TCP/IP (Transmission Control Protocol / Internet Protocol) is a set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. However, from a security standpoint, it is not inherently secure. To understand why, we must first look at the history of TCP/IP.

TCP/IP was designed more than 30 (thirty) years ago in a research environment. It was the native communication protocol of one of the earliest operating systems in computing history: Unix.

One of Unix’s variants, the BSD (Berkeley Systems Database) Unix developed by the University of California in Berkeley, was first embedded with networking protocol TCP/IP in 1983. At that time, since Unix was mainly used in an academic environment, it was not designed to handle high network traffic. It also was not designed to handle modern business-critical network applications.

Additionally, most of the application-related protocols associated with TCP/IP—such as FTP, TELNET, and SMTP—were designed without consideration of the security issues we face today.

The fundamental weakness of the TCP/IP protocol lies in the IP (Internet Protocol) layer. For example, the IP address of a typical IP packet can be arbitrarily created. There is no method of verifying whether or not a particular source IP address is genuine.

This leads to a possible “IP Spoofing” attack. This is when an attacker pretends to be sending data from an IP address other than his or her own address. As a result, there is no authentication process when using that IP protocol.

Another weakness of the TCP/IP protocol is that the IP layer does not carry any encryption function to preserve the confidentiality and integrity of security functions. This creates the possibility of a serious security breach known as a “man-in-the-middle attack.” In this type of breach, the attacker seizes an IP packet, reads and modifies the upper layers within it, and releases the packet again within the network, passing it back and forth between a sender and receiver.  The sender and receiver involved are unaware an attack is in process.

Hopefully, IPv6 (successor of the traditional IP protocol IPv4) will solve these problems. The IPv6 protocol is equipped with authentication and encryption capabilities, solving the long-standing security problems of IPv4. (Note: The IPv4 protocol uses a four 8-bit address scheme in order to provide 32 bits of address space, whereas IPv6 uses a sixteen 8-bit address structure, creating much bigger 128 bits of address space.) However, the adoption of the IPv6 protocol is unexpectedly slower than was originally anticipated.  Many believe that the “dot-com bubble burst,” which slowed down the acquisition of IPv4 address spaces, is to blame for this delay.

Another explanation points to the widely adopted Network Address Translation (NAT) protocol. This protocol allows an individual, private network to use reserved IP addresses for its hosts in order to access the public Internet before they use a NAT router as a proxy—which requires IPv4 addresses to communicate. The benefit of the NAT protocol for users is that it dramatically reduces the need for unique public IP addresses assigned to each host within a private network for it to access the Internet.

No matter what the real reason for the delay is, it is becoming imperative that we take a serious look at migrating to IPv6. It has been predicted that the number of available Ipv4 addresses will be depleted within the next five years1. In addition to complying with the limitation of this rigid time constraint, adopting the new IPv6 protocol will also resolve most of the security issues of IPv4, creating more secure networking systems.

1 Jorgenson, L. (2007) IP address depletion hastens IPv6 adoption Available from: <http://www.searchnetworking.com.au/topics/article.asp?DocID=1267040> [Accessed 25 March 2008].

Tags: IP Spoofing, TCP, 7-layer model