AOH :: IS1721.HTM

Security Assessment of TCP protocol




Security Assessment of TCP protocol
Security Assessment of TCP protocol



(Forwarded from DR, and a few other sources...   - WK) 

The United Kingdom's Centre for the Protection of National 
Infrastructure has just released the document "Security Assessment of 
the Transmission Control Protocol (TCP)", on which I have had the 
pleasure to work during the last few years.

The motivation to produce this document is explained in the Preface of 
the document as follows:

- ---- cut here ----

The TCP/IP protocol suite was conceived in an environment that was quite 
different from the hostile environment they currently operate in. 
However, the effectiveness of the protocols led to their early adoption 
in production environments, to the point that to some extent, the 
current world's economy depends on them.

While many textbooks and articles have created the myth that the 
Internet protocols were designed for warfare environments, the top level 
goal for the DARPA Internet Program was the sharing of large service 
machines on the ARPANET. As a result, many protocol specifications focus 
only on the operational aspects of the protocols they specify, and 
overlook their security implications.

While the Internet technology evolved since it early inception, the 
Internet's building blocks are basically the same core protocols adopted 
by the ARPANET more than two decades ago.

During the last twenty years, many vulnerabilities have been identified 
in the TCP/IP stacks of a number of systems. Some of them were based on 
flaws in some protocol implementations, affecting only a reduced number 
of systems, while others were based in flaws in the protocols 
themselves, affecting virtually every existing implementation. Even in 
the last couple of years, researchers were still working on security 
problems in the core protocols.

The discovery of vulnerabilities in the TCP/IP protocol suite usually 
led to reports being published by a number of CSIRTs (Computer Security 
Incident Response Teams) and vendors, which helped to raise awareness 
about the threats and the best mitigations known at the time the reports 
were published. Unfortunately, this also led to the documentation of the 
discovered protocol vulnerabilities being spread among a large number of 
documents, which are sometimes difficult to identify.

For some reason, much of the effort of the security community on the 
Internet protocols did not result in official documents (RFCs) being 
issued by the IETF (Internet Engineering Task Force). This basically led 
to a situation in which "known" security problems have not always been 
addressed by all vendors. In addition, in many cases vendors have 
implemented quick "fixes" to the identified vulnerabilities without a 
careful analysis of their effectiveness and their impact on 
interoperability.

Producing a secure TCP/IP implementation nowadays is a very difficult 
task, in part because of the lack of a single document that serves as a 
security roadmap for the protocols. Implementers are faced with the hard 
task of identifying relevant documentation and differentiating between 
that which provides correct advice, and that which provides misleading 
advice based on inaccurate or wrong assumptions.


There is a clear need for a companion document to the IETF 
specifications that discusses the security aspects and implications of 
the protocols, identifies the existing vulnerabilities, discusses the 
possible countermeasures, and analyses their respective effectiveness.

This document is the result of a security assessment of the IETF 
specifications of the Transmission Control Protocol (TCP), from a 
security point of view. Possible threats are identified and, where 
possible, countermeasures are proposed. Additionally, many 
implementation flaws that have led to security vulnerabilities have been 
referenced in the hope that future implementations will not incur the 
same problems.

This document does not aim to be the final word on the security aspects 
of TCP. On the contrary, it aims to raise awareness about a number of 
TCP vulnerabilities that have been faced in the past, those that are 
currently being faced, and some of those that we may still have to deal 
with in the future.

Feedback from the community is more than encouraged to help this
document be as accurate as possible and to keep it updated as new
vulnerabilities are discovered.
- ---- cut here ----

The document is available at CPNI's web site:
http://www.cpni.gov.uk/Products/technicalnotes/Feb-09-security-assessment-TCP.aspx 



_______________________________________________      
Best Selling Security Books & More!
http://www.shopinfosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods