I was recently asked which future [tag]internet security protocols[/tag] / models can help increase the overall security of the Internet.

Before I can answer this question, let’s take a brief look at the current OSI model (and
it’s simplified most often used TCP/IP version) that is the base for the overall data
transfer between systems on the Internet. The internet security is tightly bound to the security (or rather, insecurity) of those protocols.

TCP/IP protocol was originally created to suit the needs of ARPANET, closed network which was essentially what we call today intranet. Since it was not a public network, but rather peer-to-peer communication between several US universities, not everybody had access to it, so there was not much thought given initially to the security of this protocol. The main task of the protocol was to efficiently deliver data between the remote locations.

Later this network grew up and became Internet, but TCP/IP protocol still was used as a main way of communication. However, it was not a closed network anymore. So because of the initial “friendly” architecture, now we have ip spoofing to deal with. This technique allows hackers to effectively conduct ping sweeps and port scans, and gives them ability to effectively hide the ip of the host that originated the attack.

Smurf attacks and arp-redirects also probably wouldn’t be possible if this model would be originally created with a security in mind (or rather, the enhanced version of this
protocol would be created for the public network).

The trace of the “friendliness” of the TCP/IP model could be better seen on layers 2-4 of the model.

The insecure nature of Ethernet still amazes me. Broadcasts allow anyone on the network to easily access the information passed between any other machines on the same bridge. The logic is that everyone will behave ethically and not eavesdrop on conversations that are not meant to them. Well, it could would work for closed networks, but it certainly doesn’t work for the Internet where you in effect trust all your private communications to the complete stranger.

And the relative ease of arp redirects where any machine can claim to have any MAC address it wants, is nothing more than just more advanced version of misuse of the same trust…

Same goes for DHCP servers and DNS servers…

Though many security experts believe that actual hacking happens on the application layer, it would be much more difficult to accomplish without the preliminary reconnaissance of the target subnet. Besides, all the sniffing also happens on the network layer. And if username/passwords are sniffed, then no hacking is really needed – you already have everything you need.

So if we want to achieve more secure Internet, the first logical conclusion would be to somehow boost the security of TCP/IP protocol.

IP version 4 is completely insecure, so big hopes were cherished for the introduction of IP version 6. At least it will allow to positively identify the source of attack.
Plus, ping sweeps won’t work anymore simply because of the size of subnets that would have to be scanned. And broadcast will be changed to multicast, thus reducing the number of hosts that will be able to intercept communication. Plus it would be more difficult for worms to spread.  Of course the mandatory inclusion of IPSec in the IPv6 could theoretically be helpful too.

(Though on practice, the deployment of this protocol will take at least a few years, and most likely no encryption will be initially implemented.)

Unfortunately, this protocol has its own weaknesses too. One thing I hate is that now you can’t filter all ICMPs, because it’s neighbor discovery totally depends on it. And ICMPs are well known as one of the most popular sources for DDOS.

In total, IPv6 should have more positives then negatives as far as Internet security is concerned.

But we also need to see what could be done to increase the security on the application layer.
We’ll talk about it next time.