Forty-five -year-old Internet protocols which date back to the US Defence Department’s (ARPANET) from 1969 were never designed for cyber attacks and need to be changed, urged Verizon’s US national security policy vice president, Marcus Sachs.
Speaking at AusCERT on the Gold Coast today, Sachs told delegates that the ARPANET researchers could not imagine that the network they designed would one day be under threat from online attackers. “ARPANET is gone but the Internet is still standing. Can we reprogram the simulation?” he asked.
“We have built this beautiful thing called the Internet and we are only using it for two primary protocols, what a shame.”
According to Sachs, this has created a “perfect opportunity” for cyber criminals as they are using lesser known protocols such as file transfer protocol (FTP) to cause problems.
“You probably have servers that are running FTP protocols. I could drop files in there anonymously and inject bad stuff into your system because you are not paying attention to FTP,” he said.
- AusCERT 2014: Security in a world of surveillance
- Getting the cyber security analytics mix right
- Budget 2014- Federal agency mergers could create cyber security gaps
Sachs added that in the days of the ARPANET network most people who were using it, such as academics and researchers, “knew each other".
However, in 2014, he said that there are an estimated 2.7 billion users of the Internet.
“Can we re-program the Internet? It may take another 40 years to do this. We could change the rules and build a new Internet or perhaps live within the rules [of Internet protocols] and find creative ways to use the rules that we have.”
Sachs added that he hoped in 40 years’ time people were not relying on TCP and UDP protocols to use the Web.
“We still support the ARPANET reference model. It is still fundamental to how the Internet works but we now have an almost monoculture of operating systems made up of Microsoft, Apple and Linux.”
Sachs shared a diagram (see image two) which showed that Windows made up 90 per cent of desktop operating systems while Apple and Unix made up the remaining 10 per cent.
Turning to mobile OS, Android had an 80 per cent share, Apple 15 per cent and others, such as Windows Mobile and BlackBerry, made up the remaining 5 per cent.
Server operating systems were made up of Unix (60 per cent) and Windows (40 per cent).
Hamish Barwick attended the AusCERT conference as a guest of AusCERT
Follow Hamish Barwick on Twitter: @HamishBarwick
- CSC opens Sydney cyber security centre
- 'I’d like us to move away from the dependency on passwords,' says Facebook engineer
- DDoS reflection/amplification attacks disrupting ISP networks
- PCI DSS compliance improving says Verizon