Ed's podcasts

RSS feeds and podcasts created by Ed Nickel
are licensed under a Creative Commons Attribution 3.0
United States License
based on a work at cot.gbcnv.edu.
Creative Commons License

CIT 361: Week 13

TCP/IP Network Security

To automatically receive new feeds and podcasts you can copy this link: http://cot.gbcnv.edu/~ed/class/cit361/cit361.xml to your RSS reader and/or your iTunes/mp3 software. If you prefer getting the new feeds and podcasts manually you can read these files directly as you are reading this one.


There are some comments at the beginning of chapter 12 that I think need to be put into a "real world" context. In the first paragraph, the authors describe TCP/IP as having an inherently optimistic security model to which I would agree. However, this seems to imply that such an open system is somehow undesirable which I do not think is absolutely true.

Look at the example of Apple assuming their closed SMS (text message service) would be the only one an iPhone user would ever need. However, when iPhone users got a better deal and switched to Android phones then text messages sent to them were still linked by the phone number to Apple's SMS servers and disappeared into Apple's proprietary black hole for which Android had no access. (I am not implying that Google's Android back holes are any better for users switching the other way.) What I am simply trying to point out is that open systems allow users to choose to services that work best for them while closed, proprietary systems might have strong security but definitely lock them into single vendor silos. However, it should be noted that no system, either open or closed has ever been secure against concerted attacks. Apple and Microsoft are closed proprietary systems that have had security breaches while TCP/IP and Linux are open systems that have also been breached. Given the fact that no system is perfectly secure, I personally prefer open systems that let me choose which services and methods I wish to use as opposed to closed systems that lock me into one company's way of doing things.

As an aside, I find it interesting that Microsoft got its start and a significant boost by blasting open the hermetically sealed, air conditioned, closed environment of the IBM mainframe computer rooms run by computer scientists in white lab coats when they introduced DOS and PCs to the world. Microsoft then spent the next several decades trying (and to a large degree failing) to close the breach thus created and reseal the computing environment around Windows.

To get back to the text, on that same first page of this chapter, the authors present what I think is a rather out dated view of the state of network security. They present the standard definitions of attacker, victim, hacker, and end with the definition of a cracker as "a person who attempts to break into a system for malicious purposes, using techniques that do not necessarily involve deep system skills or knowledge." While the definitions given are correct they no longer apply to the most significant network data breaches. For several years we have known the Chinese are using network attacks practice industrial espionage on a scale never before imagined and we have more recently discovered that the US via the NSA and FBI have not been angelic in their exercise of cyber warfare to listen to everyone from foreign heads or state to the cellphone usage of average US citizens. Of course the cyber criminals have also advanced far beyond the old definitions of hacker and cracker to obtain Social Security numbers, credit card numbers, identity theft data, and more. All of this whether by government agencies or by crooks requires a very deep knowledge of networking and the targeted systems to sneak in, obtain data, and preferably not be detected while doing so.

Do a search on the attacks against Home Depot in 2014, Target in 2013, TJX Companies (TJMaxx, Marshalls, etc.) in 2006 to see just three data thefts resulting in 200 million of the almost one billion data records exposed since 2005. You will quickly see that these were conducted using very sophisticated techniques. If you expand your search to investigate the tools used by Chinese industrial espionage agents, the NSA, and the FBI then you will see even more sophisticated techniques being employed. It should come as no surprise that most Americans are not happy with either private companies or government agencies sweeping up vast amounts of personal data.

The authors have put together a fair but brief overview of the forms cyber attacks can take and how network administrators can defend against them. I would like to note here that this chapter covers a topic in which you can get a PhD from some universities. So please do not think that we have done more than barely skim the surface of network and data security. Therefore, I think there will be no shortage of material for you to write about in this week's discussion.