The Vulnerabilities of TCP/IP [at] Krizzna™

Posted on March 26, 2011 by krizzna

The Vulnerabilities of TCP/IP

TCP/IP (Transmission Control Protocol /Internet Protocol) is the protocol stack used for most Local Area Network (LAN) and Wide Area Network (WAN) communication. Digital asset threats and vulnerabilities were not an issue when TCP/IP was invented. Furthermore, TCP/IP is the most widely used network communication standard that is used to communicate with two or more computers over the Internet or across offices. Although it does not matter what medium connects computers on a network (copper wire, fibre-optic or wireless) the same protocol must be running on all the computers for communication to be reliable. TCP/IP is connectionless and uses a best effort delivery mechanism to deliver frames to its destination. Transmission data is broken down into frames, each frame with a destination address for routing through the network or Internet. The sequence number in each frame is used to predict the method of the frames, and the TCP port number offers a procedure to direct data to a precise application. However, this frames travel through a media and over a public network which can be easily intercepted, modified and fabricated, resulting in compromise of confidentiality and integrity of the data.

Today network intruders have used their knowledge and the security flaws of TCP/IP to gain authorised access to organisation’s digital assets. This is a major problem facing organisations and their digital assets because TCP/IP was not developed with security in mind. Some of these TCP/IP security flaws used by intruders to gain authorised access to networks are as follows:

Denial-of-Service: This happens when an intruder uses a critical service of the target server or host in such a way that no service or strictly degraded service is available to others. In order words an intruder send more requests to the target server than it can handle. Packet Sniffing: The intruder uses packet sniffing to target data when it is transmitted over a public network. IP Spoofing: This type of attack takes advantage of poor system configuration. The fact is that many organisations configure certain hosts on their network to trust other hosts using their IP address. With these kinds of authentication, is easy for an intruder to use this security flaw and launch an attack on a target host. Sequence Number Spoofing: With this type of attack, the intruder predicts the TCP sequence numbers that the trusting host is expecting in the frames it receives. Routing Attacks: IP source routing is the major security flaw of TCP/IP protocol, the system administrator uses this mechanism to specify a direct route to destination and source. SYN Flooding Attack: The intruder takes advantage of the flaws in TCP three way handshakes. Man-In-The Middle Attack (session hijacking): Man in the middle attack enables the intruder to take control of a legitimate session between two computers. The intruder takes over a legitimate user connection by monitoring traffic of the ta rget network.

For more reading about countermeasures to mitigate the above threats visit http://www.honeyjet.co.uk/Updates.html

Article from articlesbase.com

Share and Enjoy: