Volume 2, Number 7 -- July, 1997
The hackers will save us from the hackers?
In last months Tales of the Geek Lord, I ranted about law enforcement's inability to keep up with the widespread problem of computer crime. In this issue, I look at some things which can actually protect your information. What these concepts really represent is the end of the Internet's "Age of Innocence". If you spend far too much time protecting yourself on the net, then these concepts are the cavalry you've been waiting for. If you're one of the old ARPAnet longbeards, then these concepts mark the final demarcation point between the trust and faith of yesterday, and the mandatory business paranoia of today.
IP Spoofers meet IPv6: IP Spoofing is the trick of convincing a computer on the Internet that you are someone else. The attacker changes the source IP address to something she thinks the attacked computer will trust enough to allow entry. IPv6, for those who didn't know, stands for Internet Protocol Version 6. Currently, the Internet runs on version 4 of the Internet Protocol. Many of you know that the Internet is quickly running out of IP addresses, and IPv6 (or IPng, for IP Next Generation) will cure this by providing at least 1,564 addresses per square meter on Earth. While IPv6 is being developed, the engineers threw in two important security features: Authentication and Encapsulation. Basically, this means you can prove that the data you receive came from the place you expected it to come from, and the data can be encrypted, if you wish.
Sniffers meet Switches: A fundamental hacker trick after getting on your system is to install a program known as a sniffer, which listens on the Ethernet segment for data. Ethernet (often used in Local Area Networks, probably like you have at work) sends data out to every computer, but only the computer it is specifically addressed to will actually listen, unless a sniffer is installed. A sniffer puts the computer into "Promiscuous Mode", where it will listen to all conversations between other computers on the LAN. This data can include usernames and passwords, which the hacker then uses to gain entry to other computers on the network.
Ethernet switches are hardware devices which are quickly replacing the Hubs and Repeaters which currently pass this data out to all computers on a segment. A switch will listen on one port and only send the data out to the port where the data is addressed. If A and B are talking, C will never hear the conversation.
Crackers meet Firewalls: Here's a tip for the uninformed: Firewalls work. A firewall is placed between your trusted network and the rest of the world. The simplest firewall is an Access List, which simply states what services are allowed to pass through to your network, and who is allowed to use those services. If you have a firewall that does not allow telnets from the Internet, then telnets will be impossible.
You may be wondering why security is still an issue. If firewalls work, and there are plenty of firewalls available, then what's the problem? Well, computer users will go to remarkable lengths to bypass the security provided by firewalls. Modems within the trusted network are probably the worst offenders, since a hacker can then dial in to the modem and connect to your network without passing through the firewall. Further, a firewall must be configured correctly to work, and configuring firewalls requires a good understanding of Internetworking.
Governments meet Encryption: Encryption is the translation of data to a secret code. The proof of an encryption scheme is how long it takes to determine the secret code, and some encryption schemes would take so long to decrypt (using today's technology) that the possibility of cracking the code is computationally infeasible.
Everyone knows that encryption will dry up most hacker watering holes. So why are the hackers begging for fully institutionalized encryption, and why do governments fight efforts to do so? Well, the government says encryption can be used by child pornographers and terrorists (two groups we all hate). Hackers say the government is more afraid of average citizens using strong encryption to do business, and thereby avoid taxes. To make sure everyone understands the full implications of that last statement, if the government is unable to collect taxes, then there is no government.
Latest News: Microsoft received clearance from the US Government to export 128 bit encryption to international banks. My professional guess is that two factors influenced this: One, Microsoft is an American company hiring Americans and paying American taxes. If they say they need something, the legislators will bend over backwards to help (and you thought it was only your company that became slaves of the Microsoft empire). And Two, NSA probably announced to the president that they can now crack 128 bit encryption with a reasonable degree of success at a reasonable cost.
Geeks will read this article and complain that I left out all the good details, while those readers not part of "The Industry" will complain that I threw out too much technical jargon. It's a thin line I walk in writing this column, trying to find the common ground between two worlds.
Either way, I've got a two week trip to Iceland starting this Sunday, Exchange Bridgehead servers to install, and several servers to shore up against the "Ping of Death", that is all the current rage.
Next month's "Tales of the Geek Lord": Paranoia in the Global Village.
Links to make You Think