A Black Hat presentation last year discussed multipath TCP. Will this be a protocol enterprises will have to deal...
with and, if so, what are the implications we need to worry about?
Multipath TCP -- a.k.a. TCP Extensions for Multipath Operation with Multiple Addresses -- is a protocol that's attempting to extend the functionality and resiliency of the Transmission Control Protocol (TCP), which has been around for nearly four decades.
In traditional TCP-based communications, each peer or endpoint communicates directly with the other over a known path. The multipath concept has been around for years in the form of routing. What makes multipath TCP different is the data from a single TCP connection can be spread across multiple interfaces and routes before it gets to its destination.
Multipath TCP is great for redundancy and uptime, but what does it mean for security? Quite a bit.
This new set of extensions of TCP means the traditional visibility we've had into network communication sessions is vanishing. Not all -- but many -- of the benefits provided by NetFlow, security information and event management, data loss prevention, intrusion prevention systems and even general network analysis for troubleshooting and system monitoring will effectively be gone.
Theoretically, with multipath TCP your network will be faster and more resilient, but that means malware infections, external hack attacks and internal data breaches may go unnoticed even more than they do now because of reduced network visibility.
Support for multipath TCP may end up appearing in network infrastructure devices and interface cards in your environment at any time -- and it will quite possibly end up working against your network security initiatives. Therefore, it's certainly something you'll want to keep your eyes on.
Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your question now via email! (All questions are anonymous.)
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Kevin Beaver
The WannaCry TCP port 445 exploit returned the spotlight to Microsoft's long-abused networking port. Network security expert Kevin Beaver explains ... Continue Reading
While most mobile platforms provide levels of security from mobile cryptojacking, IT must still be aware of the risks and procedures to address an ... Continue Reading
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.