FacebookMySpaceTwitterDiggDeliciousStumbleuponGoogle BookmarksRedditNewsvineTechnoratiLinkedinMixxRSS FeedPinterest

Internet Security Demystified

Everyone who uses the Internet has heard the stories of compromised Pentagon computers, millions of stolen password, denial of service attacks and more. So what causes the Internet to be so insecure? This article attempts to shed light on the evolution of Internet security issues.


American taxpayers paid for the development of the Internet under the large umbrella of the Department of Defense (DoD); more specifically the Defense Advanced Research Planning Agency or DARPA funded the necessary research at universities and private corporations. Our military had some very basic requirements at the time. Computers made by Company A needed to be able to exchange information with computers made by Company B. This requirement arose because Congress had mandated that DoD use a competitive bidding process for procurements to insure that the low bidder won the contract. Consequently, the DoD was home to every kind of computer made and none of them talked to each other. One other Internet design requirement imposed by the military was that the Internet should be robust enough to operate during wartime when many of the telephone lines that carried military communications (voice and data) could be bombed out of existence. As it turned out, this requirement for “survivability” meant that the technical architecture of the Internet needed to provide ways for data to be “dynamically rerouted” via whatever links were not bombed out to insure that the message eventually had the greatest chance of reaching the intended destination. As we will see later, this requirement imposed such unique design requirements that the military willingly traded off poor security for a higher probability of deliver.

Who Needs Security Anyway?

There was of course a great reason why the most powerful military in history willingly traded off security for survivability. Surprising, the answer was because transmission security was not really needed! This is because the military has long employed encryption capabilities on all of its communications links to prevent an enemy from intercepting transmissions. With encryption capabilities already in place the computers could effectively be “relieved” of the need for concern about security. This drove the design requirements of the Internet protocols, which are effectively the language used by the equipment within the Internet.

Internet Design

To understand why the Internet is so insecure you have to actually consider the rules of communication used between pieces of equipment. Actually, understanding just a few of the design choices goes a long way in understanding Internet security. Since the DoD was already using systems that scrambled up everything transmitted, the Internet Protocol design could be free to use the lowest overhead communication of all – namely “plain text.” Plain text protocol design essentially means that all of the communication rules are built around transmissions that anyone can simply read like today's newspaper. Without the encryption devices present, credit cards, email messages, entire file transfers, chat sessions and every other application exchange are as easy to read as today's newspaper. Of course, that doesn't apply to the DoD because their links employ encryption.

Another interesting design decision employed within the Internet protocols is best understood by the “survivability” requirement. Instead of sending all of the information via a “dedicated link” the Internet protocols chop the data up into small pieces which travel independently over whatever link is up and are put back together again in the proper order by the receiving system. Since it is possible during wartime for many different paths to be out of commission it was necessary to define timers that allowed incredibly long periods (in computer processing time) of time for each piece of information to arrive. Under conditions where security was not taken off the table as a requirement, protocol timers would be expected to be set in computer time, which is milliseconds. But if security is not a concern its possible to define timers that allow say 20 minutes to pass without the sender or receiver tearing down the connection. The consequence of this, however, is that a human hacker has all of the time in the world to manipulate the exchange of information so it really isn't even necessary to automate an attack because Internet systems will just “assume” the transmitter is operating under severely degraded conditions.

Really Open Systems

These two characteristics of the Internet, plain text transmissions and almost unlimited (in computer time) timers make the Internet incredibly insecure for anyone who is not using encryption on their transmissions. And since the Internet is an “open system” environment the documents that define the required protocol exchanges between any two applications are defined and published for everyone with an interest to read by the Internet Engineering Task Force (IETF). From a security perspective this is a bit like the Bank of America publishing the combination for all of its safes in the New York times but from an engineering perspective this greatly helps to rapidly deploy new Internet applications.

Shhhh...That's a Secret

Why do we hear about Pentagon computer break-ins if the military has encryption on all its systems? Ah, the truth is that not every computer used by the military has the level of sensitive information required to justify encryption protection. Even though the military, and most Federal Government agencies, view everything as “For Official Use Only” the truth is that someone breaking into a computer in the Press Release office in the Pentagon is not really going to obtain any secretive information anyway. Sometimes, such disclosed “break ins” are little more than a bureaucrat trying to justify a larger budget for the office.

Theft By Any Other Name

What about hacking account passwords at banks? Yes, that is legitimate theft of corporate property.  In comparison, however, let's imagine a similar situation at the level of an individual. Let's say you visit Central Park in New York City and sit down on a bench and spent some time cleaning out your wallet. You decide a cup of coffee would be nice so you place your wallet down on the park bench and stroll leisurely across the street to a coffee shop. You buy the coffee and head back to the bench where you expect your wallet will still be sitting just where you left it and no one would dare even take a peek inside because its your personal property, right? Absurd? Yes, very! Consider then how the government has spent millions and millions of dollars building sophisticated monitoring systems over its Internet protocol networks and then voraciously prosecuted teenage kids who dared to take a peek at computer systems that had their data hanging out on the Internet for anyone who cared to read it. Well of course breaking into any computer should be illegal based on the morality that stealing is wrong but it seems that it should be equally wrong for billion dollar corporations and governments, both of which employ the highest educated computer experts possible, from putting their sensitive computers on the Internet in the first place. The hackers have been vilified as some type of genius level computer guru who thwarted the best security experts in the world when in fact they interacted with systems that were all too anxious to hand over any and all requests for information without even so much as a timer set on how fast the hacker should type!

Have Glue, Will Stick

Fortunately, industry came along many years later with add-on security tools that allow information such as credit card accounts to use lightweight quality encryption such as Secure Socket Layer (SSL), Transport Layer Security (TLS), and other capabilities that enabled electronic commerce to flourish on the Internet.  Other than these features, however, the Internet still operates like the fully open system it was designed to be.

About the Author

Jason Canon has over 30 years experience in the computer industry and served as a voting member of the Federal Internetworking Requirements Panel.


0 #11 petluk.net 2016-07-05 15:50
Hey therᥱ! Woulɗ уoᥙ miknd if I share your blog
with my facebook ɡroup? Thеrе's a lot of folks thɑt I think would reaⅼly enjoy үour content.

Please lеt me know. Thank үou

Silahkan Cekk blog Kami untuk mendapatkan Data Menarik mengeni petluk.net: http://petluk.net/comment/html/index.php?page=1&id=145946.
Terima Kasih
Quote | Report to administrator
java tour overland
0 #10 java tour overland 2016-07-05 14:18
Wriute more, thats all I havᥱ to say. Literally,
it seems as though yoս relied on thee ideo
tоo make yߋur poіnt. Ⲩοu օbviously know wat youfe talking ɑbout, whyy throw awsay үour intelligence on jut posting videos tо yоur weblog when you
coսld be giving us ѕomething informative tⲟ rеad?

Silahkan Kunjungi website Anee unthk mendapazt Data lebih lengkap lagi tentang java tour overland: http://yearbook.coolloud.org.tw/index.php?title=%E7%94%A8%E6%88%B6%E8%A8%8E%E8%AB%96:VernellT90.
Quote | Report to administrator
discover more
0 #9 discover more 2016-06-08 12:45
Join these biggest Facebook groups with more than 500 000
people worldwide, get more daily health tips and many more for FREE!!!

You can also visit these websites to find more health articles:
Together, by sharing our thoughts, desires, beliefs and knowledge, we can make a difference,
together we are stronger and together we grow!
Quote | Report to administrator
mattress reviews
0 #8 mattress reviews 2016-05-09 20:02
Hello there! I could have sworn I've been to this website before but after checking through some of the post I realized it's new to me.
Anyhow, I'm definitely happy I found it and I'll be bookmarking and checking back often!

My weblog :: mattress reviews: http://innovasaber.com/
Quote | Report to administrator
Mattress reviews
0 #7 Mattress reviews 2016-04-19 03:53
Hello there! I know this is kinda off topic but I'd
figured I'd ask. Would you be interested in trading links or
maybe guest writing a blog article or vice-versa? My blog goes over a lot of the same subjects as yours
and I think we could greatly benefit from each other.
If you might be interested feel free to send me an e-mail.
I look forward to hearing from you! Superb blog by the way!

My blog :: Mattress reviews: http://bestmattressreviewsandratings.com/
Quote | Report to administrator
bandar bola
0 #6 bandar bola 2016-04-03 15:41
That is really fascinating, You aree an overly skilled blogger.
I have joined your rrss feed and lokk ahead to searching for extra off your wonderful post.
Also, I have sshared your website inn my social networks

Silahkan Kunjungi haaman website Akku hanya untuk dapat Info lbih komlit mengenai bandar bola: http://toppblogg.no/index.php?a=stats&u=beatriceanglin.

Quote | Report to administrator
dog grooming school
0 #5 dog grooming school 2016-02-07 01:10
Discovering a high quality pair of clippers can be very powerful with so many
different fashions to choose from, but this evaluate will break down all the best options for the two major excessive-end manufacturers of clippers:
Andis and Oster.

Here is my site ... dog grooming
school: http://you.org.my/index.php/component/k2/itemlist/user/836649
Quote | Report to administrator
plumbing services
0 #4 plumbing services 2015-10-26 09:47
Due to the nature of plumbing work, a bad installation can prove
highly costly for even a easy plumbing mistake, with water injury being in depth.

Also visit my blog post; plumbing services chicago: http://www.thisisthefirst.com/component/k2/itemlist/user/356043
Quote | Report to administrator
0 #3 puerhjunky 2015-10-19 00:19
Developed throughout the Song Dynasty (960-1279),
jasmine tea is green or white tea flavored with jasmine
Quote | Report to administrator
telecom vacancies
0 #2 telecom vacancies 2015-10-08 05:02
Job Details: We are a Du telecom channel companion (Client) and we
require skilled outside gross sales executives.

Have a look at my webpage: telecom vacancies in europe: http://www.gdaca.com/?option=com_k2&view=itemlist&task=user&id=445477
Quote | Report to administrator

Add comment

Security code

OS X Keyboard Shortcuts

Key Effect
C Start from CD
D Start from 1st Partition
N Start from Net Server
R Resets laptop screen
S Single-user boot
V Verbose Mode
V Unix console msgs
Power Keys Effect
Ctrleject icon Shutdown, sleep, restart
Opteject icon Sleep
CtrlOpteject icon Shutdown
Ctrlpower Restart










English French German Italian Portuguese Russian Spanish

Popular Content