Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What enterprises need to know about Internet traffic blocking

Traffic blocking by Internet carriers has stirred up some controversy in the security industry. Expert Kevin Beaver discusses the pros and cons of blocking network traffic.

Last year, Internet service provider and telecommunications carrier Level 3 Communications announced a decision to start blocking Internet traffic to and from servers it believed were being used for malicious or illegal activity. The company decides which network activity is potentially malicious using a methodology that involves combing through online resources, and analyzing log files and traffic patterns, and more, before it takes action to block traffic. Many people are skeptical, and believe that judging and controlling network traffic is a slippery slope.

The risks of traffic blocking

There are certainly potential side effects to Internet carriers blocking network traffic -- namely, legitimate customer machines that are infected with malware being accidently blocked. Also, Internet traffic blocking could hinder certain business activities of legitimate enterprises that have fallen victim to malware attacks. Similar to Web content filtering, when carriers block traffic that's otherwise legitimate, business transactions may cease. When there is a carrier making those security decisions on behalf of the enterprise, there's a lot of ambiguity that makes things complicated. For instance, who decides what's malicious and what's not? What if certain Internet traffic needs to go to a region of the world in question? How are disputes resolved?

Even with the risks of network traffic blocking, in a world where we have government agencies and third-party companies outright spying on everyone's Internet activity, I'm not sure where the rub is with carriers doing their part to help out. In fact, many people rely on cloud service providers to provide the same services through technologies, such as cloud access security brokers and SIEM. The difference is that an enterprise knows what it is signing up for with cloud services, and that may not be the case with Internet carriers.

The controversy around Internet traffic blocking

I believe if a company makes it a policy to take a stance on something, it's their prerogative. At least, in this case, Level 3 is making it known. Do those who argue against carriers taking such actions also disagree with Apple saying no to FBI backdoors? In many situations, people making these decisions on the behalf of their businesses may not be in a position to do so -- hence the need for a functional security committee.

If it's OK for network and security admins to block bad traffic on their own networks -- often without consulting anyone else in the organization -- what's the difference?

The average enterprise today is drowning in security challenges. Many issues are because of basic security oversights that are completely in the hands of enterprise security admins, managers and the executives in charge. If it's OK for network and security admins to block bad traffic on their own networks -- often without consulting anyone else in the organization -- what's the difference? When malicious traffic is blocked by carriers, in all but the oddest of cases, everyone wins. It's the network version of physical security. It's similar to how many businesses have various levels of security in order to access their buildings and people; systems are protected, resources are preserved and criminal activity is prevented. Organizations that don't agree with Internet traffic blocking, or cannot find a way for it to mesh with its internal policies, have the option to exercise the power of the free market and go with another carrier.

Carriers tracking and blocking malicious network activity is not a foolproof security control. That said, it's foolish to not want vendors such as this to be a part of the network security solution.

Next Steps

Learn how to identify the warning signs of network intrusions

Find out three ways to prevent and mitigate router security issues

Discover how large businesses should handle email security challenges

This was last published in March 2016

Dig Deeper on Real-time network monitoring and forensics

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What is your stance on traffic blocking by Internet providers?
"If it's OK for network and security admins to block bad traffic on
their own networks -- often without consulting anyone else in the
organization -- what's the difference?"

That some good questions!
I once worked for a client blocking "gay content". And I don't mean sexually explicit sites. Nope. Anything with "gay" keywords.
That's pretty surprising for Toronto and Ontario, having a gay prime minister at that time.
But, that's how Security Ops have decided, and they don't consult with HR.
It is always best when companies and private peoples adhere to the same regulations and protocols we as a society expect our government to adhere to. That being said, if the government were to undertake such activities, it would be a gross violation of peoples 1st Amendment rights. Arguably, ISP are in such a position of influence and power they may qualify as quasi-government agencies, as is say a mall or corporate created owned and ran township. If its held open to the public on a large enough scale, like say an ISP is, the company may be surprised to find out they are bound by the rules of the government. 

From an ethical stand point... The answer is "HELL NO, YOUR CRAPPY ALGORITHM created by people who have never broken the law, and yet claim to know exactly how crime looks right before it occurs, may not decide what information I do and do not receive. It's not your place, and no matter what you are going to prevent wanted and needed traffic that looks "Odd" to your security protocols but is harmless and possibly needed causing me or my company major damage!
Absolutely not, except for those rare cases of the most egregious material. My ISP has absolutely no idea what I want/need to read, see, know. And the last thing this universe needs is more thought police scrubbing the filth from our eyes.

If ISPs actually cared about keeping the world free of bad thoughts, they would be better off providing programs that allows end users to easily filter their own content. Big Brother is out of the picture and end users can label "inappropriate" however they like.
I go back and forth on this issue.  If a site is identified as having Malware, then by all means block it.  blocking sites for political reasons seems dubious to me, and additionally blocking sites for other types of content, seems to be something that requires context.  For example, you might block the NCAA and other streaming sites during the tournament specifically during Tournament season, but what's to stop your employees from using their phones for that purpose?