Because of the growing dependency on the Internet by governments, corporations, and individuals, it is becoming increasingly important to secure the Internet. There are four areas in which improvement is essential to accomplish this: better auditing, less vulnerable systems, quicker response times to threats, and a shift in the public’s attitude regarding sacrificing some privacy to feel secure.
When someone robs a bank, the key step to catching the thief is figuring out the person’s identity. What stops most people from staging a bank robbery is the fear that they will be caught and held accountable for their actions. Detectives view videotape from security cameras at the bank, follow the trail of tagged bank notes, profile likely suspects, examine the crime scene for clues, monitor the transactions of other financial institutions (for example, large deposits at other banks), and listen to the word on the street. Because police and government departments regularly monitor activities in banks and financial institutions, every person who uses a bank is subject to these security measures to some extent.
The Internet, on the other hand, has none of these security measures. Whereas banking has come a long way since the lawless days of the Wild West, today’s Internet is like the Wild West at its wildest. It’s a sea of chaos with islands of order scattered here and there. What encourages outlaw behavior on the Internet is anonymity. It’s impossible to track beyond an IP address where communication is coming from or going to. Even IP addresses can be spoofed. Sites such as http://www.anonymizer.com allow completely anonymous Web access. It is common in many Web applications to allow access to online resources without any authentication—and many sites that do require authentication cannot verify that the surfers really are who they say they are. Anonymity is both a good and a bad thing. It has promoted freedom of speech (a good thing). It has made accessible information that might be forbidden if the user knew she could be tracked (both a good thing and a bad thing). It has helped borderless commerce (a good thing). It has resulted in cons, spam, and spoofed sites spreading misinformation, clogging the Internet, and luring people into complicated scams (a bad thing). Finally, it has allowed hackers to remain largely anonymous (a bad thing).
The anonymous protection the Internet gives hackers and virus writers might be enough of a reason to make the Internet less anonymous and more secure. By incorporating auditing capabilities, it might be possible for authorities to pinpoint who released the latest virus or who broke into the online savings-and-loan. Implementing auditing makes finding the perpetrators of crimes more probable and acts as a deterrent, just as the fear of getting caught deters most people from robbing banks.
How would auditing be implemented? Several technologies have the potential to establish effective auditing practices:
Better trace-back. Improved abilities to trace who did what will be the primary mechanisms for auditing the Internet. Improvement in this area could be realized by building tracing into operating systems and Web browsers. Cooperation with ISPs (Internet service providers) such as MSN and AOL is important. Many ISPs already have the ability to track what their users are doing, but they don’t perform any tracking because of privacy concerns and a lack of good analysis tools. To implement trace-back would require international support because viruses are developed worldwide and hacking occurs across borders. An additional challenge is how to store and make sense of the auditing information—the amount of data involved with Internet communication is huge, amounting to terabytes of data per day. If there are any holes in the auditing process—such as countries or ISPs that don’t participate in the auditing—hackers will use those holes by dialing into and launching their attack from an anonymous system.
Authentication. Related to trace-back, authentication is also a means to identify who does what and is an essential part of auditing. In February 1999, Intel announced it would incorporate PSNs (Processor serial numbers) into every chip it made. Intel met with huge customer resistance and had to withdraw its plan soon after. The goal of a system like the PSN is to provide a means to identify users based on what computer they are using. If a particular machine can be identified as launching an attack, investigators would be one step closer to finding the person responsible.
Big Brother systems. The term Big Brother sends a chill down people’s spines and invokes visions of a world where people are afraid to speak their thoughts. It conjures visions of receiving a knock on the door at 3 a.m., and the visitor saying "I’m from the government, and I’m here to help you" before he leads you away. Almost everyone has been guilty of minor crimes, such as exceeding the speed limit or running a red light. A Big Brother system refers to a system that aggregates this and other information and monitors who does what. There is a spectrum of possible Big Brother systems, from ones that would monitor every person’s every movement to ones that would monitor broad trends or select individuals.
Certainly the capability already exists now or will in the near future to build a Big Brother system. For example, utility companies can already monitor your electricity usage and determine when you are home or out. When you do go out, cameras in traffic lights and along the highways can photograph your car, use optical character recognition to read your license plate, and track where you are going. When you arrive at work and log on to your computer, your company can monitor what time you arrived at work. When you go out to lunch, credit card transactions will record where you ate, and any time you speak on a mobile phone, the location can be traced to an approximate area. Such is the stuff of movies like Enemy of the State. By the way, the government could also monitor what movies you rent from your local video store and choose to look for antisocial themes. Is it time to get paranoid? Not yet. At the time of this writing, in the United States of America there are no known Big Brother systems (although they have been proposed). There are four challenges facing Big Brother systems: an almost universal public loathing of them; the enormous amount of storage, processing power, and coordination required to collect all the data; the lack of encryption back doors that would allow authorities to break into encrypted data; and the challenge of drawing the right conclusions from the data—not everyone who rents Enemy of the State is an enemy of the state. These are just some of the challenges to creating an effective Internet auditing system.
Unless the public perceives a physical threat from cyber-terrorism, viruses, or hacking, support for auditing being enforced across the Internet is unlikely to materialize. Such a physical threat would have to outweigh the threat of losing the privacy people perceive they have and that they greatly value. In addition to the loss of civil liberties, auditing increases the chance of spam because spammers also have the opportunity to audit and target users.
A more realistic option is auditing based on activity types. For example, surfing Web sites and publishing content could remain anonymous, but auditing could be implemented for activities that distribute programs, touch certain TCP/IP ports, or expose executable code to the Internet.
In addition to making Internet use more secure, another tactic for increased security is to harden the Internet itself. A new protocol named IPv6 offers potential in this area.
IPv6 (Internet Protocol version 6) is the next generation of Internet protocols and provides new capabilities for both computer addressing and TCP/IP transport. Let’s backtrack first and look at the existing protocol. The current Internet naming system, IPv4, resolves common names such as www.microsoft.com to IP numbers such as 207.46.134.222. This scheme allows for about four billion unique device addresses on the Internet. In the early 1970s, when IPv4 was implemented, this seemed like an inexhaustible supply of addresses, given that only a handful of users were online. Today those four billion device addresses are running out fast as more and more device types such as handheld computers and Internet-enabled phones become connected to the Internet. Proxy servers that perform address translation provide more numbers, but they are an imperfect solution because many new types of devices (for example, a satellite phone) might need globally available addresses.
IPv6 corrects these problems. First, it increases the number of addresses from 232 to 2128, which is 340,282,366,920,938,463,463,374,607,431,768,211,456 unique addresses (5 x 1028 addresses for every man, woman, and child on earth). Today, this seems like an inexhaustible supply of addresses. Second, in IPv6, IP security (IPSec) is built into the IPv6 protocol, which provides end-to-end packet security from computer to computer. This means that, along with other features, IPv6 offers the following security benefits:
IPv6 supports data authentication, which means that when a computer receives an IP packet from another computer, it is assured that the IP packet did actually come from that IP address. This protects against spoofing attacks.
IPv6 supports data integrity, which means that the contents of an IP packet cannot be modified in-transit.
IPv6 has anti-replay protection, which means that if a computer has already received a particular IP packet, another packet with different data won’t be accepted.
IPv6 supports packet encryption so that only the destination computer can decrypt the packet.
IPv6 supports scoped addresses that can be used to restrict which computers can use file and print sharing, or which external computers a particular machine is permitted to communicate with (similar to the capabilities provided by IPSec).
In IPv6, addresses are expressed as eight hexadecimal numbers, for example: ABCD:EF12:3456:7890:ABCD:EF12:3456:7890. IPv6 also maintains backward compatibility with IPv4 by allowing existing addresses to be represented by padding the address with zeros, for example: 0:0:0:0:207.46.134.222.
Both Windows XP SP1 and Windows 2003 support IPv6. At the time of writing this book, many routers and gateways are IPv6-enabled, but few are configured to actually use the protocol. At some point in the future, IPv6 will become the new Internet standard. Probably the adoption will be in the form of intranet implementation at first (that is, within corporations or other private networks), gradually moving to the entire Internet. IPv6 will give the underlying protocol security that the Internet desperately needs.
On February 14, 2003, President George W. Bush presented his cyber security plan. It essentially proposed joint ownership of the issue among the government, private industry, and consumers, thus seeking cooperation rather than regulation. The Internet is the history’s first global business and information system—it’s impossible for one country’s government to regulate it. The plan calls for five action items from the government:
Better secure the United States government systems.
Create a cyberspace security-response system.
Create a threat-and-vulnerability reduction program.
Improve security training.
Work at an international level to help solve security issues.
This plan is still a vision rather than a concrete series of steps to wipe out viruses and hacking, but it’s an important first step in developing international strategies for making the Internet more secure.
Microsoft, along with other software vendors, is often criticized for writing code that has security vulnerabilities. What is Microsoft’s solution? It is to take security very seriously, with the goal of building products that are secure by design, secure by default, and secure in deployment. Microsoft also has the goal of improving communication about security so that customers know how to maintain security and what to do if a security breach is detected. Microsoft’s solution is part of its Trustworthy Computing Initiative announced in January 2002. Recently, two important initiatives have shown evidence of how Microsoft is implementing its stated security goals:
Windows 2003 Server. Windows 2003 Server has more emphasis on security than any other Microsoft operating system. It’s encouraging to see Microsoft talking about security as a feature that helps sell products rather than as a tax on development. Windows 2003 Server incorporates many security improvements. For example, Internet Information Services (IIS) 6.0 has been redesigned to allow worker processes and Web services to run on a low-privilege account. IIS is also turned off by default. As another security tactic, users cannot log on remotely using an account with a blank password. The Public Key Infrastructure (PKI) Services have been improved. The operating system includes Protected Extensible Authentication Protocol (PEAP) support for enhancing the security of wireless connections and AzMan (Authorization Manager) for managing role-based authorization (although this is not yet integrated with Microsoft Visual Basic .NET role-based security). Microsoft is also committed to releasing more add-ins for Windows 2003 Server to help strengthen and simplify security.
Visual Basic .NET. Visual Basic .NET is built on the .NET platform, which itself is designed for security and a robust out-of-the-box experience. Visual Basic .NET applications compile to managed code. The code is referred to as managed because the code is monitored as it is run. Exception cases such as buffer overruns are caught as they happen. The code also runs under a rich set of permissions. Visual Basic .NET is designed to be, and has proven itself to be, an incredibly robust development platform. In the next evolution of Windows, managed code support will be integrated right into the operating system. This offers the potential of building even stronger security ties between Windows and the .NET platform.