I am definitely an old school gamer. My son plays games like Modern Warfare 2 and Left 4 Dead 2. But I started when games required thought and not just lightning-fast reflexes. And one of the very first computer games I remember was Colossal Cave. I first played it on an IBM S/370 that ran MVS and TSO (i.e., Time Sharing Option). But some of my most favorite memories of the game were when I played it on the Heathkit H89 PC that I soldered together with my own hands.
And there was one part of the game that always fascinated me: the maze of passages. Actually, there were two such mazes: one had twisty passages that were all alike and the other had twisty passages that were all different. And in these tunnels, you could either become lost forever or find the pirate’s treasure.
So what does this game have to do with anything? It’s simple: the use of tunnels can lead to frustration or it can lead to treasure. For today, I’m going to talk about tunnels that can be used for treasure.
Most of us know about one form of tunneling or another. Many people use (or know about) SSL tunnels and/or IPSec tunnels. These kinds of tunnels are commonly used by many folks who must use VPN technologies to access resources that are secured behind corporate firewalls. Most people have no real idea of what is going on “behind the scenes” when they use their corporate VPN’s. But the basic premise is simple: one kind of data that is commonly blocked can be “wrapped” within another kind of data that can be allowed to pass. Think of this as the knife in the birthday cake. The guards won’t allow the knife to be given to a prisoner. But the guards can be fooled if the real payload is hidden from sight.
Of course, this analogy is simplistic – and somewhat deceptive. Tunnels are not used just to hide nefarious objects from the prying eyes of the world. They are more commonly used to control the kinds of data that passes the sentry points in a system. Think of it this way: if the cargo hole in a ship is shaped like a square, then valid cargo must also be shaped to accommodate the size and shape of the square entryway.
For those who have a little more knowledge, there are other forms of tunnels that are commonplace. For example, SSH tunnels are de rigeur for most system administrators. SSH tunnels can be associated with commercial tools (like VanDyke’s Secure Shell or BitVise’s Tunnelier). But they can also be used with open and freely available tools (like sshd and PuTTY). I use SSH tunnels for so many things. SSH is used to secure my router. It is also used to securely access my home systems from any location on the Internet.
But amongst those who work with security for a living, there are many other forms of tunneling – some widespread, others obscure. For years, TOR (The Onion Router) has been used as a means of anonymous (and encrypted) browsing. And TOR has often been used with local proxies that ease the burden of tunnel configuration and workload separation. But recently, the use of TOR and local proxies has gotten a whole lot simpler. You can now downlod a single package that will install and configure a browser, a proxy and TOR onto a portable platform (i.e., a USB key). In this kind of configuration, you can insert a USB device into almost any system connected to almost any public hotspot. Once the browser is launched, you can commence anonymous and secure browsing of the Internet.
And these tools can now be combined with all sorts of other tunneling tools. For example, you could tunnel TOR traffic within SSH and then forward it across a DNS tunnel. This would allow you to bypass most content filters established on the networks to which you might be connected.
Is this cool technology? Most definitely it is. Can this technology be used for good things? Of course it can. Consider an evangelist within a repressive country. Such a person can connect and communicate with others within his country or with those who are outside his country.
But can this technology also be used for nefarious purposes? In candor, it certainly could be used for illegitimate purposes. But I think of these kinds of technologies in the same way that I think of freedom of speech. We must allow gross and unseemly speech if we want to have any freedom of speech. Otherwise, our speech (however comely and delightful it might be) could be considered objectionable – and hence, controllable.
So what should we do about the maze of twisty passages? In my narrow view, I must come down on the side of allowing such technologies. They can be used for good or “twisted” into unacceptable uses. Of course, the same thing is true about guns. They can similarly be used for unsavory purposes. But the protection of our liberties will lie in our ability to use tools that allow us to secure and protect individual liberties – even when this means that the state will have a more difficult time dealing with the criminals.
-Roo