What are the data security and information protection risks of using Transmission Control Protocol/Internet Protocol (TCP/IP)?
First, it is important to note that TCP and IP, while almost always used together, are really two separate protocols. IP is what is know as a connectionless protocol. It allows data to be broken up into parts, in this case known as "packets." These packets are then sent from origin to destination. The machines in-between use other routing protocols in order to determine where to send the packets. The packets may arrive out of sequence or not at all. That is where TCP comes into play. TCP is responsible at the origin for breaking the data into packets and numbering them for sequencing. At the receiving end, the packets are "reassembled" and passed up the communications stack to the applications.
Most of the vulnerabilities that you read about, such as the WU-FTP buffer overflow and others, are really problems with the applications that simply use TCP/IP for a transport mechanism. However, there are a few problems with the underlying protocols.
One that has been discussed at great length recently is the guessability of the sequence numbers that TCP supplies to the packets. If an attacker can guess the next sequence number, he can potentially "hijack" the TCP session. This means that if an attacker got in the middle of a transaction between your machine and another, he could pose as you.
As for the risks in using TCP/IP, I would ask, what else are you going to use if you desire Internet connectivity? For the most part, you should keep up to date with all application and system patches to ensure that your computer is as secure as it can be. Firewalls and intrusion-detection devices are also appropriate.
To help you sleep at night, everyone is using TCP/IP. When vulnerabilities are found, they are made widely known and patches are developed quickly. As long as you are keeping up to date, your risks are minimal.
This was first published in May 2001