Embed Size (px)
Citation preview
CRIM 3460 Introduction to Critical Infrastructure Protection Fall 2016
Chapter 6 – Internet
School of Criminology and Justice Studies University of Massachusetts Lowell
Historical Timeline 1957 - 2003
The human organizations behind the Internet?
Legislation leading to Commercialization
Who governs the Internet, today?
Invention ARPA - Advanced Research Projects Agency
NSF – National Science Foundation
IETF – Internet Engineering Task Force
W3C – World Wide Web Consortium
ICANN - Internet Corporation for Assigned Names and Numbers created to sell blocks of names
The Internet is a network that runs TCP/IP A network of networks
A generic term used in the 1970s in reference to the ARPANet network
Internet is a network that links computer networks all over the world by satellite and telephone, connecting users with service networks such as e-mail and the World Wide Web.1
1Encarta® World English Dictionary © 1999 Microsoft Corporation
1957 - USSR launches Sputnik and USA responds with creation of ARPA = Advanced Research Projects Agency
1962 - Licklider of MIT proposes “Intergalactic Computer Network” as head of ARPA’s command and control program
Joseph Carl Robnett "Lick" Licklider developed the idea of a universal network, spread his vision throughout the IPTO, and inspired his successors to realize his dream by creation of the ARPANET.
(Robert) Taylor’s “Terminal Problem”
How to connect one terminal to 2 or more computers
1968 - ARPA contracts BBN to build packet switched ARPANet
Back-of-Envelope Sketch: A Server (Sigma7) … … and a Switch (IMP)
Back-of-Envelop Sketch: 4 Computers located in UCLA, SRI (Palo Alto), UCSB, Utah
1969 - Jon Postel starts list of users - eventually becomes DNS - for ARPA - he runs IANA for 30 years
DNS (Domain Name Server); “Telephone Book” of Internet.
DNS translates: http://www.myname.tld into 120.131.200.41
The RFC Process
Steve Crocker of UCLA creates RFC = Request For Comment - major tool of Internet evolution
Cluster of Servers on East and West Coast
1973 - Vinton Cerf of Stanford and Robert Kahn of DARPA (Defense Acquisition Research Projects Agency) invent TCP for interoperability and reliability across a network of networks = the “Internet” protocol.
First use of the term, “Internet”
Bob Metcalf invents Ethernet for LANs = Local Area Networks = to become dominant LAN protocol
1976 - DARPA requires use of TCP in ARPANet
1978 - Vinton Cerf, Jon Postel, Danny Cohen divide TCP into 2 parts: TCP and IP - thus TCP/IP is born
1979 - ARPANet Internet exceeds 100 users
Bellovin of UNC invents USENET news group network
1981 - NSF creates CSNet for non-ARPANet university use
1982 - Jon Postel creates SMTP (Simple Mail Transport Protocol) thus standardizing e-mail
ARPANET at 1,000 users - research centers: Stanford/XPARC, USC/ISI, Triangle Park, MIT
1988 - Al Gore discovers the Internet – NRC report chaired by Kleinrock suggests the commercialization of the Internet - attracts Gore’s attention
1989 - Tim Berners-Lee (CERN) invents the World Wide Web:
HTML
Hyper-linked documents
1992 - Congress gives NSF permission to commercialize the Internet (NSFNet)
Number of users exceeds 1 million
1993 - NSF creates InterNIC to support Internet
AT&T contracted to maintain DNS structure
NSF awards 5-year contract to Network Solutions to sell domain names for $50/year subscription
Number users exceeds 2 million
Mosaic - First graphical browser Turned web into a visual web
Made it easy to use
Ran on low-cost PCs
1995 - After spending $200M from 1986-1995 NSF out-sources the Internet to 4 companies via Department of Commerce
1997 - Clinton administration directs Secretary of Commerce to privatize the DNS to increase competition and International participation
Department of Commerce National Telecom and Information Admininistration (NTIA) produces “Green Paper” on governance of Internet and DNS in a private ownership world
ICANN created to sell blocks of names
Internet Assigned Numbers Authority (IANA) is responsible for coordination of DNS root and IP addressing/other resources
http://www.internetassignednumbersauthority.org/
Non-profit, LLC formed IT sector members as a forum for managing risks to IT infrastructure and corporations.
Members participate in national and homeland security efforts to strengthen IT infrastructure through cyber information sharing and analysis
Members help improve incident response via collaboration, analysis and coordination, which drives cybersecurity policy, incident response and information sharing
Current officers and board members are with Cargill, Oracle, Intel, AT&T, BAE Systems and HP.
Figure 6-1 (in Text). Internet age versus classical industrial age
Figure 6-2 (in Text). AS500 network: the most-connected 500 autonomous systems in the global Internet
Figure 6-3 (in Text). Core autonomous systems of the Internet
Simulation
Spread virus in AS500 Internet with vulnerability of 5%.
Spread virus in AS500 Internet with vulnerability of 10%.
Spread virus in AS2000 Internet with vulnerability of 5%.
Spread virus in AS2000 Internet with vulnerability of 10%.
Simulations illustrates the relationship between Internet structure and node vulnerability under stress.
Assume a virus starts spreading from a node chosen at random. What is the risk that it will spread to other nodes? AS500 with a 5% probability of spreading (vulnerability) produces a
low-risk (exceedence and risk profile)
AS500 with a 10% probability produces a modest risk due to the increase in vulnerability
AS2000 (less resilient to cascades) with a 5% probability produces a higher risk than AS500 due to less resiliency
AS2000 with a 10% probability produces a catastrophic risk network due to the increase in vulnerability
Figure 6-4 (in Text). DNS structure of the global Internet
Figure 6-5 (in Text). The ISO-OSI protocol stack.
Figure 6-6 (in Text). Governance of the Internet is mostly a collection of voluntary groups.
Figure 6-7 (in Text). Example of sending an email via TCP/IP protocol
Internet = TCP/IP Any device that understands TCP/IP is on the Internet
Internet’s webgraph has a high spectral radius Vulnerable to the spread of viruses
Logical DNS structure is a tree DNS is the “telephone book”
Updated frequently
Controls who is on the Internet
Internet governance is voluntary; so far
What is “Internet Security”?
Properties of Sand Piles; Internet
SOC at the physical, virtual levels
Cyber Exploits: Real or Hype?
Vulnerabilities
Consequences
Black Swans
Reality Check
Einstein on Offense
Internet as Biology
The Internet Ecosystem
Predator-Prey Systems
Limit cycles and extinction
Gause’s Law
Paradox of Enrichment
The Internet monoculture
Policy Options
Traditional
Radical
Biology Internet
DNA TCP/IP Alphabet
Messenger RNA Internet Routing Cisco Router
Mutation Innovation Unix > MacOS
Extinction Creative Destruction DEC, CDC, Multics
Co-evolution Co-evolution 3G : iPhones
Food Network Supply Chain ARM > Apple > iPad
Predators Users, Hackers, e-Commerce RussianBusinessNet
Prey Hardware, Software Windows, MS Office
Vulnerabilities constantly change Some go up, some go down Malware
Insiders
Stolen laptop
Denial of service (DOS)
Financial fraud (phishing)
Password sniffing
Open wireless access
Regulation : Should the Internet be regulated? Will it kill it?
What is legitimate regulation? Larry Lessig’s 4 Codes:
East Coast Code: Internet laws cannot oppose existing laws
o Fraud, Theft, Pornography, subject to same rules
West Coast Code: Rules of Internet operation driven by ‘Internet culture’
o TCP/IP, WWW, media, other standards drive the culture
Social Norms: Internet law/regulation follow social norms
o Censorship, free speech, privacy, civil behavior
Markets and Commerce: information supply and demand = classical economics
