Localhost: the Cinderella of IP Addresses
Localhost: the Cinderella of IP Addresses
Privacy — localhost's fairy godmother.
Join the DZone community and get the full member experience.Join For Free
To non-fairy-tale aficionados, Cinderella got her name because she was responsible for collecting the “cinders” from the fireplace. Appropriate then, that the stepsister of IP addresses is called localhost addresses, since they are only available when you are physically working on your machine. Or that its other nomdeplum is loopback, because in the early days of TCP/IP machines were so expensive that the only reasonable thing to do to test software was to loop a cable back to itself.
Compared to its first-class, the global, or its business-class, the private, cousins, the lowly 127 address has been relegated to freight-class status, typically only used by developers for managing inter-process communications for desktop applications or for prototyping of web services/sites.
The beauty of the TCP/IP protocol is that it was initially designed to survive a catastrophe, so it’s no surprise that it has become the foundation upon which the Internet as we know it has been built. A key tenet of the protocol is that if someone says ‘hello’ the receiving end will say ‘hello’ back. Unfortunately, this fundamental characteristic is now being exploited to ‘find’ devices and determine where to attack a device. With the ever expanding reach of the Internet, this attack surface only continues to grow, to the point where almost daily are news articles of devices being hacked.
Privacy, Localhost’s Fairy Godmother
When running an application on a computer, it is common practice to bind its service address to 0.0.0.0, meaning that it will be available from any IP address that it is assigned. The usability benefit is that from anywhere that you can see that IP address, you’ll be able to easily find that application, and that is why it is also a proportional privacy detriment.
An interesting alternative that all TCP/IP stacks provide is the option to instead bind services to the localhost, 127.0.0.X, address rather than 0.0.0.0. The privacy benefit is that the service is no longer visible from locations that can see the device’s outward facing IP address. The obvious usability detriment is that the service is only available if you are physically on the machine.
Correction, that’s what used to be the downside.
Communicate Without Public IP Addresses or Open Ports
Our team has deep expertise in networking; we’re intimate with the network layer that everyone takes for granted, and even wrote the patent on implementation of TCP/IP on silicon. When we asked ourselves how we could improve the internet so that endpoints were intrinsically safe instead of vulnerable, or automatically private instead of exposed, we realized the solution couldn’t be on the application level. It had to be on the network level.
So we built remote.it to enable enterprises and individuals to create Virtual Private Internets (VPIs) that enable groups of devices to securely communicate without concern for spying or intrusion from bad actors on the public Internet. Devices on a VPI can see each other and communicate freely while adopting a “drop stance” that makes them unresponsive and invisible to general internet traffic.
When devices on a VPI do communicate with each other, they still do so through IP addresses, they just happen to be localhost addresses. The beauty being that no applications need to be rewritten, since the communication interface is still in the expected IP address: port format.
Our enterprise customers can use VPIs to enable secure network connectivity and communication to huge numbers of devices without worry for the availability of on-premise equipment or staff, since a remote.it VPI solution can be deployed solely with software and through cloud managed services.
Available and Secure
With billions of connected devices being deployed annually, enterprises can no longer accept the risk of public IP addresses and open ports at the device level, nor can they accept the expense of attempting to secure every device with on-premise equipment and staff.
Through software and cloud services only, Virtual Private Internets built on remote.it leverage the intrinsic security of TCP/IP to deliver easily deployable private networks within the Internet.
Opinions expressed by DZone contributors are their own.