At the lowest level, networks are physical communication links and lines joined together by packet switches. If these lines, links and switches are physically secured by locking them up in bomb-proof rooms and guarding the passage of the communication link with razor wire and armed guards, then the administrator can be fairly certain that the lines will not be physically tapped. Not every enterprise has the resources to implement military security, so isolating the network within the headquarters may be sufficient, where the wires run through the dry risers, and switches are kept in locked cupboards and machine rooms.
If communication only occurs between those people in the building, then the administrator may feel relatively happy - they need only worry about the trustworthiness of the employees. But if the network connects with the outside world, the network administrator has to ensure that any valuable information does not inadvertently leak outside. For this, the administrator has to keep a careful rein on the routing of packets within the network, and to carefully configure what is known as a firewall. Whilst this is not the place to fully discuss securing an enterprise network, we shall discuss the implications of the multicast multimedia for controlling the routing and implementation of firewalls.
The problem with multicast for the conscientious network administrator is that the IP multicast model allows open and unknown receiver groups. For security purposes, this is anathema, and so the security minded administrator must work at controlling the routing of multicast groups, so that they don't leak outside the protected domain to unknown receivers. One can filter at the boundaries of a network based on known sets of multicast addresses, a technique known as Administrative Scoping. Having set up known groups of addresses, one needs to dynamically grow the boundaries of the enterprise, according to the communication requirements, so one tunnels through the Internet to connect bounded domains. Tunneling is made more difficult through the use of firewalls, which need to be carefully configured. In order to disguise communication patterns, ie that IBM and Digital executives are talking to each other, the traffic may go through Redistribution centres. Finally, the eventual goal is for the inter-domain routing of multicast to be amenable to configuring the policy of the domains explicitly.
Next: Administrative Address Scoping Up: Security and Policy in Previous: Public Key Cryptography Jon CROWCROFT