UrlBlogGrey

My employer has an Internet gateway that limits Internet access to HTTP and HTTPS. Other services, such as e-mail (POP, IMAP) and remote shell (SSH), are not allowed to travel out based on the ports they use. This is not to say that one couldn't conduct those operations on the HTTP and HTTPS ports; however, those service ports are not designed for protocol tunneling.

This got me thinking about the futility of port restrictions. Imagine you are an evil-minded person intent on traveling to a remote destination. The authorities know your true identity, which would give you away if you used it while traveling. So, you assume a false identity while traveling and revert to your true identity once at your destination in the company of other evil-minded people. No matter what restrictions are placed on travel, evil people (or data) will be mobile so long as an alternate identity can be assumed.

The evil traveller may be discovered if the authenticity of their identity is questioned. What if, in the case of SSH and HTTPS traffic, there are no means of fingerprinting the data because it is encrypted? The interrogator could question the trustworthiness of the traveller and their source/destination. I suppose this is what happens when a person tries to travel from the U.S. to an untrusted contry (i.e. Afghanistan, Iraq). The problem on the Internet is that there is no such thing as an "untrusted site." They are all equals in the eyes of an Internet gateway. So, should there be multiple Internets to better serve corporate/government interests?