All the latest UK technology news, reviews and analysis
|
|
|
21 Aug 2008
A report from a top UK government defence body is calling into question the security of the basic internet protocol.
The TCP/IP protocol is the basic function used by computers to communicate with outside networks. First adopted in 1983, the TCP/IP system is widely credited with enabling the creation of the internet as we know it.
The same protocol that enables the internet, however, may also be leaving it at risk, according to the Centre for Protection of the National Infrastructure (CPNI)
The company notes that many of the same techniques first used to link up the Arpanet network in 1983 are still in use today by the modern-day internet, and not all of them are secure.
"While many textbooks and articles have created the myth that the Internet Protocols were designed for warfare environments, the top level goal for the DARPA Internet Program was the sharing of large service machines on the Arpanet, " read the introduction to the report.
"As a result, many protocol specifications focus only on the operational aspects of the protocols they specify and overlook their security implications. "
The CPNI noted that over the years vulnerabilities have emerged in everything from the handling of headers to dealing with fragments of code and reassembling data.
Even when those problems are patched, the CPNI pointed out that the fixes are not always approved or recommended by the Internet Engineering Task Force.
"In many cases vendors have implemented quick 'fixes' to protocol flaws without a careful analysis of their effectiveness and their impact on interoperability," the report read.
"As a result, any system built in the future according to the official TCP/IP specifications might reincarnate security flaws that have already hit our communication systems in the past."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
EU data protection overhaul contains "bureaucratic tick box-proposals", says information commissioner Christopher Graham in exclusive interview with V3
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Technical Author - Word, Excel, Visio, Access - Cheltenham...
Java/J2EE Developer - St Albans - £35,000 - £40,000...
Business Analyst – Custody, Cash Management Our...
A fantastic opportunity for an experienced Online Marketing...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Typical!
Whenever a central government is caught with it's trousers firmly round its ankles, some quango or other leaps to the defence. Here we are, with civil servants, the military, the police running around with un-encrypted data on memory sticks, posting CD's in the ordinary mail, leaving laptops on buses and trains, so a government IT security 'watchdog' blames... the internet!! I don't follow their logic at all. In our organisation, anything that moves is encrypted! Media sent out is encrypted to either 128bit or 256bit, with keys sent independently (unlike a CD I received a little while ago from another (central government) source, who obligingly put a note of the key in the same envelope). Our external access uses various devious encryption methods, as well as SA to get in the first place. Come on, civil service, police, judiciary, NHS, armed forces, wake up! It isn't rocket science to keep things secure, it isn't TCP/IP that looses data, it is laziness and complacency that leaves things vulnerable, not the technology.
Posted by: Steve Atkinson 28 Aug 2008
"Not well laid out."??
The report is supposed to help implmenters build secure IP implementations. There are some aspects of the protocols that can be secured. And that's what this document is about. There are some security aspects that cannot be fixed without replacing IP itself. The report answers the question it is supposed to answer: "What can be done to improve the security of the Internet Protocol?", rather than other questions such as "How can we fix the whole Internet mess?"
Posted by: Dave 27 Aug 2008
Not well laid out.
True, there are problems at this date with TCP/IP, we all know this. But respectfully, I just don't see any answers in this article either. If the top Brit government defence body has some solid answers that would fix these intermediate "patches", I'm quite sure we'd all like to know what they are so we can get on about fixing the holes in the 'Net.
Posted by: Patrick 21 Aug 2008