Sec572 Research Paper
Michael Amic
SEC572
You Decide #2
Computer networks are bunches of computers connected to each other. That is, either physical wires run between computers-wires in an office (LAN), dedicated phone lines (DSL), dial-up connections, fiber optic, or there is an electromagnetic connection-radio links or microwaves. Simply, when one computer wants to talk to another, it creates a message called a packet. The packet has the destination computer’s name on it and sends it to the computer over this network. Computers don’t use circuits to talk to each other. They don’t have conversations like people do. They send short data packets back and forth. These packets are broken-up pieces of anything: e-mails, gifs, streaming video or audio, or Internet phone calls. Computers divide …show more content…
large files into packets for easier transmission.
These packets are sent through the network by routers. There are lots of protocols-Ethernet, TCP, or whatever, but they all work basically the same way. Routers look at the address on the packets, and then send them toward their destination. They may not know where the destination is, but they know something about where it should go. It’s not hard to see that any network built on this model is terribly insecure. Consider the Internet. As those packets pass from router to router, their data is open to anyone who wants to read it. The routers are only supposed to look at the destination address in the packet header. Packets have source and destination information, but an attacker can modify them at will. An attacker can create packets that seem to come from one site, but don’t really. There are routing attacks where an attacker tells two points on the Internet that the shortest route between them goes through the attacker’s computers (243), according to Schmauder (2000). The solutions to these
problems are obvious in theory, but harder in practice. If you encrypt packets, no one can read them in transit. If you authenticate packets, no one can insert packets that pretend to come from somewhere else, and deleted packets will be noticed and reacted to. According to Schneier (2000), these threats may be mitigated by authentication between neighboring routers, filtering routing prefixes, and limiting the size of Autonomous System paths to destination networks, as well as object-level integrity checks for network layer reachability information and associated attributes (178). According to Mitnick (2002), secure routing protocols, such a Secure BGP (SBGP), allow routers in different networks to determine that they are receiving route announcements from authorized routers, and not from unauthorized sources. In fact, several solutions encrypt packets on the Internet (102). Programs like SSH encrypt and authenticate shell connections from a user on one machine to a computer across the network. Protocols like SSL can encrypt and authenticate Web traffic across the Internet. Protocols like IPsec promise to be able to encrypt and authenticate everything. To prevent both malicious and unintentional network configuration changes, companies that control major network installations should deploy procedures that require peer review of any modifications to the routing system, as well as requiring more than one person to commit any network changes, based on multi-party multi-factor authentication. This reduces the ability of an inexperienced, rogue, or coerced employee to affect a major configuration change without authoritative approval.
References
Mitnick, K. (2002). The Art of Deception: Controlling the Human Elements of Security. Indianapolis: Wiley.
Schmauder, P. (2000). Virus Proof: The Ultimate Guide to Protecting Your PC. Roseville: Prima Tech.
Schneier, B. (2000). Secrets & Lies: Digital Security in a Networked World. Canada: Wiley.
SEC572
You Decide #2
Computer networks are bunches of computers connected to each other. That is, either physical wires run between computers-wires in an office (LAN), dedicated phone lines (DSL), dial-up connections, fiber optic, or there is an electromagnetic connection-radio links or microwaves. Simply, when one computer wants to talk to another, it creates a message called a packet. The packet has the destination computer’s name on it and sends it to the computer over this network. Computers don’t use circuits to talk to each other. They don’t have conversations like people do. They send short data packets back and forth. These packets are broken-up pieces of anything: e-mails, gifs, streaming video or audio, or Internet phone calls. Computers divide …show more content…
large files into packets for easier transmission.
These packets are sent through the network by routers. There are lots of protocols-Ethernet, TCP, or whatever, but they all work basically the same way. Routers look at the address on the packets, and then send them toward their destination. They may not know where the destination is, but they know something about where it should go. It’s not hard to see that any network built on this model is terribly insecure. Consider the Internet. As those packets pass from router to router, their data is open to anyone who wants to read it. The routers are only supposed to look at the destination address in the packet header. Packets have source and destination information, but an attacker can modify them at will. An attacker can create packets that seem to come from one site, but don’t really. There are routing attacks where an attacker tells two points on the Internet that the shortest route between them goes through the attacker’s computers (243), according to Schmauder (2000). The solutions to these
problems are obvious in theory, but harder in practice. If you encrypt packets, no one can read them in transit. If you authenticate packets, no one can insert packets that pretend to come from somewhere else, and deleted packets will be noticed and reacted to. According to Schneier (2000), these threats may be mitigated by authentication between neighboring routers, filtering routing prefixes, and limiting the size of Autonomous System paths to destination networks, as well as object-level integrity checks for network layer reachability information and associated attributes (178). According to Mitnick (2002), secure routing protocols, such a Secure BGP (SBGP), allow routers in different networks to determine that they are receiving route announcements from authorized routers, and not from unauthorized sources. In fact, several solutions encrypt packets on the Internet (102). Programs like SSH encrypt and authenticate shell connections from a user on one machine to a computer across the network. Protocols like SSL can encrypt and authenticate Web traffic across the Internet. Protocols like IPsec promise to be able to encrypt and authenticate everything. To prevent both malicious and unintentional network configuration changes, companies that control major network installations should deploy procedures that require peer review of any modifications to the routing system, as well as requiring more than one person to commit any network changes, based on multi-party multi-factor authentication. This reduces the ability of an inexperienced, rogue, or coerced employee to affect a major configuration change without authoritative approval.
References
Mitnick, K. (2002). The Art of Deception: Controlling the Human Elements of Security. Indianapolis: Wiley.
Schmauder, P. (2000). Virus Proof: The Ultimate Guide to Protecting Your PC. Roseville: Prima Tech.
Schneier, B. (2000). Secrets & Lies: Digital Security in a Networked World. Canada: Wiley.