Are we gambling with TCP/IP

At AusCert 2014, Verizon's Marcus Sachs posed the question – "Are we gambling with TCP/IP?"

At AusCert 2014, Verizon's Marcus Sachs posed the question – "Are we gambling with TCP/IP?" Think about it. In the late 1990s there was a protocol war in progress but in a few short years Token Ring, NetBEUI, Apple Talk and the others all disappeared to be replaced by the protocol of the Internet.

The trouble is that TCP/IP was designed for the Internet, or ARPANet as it was, of the research community. Not the Internet of the personal, business and entertainment world we have today.

Sachs says that even though the Internet was designed for a heterogeneous environment with lots of different host systems and protocols, we have consolidated down to Windows and Unix as the dominant operating systems and two protocols with TCP and UDP responsible for the vast majority of traffic.

That consolidation has, while simplifying things for the users of the Internet, made it easier for malicious parties to exploit the Internet for nefarious purposes.

Sachs drew a parallel between the design of the Internet and the way casinos operate. As we all know, the games played in casinos are skewed so that the house always wins. Similarly, when the Internet was first designed with rules that favoured the research and academic communities. However, while the rules, or protocols of the Internet have remained unchanged, the players are now doing different things and there is a new "opportunity for malice".

ARPANet was designed for resistance to random faults but not designed to resist targeted attacks. Back when the Internet was conceived, networks were far less resilient than they are today. So the network was made for resilience against those random problems. However, there was no concept at the time that anyone would deliberately attack the network.

For example, there was a recent spike in a specific type of DDoS attack using chargen as the threat vector for an NTP-based attack. These were protocols designed for specific purposes that are being repurposed by malicious parties for targeted attacks.

This was the central thesis of Sachs' presentation; it's not that the Internet was poorly conceived or designed over four decades ago. It's that the rules that were in play at that time are no longer relevant. ARPA is gone but the Internet they created is still here.

Sachs' presentation took a turn when he invoked the Kobayashi Maru – the test taken by all Star Fleet recruits in the TV series and movies Star Trek. The test puts recruits in a no win situation where, regardless of their actions, the recruit's actions result in the death of many people.

Only one recruit has passed the test – the famous Captain James T. Kirk. He defeated the simulation by reprogramming the simulation. Depending on your point of view, he cheated, created a new way of attacking the problem or innovated.

Sachs believes that the only way for the scales to be tipped away from the malicious hackers is to reprogram the Internet, much like Kirk and the simulator.

Cheating is largely the approach of spies and criminals in Sachs' view. Rather than changing the rules of the Internet, such as using protocols for their intended purposes, they simply disobey.

The Star Trek approach was to create a new set of rules.

Sachs closed his presentation saying that he believed the way forward for the foreseeable future is with innovation. Using a clip from the 1980s movie War games, he illustrated that it is possible to change the outcomes of the security fight by working creatively within the rules without violating them.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about AppleAusCertThe StarTrekVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place