Securing Resources   «Prev  Next»

Lesson 1

Intro Securing Resources

As you have learned, TCP/IP protocol[1] is a powerful and popular protocol. However, it is also inherently insecure, not only because of its popularity, but also because of its open-source nature. Anyone can consult the Internet (RFCs) Request for Comments[2] of a protocol and learn all the idiosyncrasies of its design. This module will discuss how you can implement a security model to help protect the most often-attacked servers that use TCP/IP, including HTTP[3] , FTP[4] , and SMTP[5] servers.

TCP/IP Architectural Principles

The TCP/IP protocol suite allows computers and mobile phones supplied from different computer vendors, running different software, to communicate with each other. By the turn of the twenty-first century, transport protocols have become a necessity for modern communication between distributed networks. It is truly an open system in that the definition of the protocol suite and many of its implementations are publicly available at little or no charge. It forms the basis for what is called the Internet, a (WAN) wide area network of about 3 billion users that span the globe (as of 2020, about 53% of the world’s population). Although many people consider the Internet and the World Wide Web (WWW) to be interchangeable terms, we ordinarily refer to the Internet in terms of its ability to provide basic communication of messages between computers. We refer to WWW as an application that uses the Internet for communication. It is perhaps the most important Internet application that brought Internet technology to world attention in the early 1990s. Several goals guided the creation of the Internet architecture. The primary goal was to "develop an effective technique for multiplexed utilization of existing interconnected networks."
The essence of this statement is that the Internet architecture should be able to interconnect multiple distinct networks and that multiple activities should be able to run simultaneously on the resulting interconnected network. Beyond this primary goal, a list of the following second-level goals:

  1. Internet communication must continue despite loss of networks or gateways.
  2. The Internet must support multiple types of communication services.
  3. The Internet architecture must accommodate a variety of networks.
  4. The Internet architecture must permit distributed management of its resources.
  5. The Internet architecture must be cost-effective.
  6. The Internet architecture must permit host attachment with a low level of effort.
  7. The resources used in the Internet architecture must be accountable.

TCP/IP Protocol Suite

Objectives

By the end of this module, you will be able to:
  1. Consistently apply security principles
  2. Secure an operating system
  3. Secure TCP/IP services, including HTTP and FTP
  4. Apply security principles to secure servers, applications, and gateways
Many of the goals listed could have been supported with somewhat different design decisions from those ultimately selected. However, a few design options were gaining momentum when these architectural principles were being formulated that influenced the designers in the particular choices they made. We will mention some of the more important ones and their consequences.

[1](TCP/IP) Transmission Control Protocol/Internet Protocol: A suite of protocols that turns information into blocks of information called packets. These are then sent across networks such as the Internet.
[2](RFC) Request for Comment: The written definitions of the protocols and policies of the Internet.
[3](HTTP) Hypertext Transfer Protocol: A TCP/IP application that uses a browser to access and retrieve Web pages from the server.
[4](FTP) File Transfer Protocol: An approved method that allows the delivery of files across the Internet. An FTP server stores directories of files using a hierarchical structure. Normally, a user is a client and a company acts as the server.
[5](SMTP) Simple Mail Transfer Protocol: The Internet standard protocol to transfer electronic mail messages from one computer to another. It specifies how two mail systems interact, as well as the format of control messages they exchange to transfer mail.