@@ -32,7 +32,7 @@ The Internet was created to allow users in one location to
3232access computing resources in another. Those systems had their own
3333security measures in place. For example, if you wanted to use the Internet
3434to log in to a remote computer, you would need to authenticate
35- yourself to that remote system (via user name and password) before
35+ yourself to that remote system (e.g., with a user name and password) before
3636gaining access to any resources on that system.
3737
3838Ensuring the security of end systems does not come close to addressing the entire set of
@@ -76,11 +76,119 @@ overflow bug in a then widely-used software tool, and a security hole in
7676the sendmail program. There is a comprehensive analysis of the worm's
7777operation in the report from Donn Seeley written soon afterwards.
7878
79+ .. admonition :: Further Reading
80+
7981 Donn Seeley. `A Tour of the
8082 Worm. <http://www.cs.unc.edu/~jeffay/courses/nidsS05/attacks/seely-RTMworm-89.html> `__.
8183
82- What we aim to cover in this book is a systems perspective on the
83- security of computer networks.
84+ What we present in this book is a systems perspective on the
85+ security of computer networks. Our focus is on how to create networks
86+ that meet certain security objectives, such as protection against
87+ eavesdropping and modification of data in transit. The systems
88+ approach requires us to look at the entire system: the network
89+ components and the end systems connected by the network, both hardware
90+ and software.
91+
92+ A Short History of Internet Security
93+ ------------------------------------
94+
95+ The Internet architecture was initially created with essentially no
96+ security features. This was not because the inventors, implementers and
97+ architects were unaware of security issues, but rather because there
98+ were other, more pressing goals. As Vint Cerf, the co-inventor of
99+ TCP/IP said: "getting this thing to work at all was
100+ non-trivial”. David Clark, the architect of the Internet, has said
101+ "it’s not that we didn’t think about security…we thought we could
102+ exclude [untrustworthy people].”
103+
104+ The Internet's architecture is often characterized as an hourglass,
105+ with IP being the narrow waist that sits between a wide range of
106+ networks below and a wide range of upper layer protocols and
107+ applications above. The narrowness of the waist refers to its limited
108+ functionality: global addressing and a best-effort packet delivery
109+ model. Conspicuously missing from that waist is any sort of security
110+ capability.
111+
112+ The Morris Worm served as something of a wake-up call to the early
113+ developers of the Internet by highlighting just how vulnerable it
114+ was. By the early 1990s the first firewalls had appeared, allowing the
115+ default "accept any packet from anywhere" behavior of the Internet to
116+ be changed. These
117+ devices filtered packets based on information in the TCP and IP
118+ headers, and were sometimes implemented as part of the functionality
119+ of a router. By 1994 they were common enough that applications such as FTP (the
120+ file transfer protocol) adapted to work with them.
121+
122+ Also in the early 1990s, the Internet was growing quickly enough to make it clear
123+ that IP version 4 (IPv4), with 32-bit addresses, would eventually run
124+ out of address space. The effort to create a new version of IP, known
125+ as IPng (next generation) before being officially labeled as IPv6, had
126+ a much larger scope than a simple increase in the address space. There
127+ was a sense that this was perhaps the last opportunity to
128+ significantly change the IP layer, and thus the time to address
129+ perceived shortcomings of the Internet. High on the list of such
130+ shortcomings to be addressed was security.
131+
132+ The security features that were proposed for IPv6 included headers to
133+ support encryption, message integrity and authentication. However it
134+ became clear that such features did not require a new version of IP,
135+ only a way to add optional information to the packet
136+ header, and so these capabilties also made their way into IPv4. These
137+ extensions became known collectively as IPSEC (IP security) and are
138+ described in several dozen RFCs.
139+
140+ It is worth noting that even if IPSEC had
141+ existed in 1988, it would probably have had minimal impact on the
142+ spread of the Morris Worm, because the worm spread among
143+ hosts that were *supposed * to connect to each other (e.g., to exchange
144+ email using the sendmail program). Encrypting and authenticating traffic
145+ between hosts doesn't prevent the spread of malware
146+ if the end-systems have the sorts of
147+ weaknesses exploited by the Morris worm.
148+
149+ The rise in popularity of the World Wide Web in the 1990s created the
150+ demand for security features at the transport layer to support
151+ applications such as e-commerce. This lead to the creation of SSL
152+ (secure sockets layer) which was superceded by TLS (transport layer
153+ security), both of which provided confidentiality and authentication
154+ at the transport layer.
155+
156+ Another aspect of securing the Internet that started to receive
157+ attention in this period was the security of its infrastructure. One
158+ such pieve of infranstructure is the domain name system (DNS). DNS
159+ replaced static host-to-address mapping files in the 1980s and subsequently
160+ become critical to the operation of the Internet. Clearly the
161+ information served up by DNS needs to be robust against manipulation
162+ by adversaries, and hence there has been an multi-decade effort to add
163+ security to the DNS. The fact that this continues to roll on
164+ illustrates some of the challenges in making incremental updates to
165+ the distributed infrastructure of the Internet.
166+
167+ The Internet's routing system is at least as important as DNS, and
168+ similarly lacked any security provisions in its original design. Not
169+ only do we need to be concerned about modification of routing messages
170+ in transit, but it has historically been all too easy to simply send
171+ incorrect routing updates in BGP, e.g., advertising a good route to
172+ some prefix from an autonomous system that has no such route. Thus,
173+ securing BGP has likewise proven to be a multi-decade, incremental task.
174+
175+
176+
177+
178+ .. admonition :: Further Reading
179+
180+ C. Timberg. `A Net of Insecurity
181+ <https://www.washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1/> `__.
182+ The Washington Post, May 30, 2015.
183+
184+ Trust and Threats
185+ -----------------
186+
187+ .. admonition :: Further Reading
188+
189+ B. Schneier. Beyond Fear: Thinking Sensibly About Security in an
190+ Uncertain World. Copernicus Books, 2003.
191+
84192
85193
86194.. from the original book - need some cleanup to splice with the above text
0 commit comments