Internet protocols on the brink
The biggest threat to the Internet is the fact that
it was never really designed. Instead, it evolved in fits and starts,
thanks to various protocols that were cobbled together to fulfill the
needs of the moment. Few of those protocols were designed with security
in mind. Or if they were, they sported no more than was needed to keep
out a nosy neighbor, not a malicious attacker.
The result is a
welter of aging protocols susceptible to exploit on an Internet scale.
Some of the attacks levied against these protocols have been mitigated
with fixes, but it’s clear that the protocols themselves need more
robust replacements. Here are six Internet protocols that could stand to
be replaced sooner rather than later or are (mercifully) on the way
out.
The result is a
welter of aging protocols susceptible to exploit on an Internet scale.
Some of the attacks levied against these protocols have been mitigated
with fixes, but it’s clear that the protocols themselves need more
robust replacements. Here are six Internet protocols that could stand to
be replaced sooner rather than later or are (mercifully) on the way
out.BGP: Border Gateway Protocol
BGP is used by Internet routers to
exchange information about changes to the Internet’s network topology,
making it one of the oldest and most crucial Internet protocols. It’s
also among the most fundamentally broken, built at a time when Internet
peering was based on little more than mutual trust. With a little work,
Internet routing information can be poisoned with bogus routing
information, aka BGP spoofing.
Such spoofing has happened before, many times.
The resulting disaster is usually obvious enough that it's detected and
corrected in short measure, but it offers enough of a window for an
attacker to do terrible damage. Worst of all, the problem is essentially
unfixable as it currently stands. As Dave Rand of Trend Micro explained
to Larry Seltzer, no central authority can be used to confirm whether a
particular address belongs to a particular network. And because BGP is
such a foundational protocol, there’s no replacing it in the short term.
At least the Core Infrastructure Initiative has put “fixing BGP” on its to-do list.
Such spoofing has happened before, many times.
The resulting disaster is usually obvious enough that it's detected and
corrected in short measure, but it offers enough of a window for an
attacker to do terrible damage. Worst of all, the problem is essentially
unfixable as it currently stands. As Dave Rand of Trend Micro explained
to Larry Seltzer, no central authority can be used to confirm whether a
particular address belongs to a particular network. And because BGP is
such a foundational protocol, there’s no replacing it in the short term.
At least the Core Infrastructure Initiative has put “fixing BGP” on its to-do list.SMTP: Simple Mail Transfer Protocol
Despite myriad initiatives launched
over the years to kill it off, email remains in wide use, along with one
of its underlying protocols, SMTP. SMTP’s biggest problem, as put in an
email by Steve Hultquist, chief evangelist at network analytics firm
RedSeal, is that it has no inherent security due to its origins in more
innocent days: “SMTP was conceived as a simple way to transfer email
between users on the Internet when it was young and before the protocol
architects had recognized the threat of bad actors.”
Over time,
various bolt-ons for SMTP have been developed to tighten its security.
Chief among them is reverse DNS checking to ensure the sender is in fact
who they purport to be. But the protocols themselves don’t mandate that
kind of security; it’s a matter of who bothers to implement them. All
it takes is one mail gateway that doesn’t perform due diligence with
incoming email to blow the game for everyone. Maybe Inbox will be able to show a way out of the email labyrinth, but don’t hold your breath.
Over time,
various bolt-ons for SMTP have been developed to tighten its security.
Chief among them is reverse DNS checking to ensure the sender is in fact
who they purport to be. But the protocols themselves don’t mandate that
kind of security; it’s a matter of who bothers to implement them. All
it takes is one mail gateway that doesn’t perform due diligence with
incoming email to blow the game for everyone. Maybe Inbox will be able to show a way out of the email labyrinth, but don’t hold your breath.DNS: Domain Name System
Because the Internet protocol that
translates IP addresses into domain names is so foundational to the way
the Internet works, it’s a common attack target, due to flaws in the
protocol and security weaknesses in the software that implements it. The
Iranian Cyber Army outright took over the DNS servers for Twitter’s domain, and the Syrian Electronic Army hijacked The New York Times’ domain registration account.
A wake-up call for DNS security was sounded in 2008 when security researcher Dan Kaminsky unearthed
a massive flaw in the protocol’s design. That spurred work on DNSSEC, a
security extension for DNS, as a way to keep forged data from being
inserted into DNS servers. But DNSSEC needs to be implemented to work in
the first place. Worse, it can impact the performance of a DNS server
under heavy load and could even be used to launch denial-of-service reflection attacks. The cure may not be as bad as the disease, but it’s clearly a work in progress.
A wake-up call for DNS security was sounded in 2008 when security researcher Dan Kaminsky unearthed
a massive flaw in the protocol’s design. That spurred work on DNSSEC, a
security extension for DNS, as a way to keep forged data from being
inserted into DNS servers. But DNSSEC needs to be implemented to work in
the first place. Worse, it can impact the performance of a DNS server
under heavy load and could even be used to launch denial-of-service reflection attacks. The cure may not be as bad as the disease, but it’s clearly a work in progress.NTP: Network Time Protocol
NTP’s noble purpose is to keep the
clocks of computers around the world in sync, from whole server farms to
lowly desktops. But it, too, is a product of an age in which security
wasn’t a top priority. That made it possible to use the mechanics of the
protocol, in conjunction with a fleet of compromised computers, to
launch denial-of-service attacks.Fortunately, good work is being done to ensure that NTP servers are patched against such exploits and have been set up properly from the beginning to keep the attacks from happening. But nothing says future exploits of NTP aren’t possible, especially given the lack of scrutiny over the protocol and its implementations in the past.
IPv4
Despite all the clever dodges to work around the depletion of the IPv4 address space, nobody denies the days of IPv4 allocations -- even for big names like Microsoft -- are fast coming to an end. The only workable long-term solution has been known for years: Migrate to IPv6.
IPv6 is making good headway in new technology markets such as the mobile world, where IPv6 is widely used for 4G networks.
For everyone else, the obstacles in the way of moving to IPv6 are
seemingly endless. Simple inertia is a big one: Many won’t upgrade
unless they are forced to. Qualified IPv6 expertise remains scarce, according to California IPv6 Task Force co-chair Ed Horley. And the NIST is worried that attackers are poised to pounce
the minute the switches are thrown. Then again, nobody said altering
the fundamental infrastructure of the Internet would be easy.
IPv6 is making good headway in new technology markets such as the mobile world, where IPv6 is widely used for 4G networks.
For everyone else, the obstacles in the way of moving to IPv6 are
seemingly endless. Simple inertia is a big one: Many won’t upgrade
unless they are forced to. Qualified IPv6 expertise remains scarce, according to California IPv6 Task Force co-chair Ed Horley. And the NIST is worried that attackers are poised to pounce
the minute the switches are thrown. Then again, nobody said altering
the fundamental infrastructure of the Internet would be easy.SSL: Secure Sockets Layer
As a rule of thumb, the older a
protocol, the more likely it is to be broken in some way -- and the more
urgently it needs to be replaced with a successor. Secure Sockets Layer
has had a replacement for years, but only now are we getting around to
ditching SSL, mainly because disaster struck.
SSL was designed to
provide cryptographic protection for application-layer connections like
HTTP, but its last public revision was in 1996. A replacement protocol,
Transport Layer Security appeared three years later, and its widely used
1.2 version landed in 2008. But SSL itself remained in use, in big part
as a backward-compatibility measure. Consequently, all major browsers
have continued to support SSL even if it’s used in only 0.3 percent of
the transactions conducted today (according to Mozilla).
Now we have as good an incentive to ditch SSL altogether as there could be: The infamous POODLE attack, for which the best mitigation measure is to get rid of SSL -- period. Mozilla and Google are now doing that, meaning any enterprises that used SSL internally for whatever reason also need to ditch it, stat. Maybe backward compatibility isn’t all it’s cracked up to be.
SSL was designed to
provide cryptographic protection for application-layer connections like
HTTP, but its last public revision was in 1996. A replacement protocol,
Transport Layer Security appeared three years later, and its widely used
1.2 version landed in 2008. But SSL itself remained in use, in big part
as a backward-compatibility measure. Consequently, all major browsers
have continued to support SSL even if it’s used in only 0.3 percent of
the transactions conducted today (according to Mozilla).Now we have as good an incentive to ditch SSL altogether as there could be: The infamous POODLE attack, for which the best mitigation measure is to get rid of SSL -- period. Mozilla and Google are now doing that, meaning any enterprises that used SSL internally for whatever reason also need to ditch it, stat. Maybe backward compatibility isn’t all it’s cracked up to be.
Hello, my name is Mohd Azahar. I'm a self-employed Pivrate from the India.
No comments:
Post a Comment