Security in the Current Internet Environment
The original designers of the current IP protocol (IPv4) did not have to worry too much about security because the Internet was a trusted network for “the happy few.” In addition, the design that is still in use today was considered a prototype that would be redesigned and extended over time. This historical development leads to two fundamental observations concerning security in today’s Internet:
Many protocols base their security on the assumed authenticity of IP addresses and port numbers. Based on the assumption that there are networks connected to the Internet that are entirely controlled by their respective user groups, we must not anticipate that any element in an IP packet is secure or cannot be read or modified. This implies that we must not trust an IP sender address or port number (nor any other element in the IP or transport header).
Most protocols (application protocols, in most cases) that use a user identification and password authentication mechanism transmit the password in clear text or in a form that can easily decoded, such as Base 64. One-time password mechanisms or challenge/reply mechanisms are seldom used, although some standards have been developed to protect password/credential exchanges. This implies that security flaws in one of the lower protocol layers, which enable an attacker to read the data in transmission, can be used to attack application programs and user accounts (i.e., the application layer). ...
Get IPv6 Essentials now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
