Wednesday December 3, 2008 7:51 AM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"trend is good antivirus software."
on Trend Micro OfficeScan Client/Server Edition
by jack | Dec 3, 2008 7:02 AM
 
"I feel it with you guys. These irritating interruptions on privacy MUST be stopped. It is a ..."
on Yahoo and Microsoft take aim at lottery scams
by Jan Wilmans | Dec 2, 2008 7:11 PM
 
"My AVG WILL NOT UPDATE"
on AVG update deletes critical Windows file
by James Downs | Dec 2, 2008 5:58 AM
 
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
 
"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."
on Companies have security to consider with in-the-cloud Office
by SGE | Nov 25, 2008 3:29 PM
Web

UK government blast TCP/IP security

  • Email a Friend
  • Print Page
UK government blast TCP/IP security
Related Articles
By Shaun Nichols
Aug 22, 2008 9:47 AM | 2 Comments
Tags: Brits | blast | TCP/IP | security
A report from a top UK government defence body is calling into question the security of the basic internet protocol.

The TCP/IP protocol is the basic function used by computers to communicate with outside networks. First adopted in 1983, the TCP/IP system is widely credited with enabling the creation of the internet as we know it.

The same protocol that enables the internet, however, may also be leaving it at risk, according to the Centre for Protection of the National Infrastructure (CPNI)

The company notes that many of the same techniques first used to link up the Arpanet network in 1983 are still in use today by the modern-day internet, and not all of them are secure.

"While many textbooks and articles have created the myth that the Internet Protocols were designed for warfare environments, the top level goal for the DARPA Internet Program was the sharing of large service machines on the Arpanet, " read the introduction to the report.

"As a result, many protocol specifications focus only on the operational aspects of the protocols they specify and overlook their security implications. "

The CPNI noted that over the years vulnerabilities have emerged in everything from the handling of headers to dealing with fragments of code and reassembling data.

Even when those problems are patched, the CPNI pointed out that the fixes are not always approved or recommended by the Internet Engineering Task Force.

"In many cases vendors have implemented quick 'fixes' to protocol flaws without a careful analysis of their effectiveness and their impact on interoperability," the report read.

"As a result, any system built in the future according to the official TCP/IP specifications might reincarnate security flaws that have already hit our communication systems in the past."

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Comments: 2
Yes? And? So what? What were the recommendations of the report? What is the point of this article if it simply states what is already known, but makes no mention of any mitigation recommendations that were made?
SC Magazine - comments icon Posted by TimSep 4, 2008 2:02 PM
Have your read the paper? I dn't think so. Read it, and you'll find the advice that you are looking for.
SC Magazine - comments icon Posted by David CrowcroftOct 19, 2008 12:39 PM
Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
blink digital eeye firms framework information major mashup microsoft pdf policy professional report risks safeguard security secuware updates vendors vulnerability