Problem solve Get help with specific problems with your technologies, process and projects.

Protocols and trust issues

This tip from InformIT looks at some of the Web's common vulnerabilities and what you can do to avoid them.

In the e-commerce world, security means Web site security. This tip from InformIT looks at some of the Web's common vulnerabilities and what you can do to avoid them.


Network and cryptographic protocols have been the source of many vulnerabilities thanks to trust assumptions gone awry. Several examples of these problems exist in the Internet Protocols. For instance, the protocol assumes that legitimate users will not attack the fabric of the network infrastructure itself. This belief leads to a plethora of current network vulnerabilities and attacks. Some examples of these, with the corresponding problems in trust assumptions are as follows:

IP is subject to eavesdropping (network sniffer) attacks in which the contents of network communications are readable by other than the sender and recipient. Trust assumption: No protection of packet contents is necessary because those other than the intended destination can be trusted not to read a message.

Domain Name Service (DNS) is subject to many attacks ranging from DNS flooding (in which an adversary floods a client system with numerous invalid DNS responses, leading the client to accept a false name service response to the DNS lookup) to spoofed DNS servers (in which an adversary runs a DNS server that provides invalid information in response to client lookup requests). Trust assumption: DNS provides trustworthy mapping of IP addresses to names. Secondary trust assumption (bonus headache!): IP addresses or hostnames provided by DNS are suitable bases for authentication.

Routing Internet Protocol (RIP) is used by Internet gateways to publish information about new gateways and networks. In many implementations, RIP trusts information that affects the routing of IP packets, regardless of the source or validity of that routing information. This condition can lead to the "black hole" network denial-of-service attack in which a rogue router broadcasts a false message asserting that it provides the shortest route to all destinations. The result is a scenario in which all packets for a portion of the network are sent to this router, which then drops all the packets. Another attack enabled by this vulnerability is a network eavesdropping attack in which packets are routed through a network segment on which a packet sniffer is running. Trust assumption: Any RIP packet is by default considered trustworthy.

Using intrusion detection for metering trust
You've probably noted by now that problems in this category are more subjective than those in the other two. Some instances here, especially those problems involving network trust models and protocols, can be handled by perimeter protections, such as firewalls. The rest require more finesse. As in the physical world, operating in an environment sheltered enough to support liberal trust relationships between entities is often more efficient than operating in settings that require greater levels of suspicion. However, also as in the physical world, when the environment is hostile, utilizing sound practices and technologies to prevent attacks is much more efficient than razing and rebuilding structures every time attackers inflict damage. Furthermore, environmental threat and demand for availability is dynamic. This characteristic makes the task of balancing protection against availability a challenge to even the most expert security administrators.

The key to handling problems that fall in this category is policy. Predefining security goals enables security managers to define a security-sparing way of dealing with trust issues. Policy allows management to direct users to modify their usage patterns. Security tools and technologies such as firewalls and intrusion-detection systems can put teeth into these directives by blocking violations and measuring compliance.

Intrusion-detection systems can help. They give administrators capabilities to apply policies, test user compliance levels with these policies and define specific scenarios that require intervention. In some cases, intrusion-detection systems also allow administrators to automate that intervention. Managing these capabilities from a central location allows a security administrator to flex the security mechanisms according to organizational needs, responding to problem situations as they arise.

To read more of this tip, click over to InformIT. Registration is required there, but it's free.

Related book

IP Routing Protocols: RIP, OSPF, BGP and Cisco Protocols, First Edition
By Uyless Black
Four routing protocols -- RIP, OSPF, BGP and the Cisco protocols -- are at the heart of IP-based internetworking and the Internet itself. In this comprehensive guide, telecommunications consultant Uyless Black teaches network professionals the basics of how to build and manage networks with these protocols. Beginning with an exceptionally helpful tutorial on the fundamentals of route discovery, architecture and operations, Black presents in-depth coverage of these topics and more.

This was last published in February 2001

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.