Problem solve Get help with specific problems with your technologies, process and projects.

Security loopholes in TCP/IP

What are the security loopholes in TCP/IP?

First, let's discuss just what TCP and IP are.

IP is the Internet Protocol. It is a protocol used to send packets of data, or datagrams, from one point to another with no sequencing of packets and no guarantee of delivery.

TCP is the Transport Control Protocol. It provides for sequencing of IP packets, requests retransmission of dropped packets, etc.

While those are rather simplistic descriptions, that is the real gist of what they do. Note that there is nothing about security in those descriptions.

So, there isn't any real security at all in TCP/IP, and there never was any intended. If you want confidentiality, you need to encrypt the data. If you want to know for sure who the sender or receiver of the data really is, you need to add an authentication service.

Steve Bellovin of Bell Labs wrote a paper detailing security problems with TCP/IP many years ago, and it is still a good reference paper for the subject.

CERT has also issued many advisories about problems with TCP/IP.

For more information on this topic, visit these other searchSecurity resources:
Ask the Expert: Security risks of TCP/IP
Security Policies Tip: Seven problem areas to monitor for AS/400-TCP/IP
Best Web Links: Infrastructure & Network Security

This was last published in February 2002

Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments