Upload
thembo-jimmy
View
217
Download
0
Embed Size (px)
Citation preview
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 1/19
KYAMBOGO
U N
I V ER S
I T Y K
Y A MB O G
O
UNIVERSITY
FACULTY OF SCIENCE
Department of Computer Science
A RESEARCH REPORT ON TCP/IP SECURITY
BY
MUSIIME ANGELA 09/U/6956/ITD/PD ……………
KIMBUGWE BRIAN 09/U/789/ITD/GV …………….
KASANGAKI DOREEN 09/U/7026/ITE/PE ……………..
NSUBUGA JOSEPH 10/U/414/ITD/GV ……………
Submitted in partial fulfillment of the award of Bachelor of Information
Technology and Computing
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 2/19
ii
ABSTRACT This report has three chapters.
Chapter one which is the introduction; gives a description of TCP/IP protocols, a brief
background about the protocol, how they work and the mechanism they use in their
application.
Chapter two discusses security strength of TCP/IP, the security loopholes as well as the
description of the common attacks affecting the protocol.
Chapter three looks at the possible solutions for the problems discussed in chapter two. It
looks at the general alternatives to the security issues and here, firewalls plus its two
forms and the Kerberos protocol are discussed.
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 3/19
iii
List of Acronyms
1. TCP Transmission Control Protocol
2. IP Internet Protocol
3. ISN Initial Sequence Number
4. OSI Open Systems Interconnect
5. PIN Personal Identification Number
6. MAC Media Access Control
7. ICMP Internet Control Message Protocol
8. UDP User Datagram Protocol
9. MITM Man-in-the-middle
10. DEC Digital Equipment Corporation
11. CPU Central Processing Unit
12. KDC Key Distribution Centre
13. AS Authentication Server
14. TGS Ticket Granting Server
15. SSL Secure Socket Layer
16. IPV6 Internet Protocol Version Six
17. IPV4 Internet Protocol Version Four
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 4/19
iv
Table of Contents
ABSTRACT................................................................................................................... ii
List of Acronyms.......................................................................................................... iii
Table of Contents ......................................................................................................... iv
CHAPTER ONE ............................................................................................................... 1INTRODUCTION ........................................................................................................ 11.1 Internet Protocol (IP) ................................................................................................ 1
1.2 Transmission Control Protocol (TCP) ...................................................................... 1
1.2.1 The Three Way Handshake................................................................................ 2
1.2.2 TCP Sequence Numbers .................................................................................... 21.2.3 TCP Timers........................................................................................................ 3
CHAPTER TWO .............................................................................................................. 4
TCP/IP SECURITY...................................................................................................... 42.1 TCP/IP Security Strength.......................................................................................... 4
At the Physical Layer:- ............................................................................................... 4
At the Data Link Layer:-............................................................................................. 5At the Network Layer:-............................................................................................... 5
At the Transport Layer:- ............................................................................................. 5At the Session Layer: -................................................................................................ 5
At the Presentation Layer: - ........................................................................................ 5At the Application Layer: -......................................................................................... 5
2.2 TCP/IP Security Problems........................................................................................ 6
2.2.1 TCP/IP Hijacking............................................................................................... 62.2.2 Man-in-the-Middle............................................................................................. 6
2.2.3 Meet-in-the-Middle Attack................................................................................ 7
2.2.4 IP Spoofing:....................................................................................................... 8
Non-Blind Spoofing:................................................................................................... 8Blind Spoofing:........................................................................................................... 8
2.2.5 Denial of Service Attack.................................................................................... 9
CHAPTER THREE........................................................................................................ 10
SOLUTIONS TO THE SECURITY LOOPHOLES ............................................... 103.1 Firewalls.................................................................................................................. 10
3.1.1 Stateful Inspection ........................................................................................... 103.1.2 Packet filtering firewall ................................................................................... 11
3.2 Kerberos.................................................................................................................. 12
3.3 IP V6 ....................................................................................................................... 13
Recommendation ........................................................................................................ 14
Conclusion ................................................................................................................... 14
References.................................................................................................................... 15
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 5/19
1
CHAPTER ONE
INTRODUCTION
TCP/IP is an acronym that stands for Transmission Control Protocol Internet Protocol. A
protocol is a set of rules that govern communication over the network/internet. In 1973,
Vinton Cerf and Robert Kahn developed the first description of TCP/IP protocols and by
around 1980’s specifications for TCP and IP protocols had been finished.
The TCP/IP protocol was designed when the internet was still small and users trusted
each other. Despite the fact that the protocol lacks many features that are desirable or
needed on an insecure network, TCP/IP is a standardized internet protocol suite which
consists of two protocols that is Transmission Control Protocol and the Internet Protocol.
These two protocols are considered the most important in the world today, since they are
the basis of the internet. The functionality of the two protocols is described below.
1.1 Internet Protocol (IP)
The Internet protocol is the network layer of the internet. Its work is to route and send a
packet to its destination. IP does not provide guarantee for the packets reaching their
destination, it only tries to deliver. The IP packets which are also termed as datagrams go
through a series of routers before they reach the destination. Each node determines the
next hop for the datagram and routes it there. There is a scenario of two packets from the
same source taking different paths to the destination, and this is because the network is
dynamic. That means there is a possibility of not receiving the datagrams in sequence due
to the variable network delays.
IP tries for a best effort delivery but does not take care of lost packets. Since there is no
state maintained between two datagrams, it means IP provides a connectionless service.
1.2 Transmission Control Protocol (TCP)
Transmission Control Protocol runs on top of IP and provides a connection oriented
service between the sender and the receiver. TCP provides guaranteed delivery and
ensures that the packets are delivered in sequence. A TCP connection is identified by the
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 6/19
2
4-tuple that is destination IP-address, destination port, source IP-address and source port.
The ports are the actual end points of the TCP connection.
The TCP layer maintains table entries corresponding to the 4-tuple on either end. The end
systems implementing TCP need to keep the TCP state information for the duration of the
connection and this must be done for every connection.
Since the underlying network (IP) is unreliable and does not provide any guarantee for
TCP, TCP uses various mechanisms such as sequence numbers, 3-way hand shakes and
timers to provide reliability between the sender and the receiver. A short description of
some of the mechanisms used by TCP is given below.
1.2.1 The Three Way Handshake
The three way handshake is used by TCP both to establish connections as well as to
terminate these connections. It is used by most protocols to establish and terminate
connections over a non reliable link.
How it works is that when hosts A and B want to communicate using TCP, A initiates a
connection to B by sending message. B responds with an acknowledgement. Then A
sends another message back to B confirming that A received B’s acknowledgement.
Hosts A and B connect successfully when B receives the second message from A which
confirms B’s acknowledgment.
1.2.2 TCP Sequence Numbers
Remember that TCP is run over an unreliable IP which does not guarantee delivery of
packets neither does it necessarily deliver packets in sequence. Therefore to be able to
identify packets and to ensure that they are delivered to the application layer in order,
every TCP segment contains a sequence number. This means that every byte of data that
TCP sends is given a sequence number. This helps the sender and the receiver to verify
whether the data was delivered correctly and also determine whether data was dropped
possibly because of loss in transit.
During the connection phase, the sender and the receiver exchange initial sequence
numbers (ISN). After a successful initial handshake, the sender and the receiver know the
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 7/19
3
sequence numbers that they have to use for communication. Since TCP has a provision s
for delayed segments, it accepts segments that are out of sequence but within certain
bounds known as the receiver window size. The receiver window size is also exchanged
during the initial handshake. TCP discards all segments that do not have a sequence
number within the computed bounds. To be able to distinguish the different connections
between the sender and the receiver, the sequence numbers do not start at zero or any
fixed number each time a connection is established.
1.2.3 TCP Timers
Timers are closely knit with the TCP states. It uses them to ensure security and to keep
established connections. Some of the timers used include the following.
• Connection establishment timer: this timer is associated with the opening of a
connection. It is started when the SYN flag bit is sent during the initial connection
set up. In most TCP implementations, the value of this timer is set to 75 seconds.
If a time-out occurs, the connection is aborted.
• TIME_WAIT Timer: this timer is started when the connection enters the time-
wait state. This is to allow all the segments in transit to be removed from the
network. The value of this timer is usually set to 2 minutes and on expiration of
the timer, the connection is terminated
• KEEP_ALIVE Timer: this timer allows TCP to periodically check whether the
other end of the connection is still active. The default value of this timer is 2
hours. After the expiration of the timer, probes are sent to the remote end. If there
is no response to the probes, from the remote end, the connection is dropped.
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 8/19
4
CHAPTER TWO
TCP/IP SECURITY
By the fact that TCP/IP is a standard internet protocol, it can’t be left without considering
its security since currently the networks are insecure due to vastness of the internet. This
chapter talks about the security strength and the weaknesses of the protocol
2.1 TCP/IP Security Strength
However much it was designed when the internet was small with trusted users and
security was not a big concern, TCP/IP has some features that provide security to the
transmissions and communications on insecure networks. They include sequence
numbers, timers and three way handshakes which limit connections from any
unauthorized and unknown sources to be made. Their functionality is as discussed in
chapter one above.
Further more, since the OSI protocol stack is related and almost the same as the TCP/IP
protocol stack, at each layer of the OSI model, there are controls that are designed to
handle security for proper and safe transmissions.
The OSI protocol stack is a seven layer protocol designed by the International Standards
Organization (ISO) to create a standard internet connection. The layers are the Physical
layer, Data link layer, Network layer, Transport layer, Session layer, Presentation layer
and Application layer. The security controls at each layer that are designed to handle
security issues, including the physical security are listed below
At the Physical Layer:-
PIN & password secured locks
Biometric authentication systems Data Storage Cryptography
Electronic lock mechanisms for logging & detailed authorization Electromagnetic Shielding Locked perimeters and enclosures
Video & Audio Surveillance
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 9/19
5
At the Data Link Layer:-
Identifying stations by address and cross-referencing physical port or logical
access (MAC Address Filtering).
Layers of trust are physically isolated from one another, with policy engines suchas firewalls between them.
Wireless applications are carefully evaluated for unauthorized access exposure.
Built-in encryption and authentication is applied for secure networks.
At the Network Layer:-
Route policy controls - Use strict anti-spoofing and route filters at network edges. Firewalls with strong filter & anti-spoof policy.
ARP/Broadcast monitoring software.
Implementations that minimize the ability to abuse protocol features such asBroadcast.
At the Transport Layer:-
Strict firewall rules limiting access to specific transmission protocols and subprotocol information such as TCP/UDP port number or ICMP type.
Stateful inspection at firewall layer, preventing out-of-state packets, “illegal”flags, and other phony packet profiles from entering the perimeter.
Stronger transmission and layer session identification mechanisms to prevent the
attack and takeover of communications. At the Session Layer: -
Encrypted password exchange and storage. Accounts have specific expirations for credentials and authorization.
Protect session identification information via random/cryptographic means.
At the Presentation Layer: -
Careful specification and checking of received input coming into applications orlibrary functions.
Separation of user input and program control functions- input should be sterile
and sanity checked before being passed into functions that use the input to control
operation. Careful and continuous review of cryptography solutions to ensure current
security versus known and emerging threats.
At the Application Layer: -
Application level access controls to define and enforce access to application
resources. Controls must be detailed and flexible, but also straightforward to
prevent complexity issues from masking policy and implementation weakness. Standards, testing, and review of application code and functionality-A baseline is
used to measure application implementation and recommend improvements IDS
systems to monitor application inquiries and activity. Some host-based firewall systems can regulate traffic by application, preventing
unauthorized or covert use of the network.
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 10/19
6
2.2 TCP/IP Security Problems
Despite the number of mechanisms and alternatives to the security weaknesses that
TCP/IP has, this does not hinder the existence of loopholes in the protocol. The main
source of these weaknesses is authentication. Various people have always used these
loopholes to satisfy their selfish desires and this has affected many internet users. It has
been done mostly in form of attacks like TCP/IP hijacking, Man-in-the-middle attack,
meet in the middle attack, IP spoofing, sequence guessing and many more. A brief
explanation of what they are and how some of these attacks occur is given below.
2.2.1 TCP/IP Hijacking
TCP/IP hijacking is when an attacker takes over a TCP/IP session between two machines.
This allows an attacker to control an established session typically between a client and a
server. The attacker first impersonates and then disconnects the legitimate client.
Note that most authentication only occurs at the start of a TCP session, this allows the
attacker to gain access to a machine when a connection has already been established. The
attacker takes an advantage of the fact that TCP uses sequence numbers to synchronize
the session between two network nodes. The number increases with every packet and
ensures they are processed in the correct order when received by the destination node.
The attacker predicts these sequence numbers and prevents the original client from
sending packets in order not to increase the sequence number so that he can use these
numbers to send his own packets with changed information which can even be malicious.
(techexams.net, 2011)
In brief, TCP/IP hijacking involves taking control of a legitimate conversation between a
server and a client, intercepting the source side packets, throwing them away and
replacing them with new packets which are sent to the destination. The attacker can
disconnect the client’s established and possibly already authenticated session to the
server and attempt to take the client’s place by spoofing the legitimate client’s address.
2.2.2 Man-in-the-Middle
During a Man-in-the-middle attack, the attacker places himself between two
communicating network devices in an attempt to intercept and possibly alter network
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 11/19
7
traffic. The attacker connects to the network by tapping into an existing line. Once the
attacker is connected, he will try to fool both sides of the communication ensuring that
each side thinks that it is receiving information from the right source. The attacker must
be able to intercept all messages going between the two victims, formulate new ones and
forward them to wherever direction the intercepted message was directed. For example, if
there is a communication between Tom and Peter, the attacker James can perform a
successful MITM attack and makes Peter think that he is receiving information from Tom
and Tom also thinks that he is receiving information from Peter, yet it is actually coming
via James who is acting as a substitute for both sides and may have altered the
information.
Usually the communication between two network devices is encrypted but it is not
always sufficient to prevent Man-in-the-middle attacks. If the attacker intercepts the keyused for the encryption process at the start of the communication, or previously, he can
decrypt the information he receives from one side, read it, alter it, and encrypt it again to
pass it on as if nothing happened to it. (techexams.net, 2011)
2.2.3 Meet-in-the-Middle Attack
This is a known attack that can exponentially reduce the number of brute force
permutations required to decrypt text that has been encrypted by more than one key. Such
an attack makes it much easier for an intruder to gain access to data.
The meet in the middle attack targets block cipher cryptographic functions. The intruder
applies brute force techniques to both the plain text and cipher text of a block cipher. He
then attempts to encrypt the plain text according to various keys to achieve an
intermediate cipher text (a text that has only been encrypted by one key).
Simultaneously, he attempts to decrypt the cipher text according to various keys, seeking
a block of intermediate cipher text that is the same as the one achieved by encrypting the
plain text. If there is a match of intermediate cipher text, it is highly probable that the key
used to encrypt the plain text and the key used to decrypt the cipher text are two the
encryption keys used for the block cipher.
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 12/19
8
Because the attacker tries to break the two part encryption method from the both sides
simultaneously, a successful effort enables him to meet in the middle of the block cipher.
Although a meet in the middle exploit can make the attacker’s job easier, it can’t be
conducted without a piece of plain text of corresponding cipher text. That means the
attacker must have the capacity to store all possible intermediate cipher text values from
both the brute force encryption of the plain text and decryption of the cipher text.
2.2.4 IP Spoofing:
This refers to the creation of internet protocol packets with a forged source IP address
with the purpose of concealing the identity of the sender or impersonating another
computing system. It is one of the most common forms of on-line camouflage.
In IP spoofing, the attacker gains unauthorized access to a computer or a network by
making it appear that a malicious message has come from a trusted machine by spoofing
the IP address of the machine. There are a few variations on the types of attacks that
successfully employ IP spoofing and some are as below: -
Non-Blind Spoofing:
This type of attack takes place when the attacker is on the same subnet as the victim. The
sequence and acknowledgement numbers can be sniffed, eliminating the potential
difficulty of calculating them accurately.
The biggest threat of spoofing in this instance would be session hijacking. This is
accomplished by corrupting the data stream of an established connection, then re-
establishing it based on correct sequence and acknowledgement numbers with the attack
machine. Using this technique, an attacker could effectively bypass any authentication
measures taken place to build the connection.
Blind Spoofing:
This is a more sophisticated attack, because the sequence and acknowledgement numbers
are unreachable. In order to circumvent this, several packets are sent to the target
machine in order to sample sequence numbers.
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 13/19
9
While not the case today, machines in the past used basic techniques for generating
sequences numbers. It was relatively easy to discover the exact formula by studying
packets and TCP sessions. Today most Operating Systems implement random sequence
number generation, making it difficult to predict them accurately. If, however, the
sequence number was compromised, data could be sent to the target. Several years ago,
many machines used host-based authentication services. A properly crafted attack could
add the requisite data to a system, blindly, enabling full access for the attacker who was
impersonating a trusted host.
2.2.5 Denial of Service Attack
This is currently one the most difficult attacks to defend against in which IP spoofing is
almost always used. Since crackers are concerned only with consuming bandwidth and
resources, they need not to worry about properly completing handshakes and
transactions. Rather, they wish to flood the victim with as many packets as possible in a
short amount of time.
In order to prolong the effectiveness of the attack, they spoof source IP addresses to make
tracing and stopping the Denial of service as difficult as possible. When multiple
compromised hosts are participating in the attack, all sending spoofed traffic; it is very
challenging to quickly block traffic. (Wikipedia, 2011)
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 14/19
10
CHAPTER THREE
SOLUTIONS TO THE SECURITY LOOPHOLES
Due to the security concern that arose from the growth of the internet and thus the
increased use of TCP/IP, there have been developments to curb the problems that resulted
from the un trusted users who made networks insecure. Add-ons like firewalls, Kerberos
systems and others were developed to help on the security weaknesses in TCP/IP. Of
recent the internet protocol version 4 has been modified to version 6 which will soon be
implemented to handle more problems.
3.1 Firewalls
A firewall is a system that is designed to permit or deny network transmissions based
upon a set of rules and is frequently used to protect networks from unauthorized access
while permitting legitimate communications to pass. A firewall can be a hardware device,
a software program or a combination of both. (wiki.ask.com, 2011)
Firewalls are included in most operating systems to monitor any incoming and outgoing
activity on your computer, and they usually block programs that should not have access.
This is done to protect threats mainly from the public internet. Some routers connecting
networks contain firewall components many of which can perform the basic routing
functions. (Wikipedia, 2011)
The firewall technology was developed in generations and the first generation firewall
was published about in 1988 when engineers from Digital Equipment Corporation (DEC)
developed filter systems known as packet filter firewalls. The second generation firewall
was from 1989-1990 developed at AT&T Bell Laboratories generally referred to as a
stateful packet inspection. Both forms of firewall are explained below.
3.1.1 Stateful Inspection
Stateful inspection, also known as dynamic packet filtering, is a firewall technology that
monitors the state of all active connections and uses this information to determine which
network packets to allow through the firewall.
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 15/19
11
A stateful firewall is able to hold significant attributes of each connection in memory
from the start to the end. These attributes, which are collectively known as the state of the
connection, may include details such as the IP addresses, ports and the sequence numbers
of the packets traversing the connection. The most CPU intensive checking is performed
at the time of setup of the connection. After setting up the connection, it becomes simple
and fast to determine whether a packet belongs to an existing, pre-screened session. Once
the session has ended, its entry in the state-table is discarded.
The stateful firewall depends on the three-way handshake of the TCP protocol when the
protocol being used is TCP. When a client initiates a new connection, it sends a packet
with the synchronize bit set in the packet header. All packets with the synchronize bit set
are considered by the firewall as new connections. If the service which the client has
requested is available on the server, the service will reply to the synchronize packet withanother packet in which both the synchronize and acknowledgement bit are set. The
client will then respond with a packet in which only the acknowledgement bit is set, and
the connection will enter the established state. Such a firewall will pass all outgoing
packets through but will only allow incoming packets if they are part of an established
connection, ensuring that hackers cannot start unsolicited connections with the protected
machine. (Wikipedia, 2011)
3.1.2 Packet filtering firewall
Packet filters act by inspecting the packets that represent the basic unit of data transfer
between computers on the Internet. If a packet matches the packet filter's set of rules, the
packet filter will allow the packet, or reject it and send error messages to the source. This
type of packet filtering is not concerned whether a packet is part of an already existing
connection or it is for starting a new connection, just because it stores no information on
connection state. Instead, it filters each packet based only on information contained in the
packet itself (packet header). It commonly uses a combination of the source and
destination address, the packet’s protocol, and the port number. Any incoming packet that
may appear to have come from a different source address, port number or having a
different protocol other than it knows will be discarded. And any outgoing packet that
will be with a different destination number, port number or protocol other than the one
known will also be blocked.
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 16/19
12
3.2 Kerberos
Kerberos is a computer network authentication protocol which allows nodes
communicating over a non-secure network to prove their identity to one another using
tickets. (Massachusetts Institute of Technology)
The Kerberos system was designed with some properties which are responsible for
preventing and to withstand security threats like attacks. Among them are authenticity,
cryptography, timing and many more.
Considering authenticity, the authentication process starts fro when the key distribution
centre (KDC) generates a session key. This comes as result of a client requesting
authentication from the authentication server (AS). The key is formulated basing on the
user password and a random value that represents the requested service. The session key
is the one you send to the ticket granting server (TGS) which returns a ticket that can be
sent to the server for the requested service. The server either rejects it (when it is invalid)
or accepts it (when valid) and performs the service. (Wikipedia, 2011)
Cryptography is involved during certain stages of authentication. The Kerberos protocol
uses the session key to encrypt and decrypt the transmissions. For example, the ticket
granting ticket (which includes the client Id, client network address, ticket validity period
and the client/TGS session key) is encrypted using the secret key of TGS. This makes the
Kerberos protocol messages protected against eavesdropping thus preventing attackers
from hacking the session keys and the tickets which they would use to attack the
Kerberos system. (Wikipedia, 2011)
Another design feature of the Kerberos system is the timing. The ticket received from the
ticket granting server is time stamped and it allows the client/user to make requests
within a certain period of time. Making the ticket valid for a limited period of time makes
it less likely for some one else to use it later. This increases the security and limits
unauthorized users from using the system. (Wikipedia, 2011)
Despite the security features in the Kerberos system, there are some limitations that can
affect the performance of the system such as single point failure. The Kerberos system
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 17/19
13
requires a continuous availability of a central server. Therefore when the Kerberos server
is down, no one can be able to login.
Also, Kerberos has strict time requirements. This means the clocks of the involved hosts
must be synchronized within the configured limit which at times becomes hard due to
different clock speeds of the different systems. It is important to note that the tickets have
a time availability period; therefore authentication will fail if the host clock is not
synchronized with the Kerberos clock server. (Wikipedia, 2011)
Another limitation which is a serious security threat is that since authentication is
controlled by a centralized key distribution centre, the whole authentication infrastructure
can be compromised which will allow an attacker to impersonate any user. (Wikipedia,
2011)
3.3 IP V6
IPV6 is an acronym for Internet Protocol Version Six which is a modification of IPV4. It
has already been noted that during the development of TCP/IP, security was not a
concern therefore the challenges of authentication within IPV4 have been considered in
the newer version of the protocol. It attempts to address the importance of security,
routing and also the running out of address space which are currently the problems in
IPV4. It promises to provide authentication and encryption on the internet and could
solve a lot of the existing problems with TCP/IP. (Wikipedia, 2011)
IPV6 includes two extension headers that serve as security options that is the
authentication header and the encryption header. The authentication header allows the
recipient to ascertain the identity of the sender and the encryption header ensures that
only the recipient is able to look at the contents of the message. These two options use
what is termed as security association, where the sender and the receiver agree on
parameters such as the key, the authentication or encryption algorithm and the lifetime of
the key. (Joseph Davies, 2008)
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 18/19
14
Recommendation
According to the discussion in the previous chapters, the researchers recommend that the
various network and internet users should adopt the use of the available add-ons like
Firewalls, Kerberos and some others to ensure security over their networks.
Since technology grows every second, networks users should be in position of getting the
latest information ever so that their ignorance is not used by malicious people to
accomplish their missions. For example very soon IPV6 will be implemented, network
users should be in position to adapt to such technologies and any other mechanism that
may be developed to curb the insecurity problems over networks.
Conclusion
Despite all the loopholes, weaknesses and insecurity in observed TCP/IP, the protocol is
not totally insecure. At least there is a number of add-ons and mechanisms employed to
keep TCP/IP usable since it’s a standard protocol. This has gone further to using the
protocol along with other many protocols for example ICMP, SSL, UDP and many more.
All this makes the protocol usable and continue operating even on the network with the
worst security.
8/3/2019 Tcp Ip Security
http://slidepdf.com/reader/full/tcp-ip-security 19/19
15
References
1. http://www.wiki.ask.com/Firewall_%28computing%29, accessed on 1/10/2011 at
2:30 pm
2. http:// www.en.wikipedia.org/wiki/Stateful_firewall, accessed on 1/10/2011 at
2:30 pm
3. http:// www.en.wikipedia.org/wiki/Denial-of-service_attack, accessed on
9/10/2011 at 4:00 pm
4. http://www.techexams.net/technotes/securityplus/attacks.shtml, accessed on
8/10/2011 at 10:00 am
5. http:// www .en.wikipedia.org/wiki/IPv6, accessed on 9/10/2011 at 4:00 pm
6. Joseph Davies, Understanding IPv6, Second Edition January 09, 2008
7. Massachusetts Institute of Technology, http://www.web.mit.edu/Kerberos/,
accessed on 3/10/2011 at 11:00 am
8. http://www.en.wikipedia.org/wiki/Kerberos_%28protocol%29, accessed on
3/10/2011 at 11:00 am
9. Damon Reed, Applying the OSI Seven Layer Network Model To Information
Security, November 21, 2003
10. Chris Chambers, Justin Dolske and Jayaraman Iyer, Ohio State University
Columbus, Ohio 43210, TCP/IP Security