The protocols that support network communication, which we all rely on for the Internet to work, were not specifically designed with security in mind. When the specifications of these fundamental protocols were being determined, the designers were not worried about criminals stealing credit card numbers or attackers launching man-in-the-middle and sniffing attacks to compromise and abuse the integrity of network traffic for financial gain. The designers weren’t concerned with these things because at the time, the idea of online banking seemed far-fetched and was not considered a probable use case. These protocols were mainly designed and used to conduct transactions with a machine across organizations for research purposes.

The concern for security did not come to the forefront until networks began to be accessible to the general public and dependency on commercial transactions increased. The designers of the protocols didn’t intend that consumers would use the Internet in the way they do now. These protocols, designed without security in mind, are now the foundation on which everything else is built.

Attackers are unlikely to give up on attacking the legacy protocols that support network and Internet communication because these protocols have always been and continue to be the weakest link. In this chapter, we will study why these protocols are weak and how attackers have and will continue to exploit them.