocking Russian web users from accessing certain websites based on defined criteria. Later, in 2015, a law was passed requiring all Software as a Service (SaaS) providers to keep a local copy of all Russian citizen data. However, to date few have complied with this request with little to no impact at this time. The year 2017 was marked by new developments when the Russian authorities banned all Internet filtering-related software and websites, including virtual private networks (VPNs) and anonymizers, as well as all websites. Contains instructions for accessing websites blocked by the government. This latest "sovereign Internet law" appears to be an attempt by the Russian government to test the possibility of isolating Russia from the rest of the Internet. This is reminiscent of a very similar and successful system, the Great Firewall of China.
(Image: © Image Credit: Geralt / Pixabay)
How does the Great Firewall of China work?
China is the greatest example of an attempt to control the Internet within its borders, and much of its success in this attempt lies in the fact that it started from scratch to build the Internet. architecture from scratch. The great firewall was built in 1999 and refers to the set of techniques used to filter web traffic in China. The firewall is possible in two ways: China has introduced politics to a much older phase of the Internet, allowing the ecosystem to evolve organically across the Internet; Second, state monopolies control telecommunications in China and have fully complied with government-mandated censorship. The result is the world's largest Internet traffic filtering infrastructure, with little or no limitations inside and outside the country. Internet traffic in China can be analyzed and manipulated by Chinese authorities much more easily than in a country like the United States, especially since all Internet service providers in China are licensed and controlled by the Ministry of Internet. Industry and information technology. In addition, a small number of fiber optic cables carry almost all Internet traffic in China. They enter the country through one of ten different trunk access points, seven of which were added in January 2015 alone. This allows for near-total control of the L & # 39; ;Internet. China is then a unique example of disconnection from the internet. For a country like Russia, where the Internet has been allowed to evolve in a much more integrated way, these roots are now closely linked, which means it will be very difficult to separate them.How realistic is the global "split" of the Internet?
Despite the fact that the Internet is mostly open today, there are already restrictions in place in several countries. For example, Saudi Arabia is already throttling DNS, forcing DNS request traffic through a nationally controlled proxy service, the same technology used in China. These examples show that there is a clear desire to better control the Internet on national lines while allowing traffic to flow. Initiatives like the GDPR and other privacy laws can also be considered as examples. A US company that wants to do business in the EU, for example, must store all data there.
How can a country "disconnect"?
When it comes to Internet censorship, the first (and easiest) step is often IP blocking, which has the added benefit of being generally very cheap and easy to implement. IP blocking works when a country has a "blacklist" of unwanted IP addresses. The routers then drop all packets destined for blocked IP addresses, potentially including the address of what a country would classify as a "sensitive" site or DNS resolver. In China, an IP blacklist is injected through the Border Gateway Protocol (BGP) using zero routing. The fact that by blocking IP, the government can maintain a centralized blacklist without involving many ISPs, and therefore without much risk of leaks, makes it a particularly lightweight solution. DNS related techniques are often used in conjunction with IP blocking. Changing a domain name is not as easy as changing an IP address. Routers can disrupt unwanted communications by hijacking DNS queries that contain prohibited keywords and injecting forged DNS responses, which spoofs the response returned by the DNS server. When used together, DNS tactics and IP blocking can effectively isolate censored sites and servers at the domain and IP levels. There are many other approaches to imposing control over a country's Internet, including:
Image Credit: Shutterstock (Image: © Image Credit: Shutterstock) Self-censusing: In China, Internet service providers are expected to monitor and filter content on their networks in accordance with state guidelines. All Internet companies operating in China are also required by law to self-censor. If companies are unable to censor their content, they are subject to penalties: warnings, fines, temporary closures, and eventual revocation of their business licenses. These processes have fostered a culture of self-censorship in the country. Manual enforcement: China's Internet police force has about 50,000 employees. They manually monitor online content, directly remove content, or instruct websites, content servers, and service providers to remove content. Keyword filtering: Chinese authorities inspect content through their access channels, including URLs for blacklisted keywords. However, the filtering is inconsistent and works more like a "panopticon" than a firewall.