Protocol and Network Management

¶ … wartime communication, business operations, or protecting oneself from identity theft, secure communication via the Internet is a top priority. Every day, malicious users are creating and releasing new forms of malware that are increasingly difficult to detect and combat. Many of these hackers are motivated by a desire to steal private information -- a crime that can be devastating to any victim. Fortunately, many "good guys" are also working to protect this information. Cryptography, authentication, message integrity, and operational security are the main focus of their work. Other issues include how to secure network layers for specific operations: email, TCP connections, the network layer, or a wireless LAN . The war against cyber criminals of all kinds is an exciting and vibrant area of research and development; this mission poses greater and greater challenges to scientists as criminals perfect their craft .

So what are malicious internet abusers getting away with? Their crimes include eavesdropping, compromising data, stealing passwords and other personal information, identity theft, and denial of service attacks. For most of these crimes, the initial response has been to encrypt messages or data in order to prevent successful interception. Although cryptography techniques date back thousands of years, many of the most exciting advancements have taken place recently in response to more sophisticated criminal activity. Encryption algorithms combined with secret "keys" are used to code information before transmission; the receiving end must then be able to decode the message for comprehension. Historical encryption algorithms include: the basic Caesar cipher, monoalphabetic cipher, and polyalphabetic encryption. Corresponding methods of attack are known as ciphertext-only attacks, known-plaintext attacks, and chosen-plaintext attacks. A standard in email encryption schemes still used today is Zimmerman's Pretty Good Privacy (PGP), software which creates a public key pair for the user upon installation. In the case of TCP connections, security has traditionally been provided by a modified version of TCP known as Secure Sockets Layer (SSL), or the newer Transport Layer Security (TLS). These security protocols also involve the use of secret keys. When it comes to network-layer security, the standard is known as the IPsec, or the IP security protocol. IPsec works by securing IP datagrams between network-layer entities; it is often used to create virtual private networks (VPNs). Another network domain where security measures are imperative is the wireless LAN. The initial standard for wireless security is the IEEE 802.11 Wired Equivalent Privacy (WEP) protocol, which employs a "symmetric shared key approach" to provide authentication and encryption. This protocol has since been replaced by an improved version, the IEEE 802.11i. Finally, current network security issues revolve around firewalls, intrusion detection and prevention systems, and other modes of operational security. Traditional techniques employed in this realm involve packet filters, application gateways, and deep packet inspection. Clearly, computer scientists have well-established and sufficiently successful network security protocols in place on many levels: so why is malware still such a threat?

According to McAfee, a leading provider of security software, recent reports indicate a "huge increase in both the volume and sophistication of malware." Why is this happening and what can be done about it? A compelling argument is that as with many significant problems, money is the culprit. In particular, as long as hackers can more easily make more money than computer scientists and IT professionals working against those hackers, there will be a great incentive for the brightest minds in the world of computing to join the "dark side." In response, computer security professionals have seen a recent increase in pay; however, most companies during an economic recession cannot afford to increase salaries to the level of pay that cyber criminals can amass with much less effort . A better strategy might be to combine an increase in salary with free ongoing educational opportunities, especially since so many new species of malware are released every day. In addition, experts argue that working to be "paranoid," and to "know your enemy," are important considerations for anyone in the network security field. Knowing your enemy means understanding their tactics down to the minutiae. In addition, deterring attackers by "annoying" them with counter-tactics may be a more realistic solution than completely erasing a threat. All of these ideas should be considered and incorporated into plans of defense against security attacks.