What are the data security and information protection risks of using Transmission Control Protocol/Internet Protocol (TCP/IP)?
First, it is important to note that TCP and IP, while almost always used
together, are really two separate protocols. IP is what
is know as a connectionless protocol. It allows data to be broken up
into parts, in this case known as "packets." These packets are then
sent from origin to destination. The machines in-between use other routing
protocols in order to determine where to send the packets. The packets
may arrive out of sequence or not at all. That is where TCP comes into
play. TCP is responsible at the
origin for breaking the data into packets and numbering them for
sequencing. At the receiving end, the packets are "reassembled" and passed
up the communications stack to the applications.
Most of the vulnerabilities that you read about, such as the WU-FTP buffer
overflow and others, are really problems with the applications that simply
use TCP/IP for a transport mechanism. However, there are a few problems
with the underlying protocols.
One that has been discussed at great length recently is the guessability of
the sequence numbers that TCP supplies to the packets. If an attacker can
guess the next sequence number, he can potentially "hijack" the TCP session.
This means that if an attacker got in the middle of a transaction between your
machine and another, he could pose as you.
As for the risks in using TCP/IP, I would ask, what else are you going to use if
you desire Internet connectivity? For the most part, you should keep up to date
with all application and system patches to ensure that your computer is as
secure as it can be. Firewalls and intrusion-detection devices are also appropriate.
To help you sleep at night, everyone is using TCP/IP. When vulnerabilities are
found, they are made widely known and patches are developed quickly. As long
as you are keeping up to date, your risks are minimal.
This was first published in May 2001