A Black Hat presentation last year discussed multipath TCP. Will this be a protocol enterprises will have to deal...
with and, if so, what are the implications we need to worry about?
Multipath TCP -- a.k.a. TCP Extensions for Multipath Operation with Multiple Addresses -- is a protocol that's attempting to extend the functionality and resiliency of the Transmission Control Protocol (TCP), which has been around for nearly four decades.
In traditional TCP-based communications, each peer or endpoint communicates directly with the other over a known path. The multipath concept has been around for years in the form of routing. What makes multipath TCP different is the data from a single TCP connection can be spread across multiple interfaces and routes before it gets to its destination.
Multipath TCP is great for redundancy and uptime, but what does it mean for security? Quite a bit.
This new set of extensions of TCP means the traditional visibility we've had into network communication sessions is vanishing. Not all -- but many -- of the benefits provided by NetFlow, security information and event management, data loss prevention, intrusion prevention systems and even general network analysis for troubleshooting and system monitoring will effectively be gone.
Theoretically, with multipath TCP your network will be faster and more resilient, but that means malware infections, external hack attacks and internal data breaches may go unnoticed even more than they do now because of reduced network visibility.
Support for multipath TCP may end up appearing in network infrastructure devices and interface cards in your environment at any time -- and it will quite possibly end up working against your network security initiatives. Therefore, it's certainly something you'll want to keep your eyes on.
Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your question now via email! (All questions are anonymous.)
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Kevin Beaver
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading