Last updated: 
1 month 5 days ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Network Neutrality and Network Security

Tuesday, July 5, 2016 - 08:32

A new EU law, created earlier this year, requires public network providers to ensure "network neutrality" – roughly, that every packet be treated alike unless there are legitimate reasons not to. The Body of European Regulators of Electronic Communications (BEREC) has now published draft guidelines on how this will be implemented, in particular the circumstances in which network traffic may be filtered to protect the security of networks and services. Janet is a private network, so not subject to the law; we already operate as neutral a policy as possible in order to facilitate the use of the network for innovative teaching and research. However BEREC's proposals affect us because security measures taken (or not taken) by public networks will affect the level of malicious traffic directed to Janet and its customers.

Overall the proposal shows a good appreciation of the sorts of hostile traffic that networks may need to deal with, and authorises most of the actions we would like networks to take. These are declared to be necessary and acceptable reductions in strict neutrality. However the guidance requires that filtering only be used temporarily, in response to a particular threat. That may be possible when dealing with threats to a network or its users, but some filtering is used to protect others from the consequences of local incidents. In particular, the Internet Engineering Task Force identified filtering spoofed outbound packets as best practice for all networks more than a decade ago. BEREC, too, regard spoofed addresses as something that should be filtered. However to provide effective protection, that filtering needs to be in place permanently.

Our response to BEREC, developed with the assistance of other members of GEANT’s CSIRT Task Force, explains why spoofed addresses are a security problem, and why filtering them permanently has no effect on network neutrality.