Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
?
EE Times-Asia > Networks
?
?
Networks??

Protocol stacks are Achilles' heel of net security

Posted: 03 Nov 2003 ?? ?Print Version ?Bookmark and Share

Keywords:network security? protocol stack? layer 2? hacker? ip address?

Breach of network security affects the world we live in today where e-mail and instant messaging are critical components of business and personal management. Consider the impact of losing Internet service for days at a time. A 22-hour network outage at eBay cost the online auctioneer more than $2 million. Indeed, creating havoc in the network through protocol tampering is putting the Internet as well as corporate Intranets at risk. The key to preventing these expensive attacks is to understand and capitalize on the weak points of the protocols that power them.

To highlight an example of such network attack, it is possible for an attacker to inject invalid routing information to a router and disrupt the network traffic by changing the routing topology. While there exists basic security mechanisms to protect this routing information, many devices do not use this protection, and the level of protection provided is weak at best. While IP-based networks fuel the Internet, and as such their vulnerabilities are key, Layer 2-based networks are not immune. An attacker can inject malicious Spanning Tree packets into a network switch and disable a port off from forwarding traffic.

These are only two simple examples that could be performed against the dozens of protocols that exist in today's networks. Recently, a flaw in the IOS software driving a number of Cisco switches, routers and wireless access points has been discovered that can enable a hacker to disable these devices. An interface can be shut down by targeting a specific sequence of IPv4 traffic to the device. A hacker could take down the entire device or network by exploiting this flaw. While this specific issue has been corrected via an updated software patch, the network itself is still at risk until administrators deploy this fix across all the devices.

To protect our information highways, we need to conduct a detailed analysis of the existing protocols that drive these networks and identify the weak points by determining how they can be compromised. Once these vulnerabilities are identified, methods to correct the weaknesses may be developed through the evolution of networking protocols or the development of devices to protect against these weaknesses.

Increased vulnerability

Since each networking protocol is unique and the interrelationships between these protocols are complex, addressing every security vulnerability is not possible. Many protocols are designed with a level of trust to the network around them. This causes the issue of security to increase in intensity as we both put in additional layers of new protocols and provide enhanced functionality in the existing protocols.

The answer to these security vulnerabilities is not to update the networking protocols to a new RFC or a new draft, nor is it to create separate networking devices that simply add confusion to the mix of the already complex networking topologies. Networking products must be designed so that these security threats can be stopped. One approach is to implement a type of packet inspection that creates knowledge at each individual networking element.

To achieve a smarter network, each networking element should perform its own determination of the validity of the packets by inspecting network traffic and building a map of the network.

The solution to these attacks is not as simple as drafting a set of new protocols. Today's protocols are generally simple in the context of state machine flows as they move from one state to another within the operation of the protocol. But what happens if someone attacks the network and stimulates the protocols such that an invalid sequencing of states occurs? Depending on the protocol, this could cause a minor, recoverable blip or it could disable ports or shut down an entire switch. Further, the impact could result in the sending of invalid information to the rest of the network. The result may be profound negative effects on the network.

A solution must be developed to allow for individual networking protocol elements to make decisions based on information that has been learned or seen flowing through the network for a specific period of time. By adding the ability for networking elements to have some type of policies for the updating of routing tables or adding entries to a Layer 2 forwarding table, a secure network can be created.

If you have the ability to not only learn and adapt to the network - but also make decisions and use the protocols to help verify the information itself - you have taken the first step to create a network of intelligent, self-sufficient networking elements that can protect against attacks on the protocols themselves.

There exist two parts to a potential solution. The first is having a set of algorithms that create a detailed map of the network based on the perspective of the individual networking elements. This context map would consist of networking elements, IP addresses and other information.

The creation of a context map enables the second component of the solution. Secure networking modules could provide the intelligence that understands each protocol and its limits as well as how to maximize the security for those protocols. The secure networking modules would also have the ability to communicate with other secure networking modules to understand the prerequisites for certain events in the state machine of a given protocol to occur. By having a module-based approach, protocols can be secured independently and individually. This results in an iterative approach and allows a system of modules to be built upon one another.

- Steve Ledford

Director, Software Development

- Michael Ward

Program Director, Product Management

LVL7 Systems Inc.





Article Comments - Protocol stacks are Achilles' heel o...
Comments:??
*? You can enter [0] more charecters.
*Verify code:
?
?
Webinars

Seminars

Visit Asia Webinars to learn about the latest in technology and get practical design tips.

?
?
Back to Top