Trust in Cyberspace (1999) / Chapter Skim
Currently Skimming:
2 Public Telephone Network and Internet Trustworthiness
2 Public Telephone Network and Internet Trustworthiness
Pages 26-61
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 26... ...
· The PTN in the United States comprises five distinct regional Bell operating companies and a large number of independent local telephone companies, all interconnected by long-distance providers.]
|
From page 27... ...
There are now many telephone companies that provide advanced services, such as toll-free numbers, call forwarding, network-based programmable call distribution, conference calling, and message delivery. The result is a network that is perhaps more flexible and responsive to customer needs but also more complex.
|
From page 28... ...
There is even a curious semicircularity here, since the X.25 interswitch trunks usually are provisioned from telephone company long-distance circuits, although not from the switched circuits that ss7 manages. Owing to deregulation designed to foster competition, telephone companies must allow essentially anyone to connect into ss7 networks for a modest fee ($10,000~.
|
From page 29... ...
Here, then, is a vulnerability that can propagate from a communications fabric into an NIS that is built on top of that fabric. 5Routers sometimes act as hosts for purposes of network management and exchanging routing protocol messages.
|
From page 30... ...
Conversely, restricting the information that routers share allows routing tables to be smaller, hence cheaper to compute, but sacrifices control over route quality. Today's Internet routing protocols generally favor cost over route quality, but ISPs override this bias toward minimum hop routes in the context of interdomain routing.7 Communication in the Internet depends not only on the calculation of routing tables but also on the operation of the Domain Name Service 7ISPs use the local policy feature of the Border Gateway Protocol (BGP)
|
From page 31... ...
Network management tasks in the Internet are implemented using the Simple Network Management Protocol (SNMP)
|
From page 32... ...
, the Internet's routers would lack a basis for processing some packets differently from others to enforce differing QOS guarantees. The most ambitious scheme to provide QOS guarantees in the Internet relies on the new Resource Reservation Protocol (RSVP)
|
From page 33... ...
PUBLIC TELEPHONE NETWORK AND INTERNET TRUSTWORTHINESS 33 communications path on a hop-by-hop basis. The receiver makes a request of an adjacent router; that router, in turn, passes the request to its predecessor, and so on, until the sender is reached.
|
From page 34... ...
34 TRUST IN CYBERSPACE But cryptographic protocols a sounder basis for network authentication and security are now growing in prominence on the Internet. Link-layer encryption has been in use for many years.
|
From page 36... ...
The PTN is becoming more vulnerable as network elements become dependent on complex software, as the reliance on call-translation databases and adjunct processors grows, and as individual telephone companies increasingly share facilities with the Internet.
|
From page 37... ...
Protective measures that already exist or might be developed are also discussed. The discussion is structured around the four broad classes of vulnerabilities described in Chapter 1: environmental disruption, operational errors, hardware and software design and implementation errors, and malicious attacks.
|
From page 38... ...
The result is a telephone network in which failure of a single link can have serious repercussions. One might have expected that having multiple telephone companies would contribute to increased capacity and diversity in the telephone network.
|
From page 39... ...
For example, when an earthquake occurs near San Francisco, the operations staff might decide to block almost all incoming calls to the affected area codes from throughout the entire PTN. Congestion management in the Internet is problematic, in part, because no capabilities exist for managing traffic associated with specific users, connections, sources, or destinations, and it would be difficult to implement such capabilities.
|
From page 40... ...
In the Internet, no single party is either capable of or responsible for most end-to-end connections, and local optimizations performed by individual providers may lead to poor overall utilization of network resources or suboptimal global behavior. In the PTN, which was designed for a world with comparatively few telephone companies but in which switches can be trusted, competitive pressures are now forcing telephone companies to permit widespread interconnections
|
From page 41... ...
In these circumstances, the consequences of even the most carefully considered operator actions can be surprising and devastating. With regard to the PTN, the Network Reliability and Interoperability Council found that operational errors caused about one in every four telephone switch failures (NRIC, 1996~.
|
From page 42... ...
Similar problems have occurred with regard to Internet routing as well. For example, in April 1997, a small ISP Two independent software bugs also contributed to this frame relay network outage.
|
From page 43... ...
A system operating with limited spare capacity can be especially sensitive to operational missteps. For example, injecting inappropriate, but not technically incorrect, routing information led to a day-long outage of Netcom's (a major ISP)
|
From page 44... ...
Finally, operational errors are not only a matter of operators producing the right responses. Maintenance practices setting up user accounts and access privileges, for example can neutralize existing security safeguards.
|
From page 45... ...
Within telephone switches, software failures are prone to affect individual telephone calls and, therefore, might not always be counted as causing outages. Comparable data about actual outages of Internet routers do not seem to be available.
|
From page 46... ...
failures. If a router fails, then its neighbors notice the lack of routing update messages and update their CERT advisories are available online at |
From page 47... ...
However, the council does warn that the threat is growing, for reasons that include interconnections (often indirect) of OSSs to the Internet, an increase in the number and skill level of attackers, and the increasing number of SS7 interconnections to new telephone companies.
|
From page 48... ...
Beyond harassment, an attacker who can change speed dialing numbers can impersonate a destination or can redial to the intended destination while staying on the line and eavesdropping. Other advanced telephone services controlled by OSSs and databases include call forwarding, toll-free numbers, call distribution, conference calling, and message delivery.
|
From page 49... ...
This problem has been pervasive enough so that numerous procedural safeguards have been mandated by the FCC and various state regulatory bodies. Looking to the future, more competition in the local telephone market will lead to the creation of a database that enables the routing of incoming calls to specific local telephone carriers.
|
From page 50... ...
3. SS7 was designed for a closed community of telephone companies.
|
From page 51... ...
One highly visible example of this occurred in July 1997, when somebody used this technique to divert requests for a major Web server to his own machines (Wall Street Journal, 1997~. In principle, attacks on DNS servers are easily dealt with by extending the DNS protocols.
|
From page 52... ...
Even an ISP that serves a customer's networks cannot reject an advertisement for a route to those networks via one of its competitors many larger sites are connected to more than one ISP.24 Such multihoming becomes a mixed blessing, with the need to check accuracy, which causes traffic addressed from a subscriber net arriving via a different path to be suspect and rejected, being pitted against the increased availability that multihoming promises. Some ISPs are now installing BGP policy entries that define which parts of the Internet's address space neighbors can provide information about (with secondary route choices)
|
From page 53... ...
Moreover, even if false advertisements could be discarded, successful attacks against BGP routers or against the workstations used to download configuration information into the BGP routers could still have devastating effects on Internet connectivity. To secure BGP against a full range of attacks, a combination of security features involving both the routers and a supporting infrastructure 25Attacks against an interior routing protocol or against an organization's routers can deny or disrupt service to all of the hosts within that AS.
|
From page 54... ...
But this can cause traffic to the network in question to be discarded. It is worth noting that the routing system of the Internet closely mirrors call routing in the PTN, except that, in the PTN, a separate management and control network carries control functions.
|
From page 55... ...
4. No effective means exist to secure routing protocols, especially on backbone routers.
|
From page 56... ...
The primary active elements of an Internet-based network the routers are, by design, accessible from the network they control, and the network's routing protocols execute in-band with the communications they control. By contrast, virtually the entire PTN is now managed by out-of-band channels.
|
From page 57... ...
The Internet is also more prone to outages than the PTN. Thus, it would be unwise for utility companies and other critical infrastructure providers to abandon the PTN and rely on remote access through the Internet for controlling power distribution substations, because individual ISPs are less likely than individual telephone companies to survive local power interruptions.28 Few established businesses seem willing to forgo their telephone order centers for Internet-only access, although a small and growing number of newer businesses, such as Virtual Vineyards and Amazon.com, do maintain an Internet-only presence.
|
From page 58... ...
Moreover, businesses that make extensive use of Internet technology may do so in a fashion that externalizes the risks associated with such use. If infrastructure suppliers, such as telephone companies and electric and gas utilities, do not take adequate precautions to ensure the availability of their systems in the face of malicious attacks over the Internet, then the public will bear the brunt of the failure.
|
From page 59... ...
1990. Simple Network Management Protocol (SNMP)
|
From page 60... ...
1997. "Securing Distance-Vector Routing Protocols," pp.
|
From page 61... ...
286-292 in Proceedings of the 1992 IEEE Symposium on Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.