Event
Summary
In
The Kingdom of Saudi Arabia, the entire Internet backbone is concealed
behind a countrywide firewall that is built on Sun Solaris servers using
the freeware proxy server known as Squid. The firewall is located at the
King Abdul Aziz University for Science and Technology (KACST). To keep
foreign nations from viewing various local Saudi websites, the massive
firewall blocks TCP/IP ports 80 and 443 for all connections coming into
the county. Ports 40 and 443 are the HTTP and HTTPS ports respectively.
The
only way for big Saudi companies to broadcast their websites is through
dial-up connections to the U.S., since there is no local means of getting
their websites out of the country. In fact, if you go to the following
location, you won't see much:
http://www.kacst.edu.sa
Internet
security in Saudi Arabia is so intense that any time someone connects
to a Saudi chat room, a TCP/IP port scan on the source host is automatically
initiated. Inside sources confirm that various government employed security
engineers spend a considerable amount of time auditing Saudi chat room
users to enforce the countrywide firewall policy. In fact, government
imposed security attacks are so prevalent that most Saudi Arabian Internet
users simply accept them as a fact of life.
This
affluent oil-based-economy is governed by a strong monarchy which did
not allow its citizens to access the Internet until early 1998. Local
service providers must abide by strict government regulations and must
obtain a government issued Internet license.
Considerations
The Saudi's were the last of the Arab states to go on-line and did so
with the help of numerous system and network consultants from Germany.
Are they behind the times when it comes to technology, or do they simply
take more precautions when it comes to network security? Early on, government
officials insisted that the launch of the Internet in Saudi Arabia would
undergo a careful planning process. In spite of the tight Internet security
imposed by the government, Saudi Arabian companies are still able to offer
dial-up, webhosting, and e-Commerce services.
Perhaps
the Saudi's are over zealous when it comes to system and network security.
Or perhaps the United States is downright foolish for allowing such widespread
access to our government websites. What would be the impact on U.S. e-Commerce
sites if we tightened up access to our government websites and networks?
Why do foreign nations need access to our government websites? U.S. Federal
Agencies are notorious for being lax on their website and network security
and are often the brunt of ridicule on hacker sites such as the Attrition.org
and Hackernews.com websites.
What would be the impact of only allowing U.S. companies, and U.S. citizens
access to websites ending with the domain classification .gov? Maybe there
are valid reasons for leaving our government websites open to the rest
of the world. And if there are valid reasons, let's understand them. Traditionally,
the U.S. has always had very strong armed forces. But what about our national
cyber security? Before exposing the crown jewels of our democracy to untrusted
nations, proper due diligence would suggest that we understand the reasons
for doing so first. Are our lawmakers in Washington technically savvy
enough to protect us from cyber terrorism? These questions require further
consideration.