At AusCert 2014, Verizon's Marcus Sachs posed the question – "Are we gambling with TCP/IP?" Think about it. In the late 1990s there was a protocol war in progress but in a few short years Token Ring, NetBEUI, Apple Talk and the others all disappeared to be replaced by the protocol of the Internet.
The trouble is that TCP/IP was designed for the Internet, or ARPANet as it was, of the research community. Not the Internet of the personal, business and entertainment world we have today.
Sachs says that even though the Internet was designed for a heterogeneous environment with lots of different host systems and protocols, we have consolidated down to Windows and Unix as the dominant operating systems and two protocols with TCP and UDP responsible for the vast majority of traffic.
That consolidation has, while simplifying things for the users of the Internet, made it easier for malicious parties to exploit the Internet for nefarious purposes.
Sachs drew a parallel between the design of the Internet and the way casinos operate. As we all know, the games played in casinos are skewed so that the house always wins. Similarly, when the Internet was first designed with rules that favoured the research and academic communities. However, while the rules, or protocols of the Internet have remained unchanged, the players are now doing different things and there is a new "opportunity for malice".
ARPANet was designed for resistance to random faults but not designed to resist targeted attacks. Back when the Internet was conceived, networks were far less resilient than they are today. So the network was made for resilience against those random problems. However, there was no concept at the time that anyone would deliberately attack the network.
For example, there was a recent spike in a specific type of DDoS attack using chargen as the threat vector for an NTP-based attack. These were protocols designed for specific purposes that are being repurposed by malicious parties for targeted attacks.
This was the central thesis of Sachs' presentation; it's not that the Internet was poorly conceived or designed over four decades ago. It's that the rules that were in play at that time are no longer relevant. ARPA is gone but the Internet they created is still here.
Sachs' presentation took a turn when he invoked the Kobayashi Maru – the test taken by all Star Fleet recruits in the TV series and movies Star Trek. The test puts recruits in a no win situation where, regardless of their actions, the recruit's actions result in the death of many people.
Only one recruit has passed the test – the famous Captain James T. Kirk. He defeated the simulation by reprogramming the simulation. Depending on your point of view, he cheated, created a new way of attacking the problem or innovated.
Sachs believes that the only way for the scales to be tipped away from the malicious hackers is to reprogram the Internet, much like Kirk and the simulator.
Cheating is largely the approach of spies and criminals in Sachs' view. Rather than changing the rules of the Internet, such as using protocols for their intended purposes, they simply disobey.
The Star Trek approach was to create a new set of rules.
Sachs closed his presentation saying that he believed the way forward for the foreseeable future is with innovation. Using a clip from the 1980s movie War games, he illustrated that it is possible to change the outcomes of the security fight by working creatively within the rules without violating them.