There are several security protocols aimed at improving TCP/IP security, including DNSSec for protecting DNS servers, a few proposals for securing BGP, and IPSec for encrypting communications between routers. But none have been widely deployed.
Encrypting routing and applications that ride on the Net is one option, but encryption raises the thorny issue of who owns the public key infrastructure "root," as well as performance and investment issues, for instance. "No wants to go to a monolithic policy" on encryption or security, Bellovin says. "We know more or less how to secure routing. Any conceivable fix is going to run up against any of the same issues for adopting any of the secure solutions for routing. Can you afford [encryption] key computations? Who is the root for PKI?"
A better solution would be to add encryption only where it's necessary, as with BGP and DNS, he says. And enterprises and vendors must spend more time eliminating buggy code, he says. "The real issue is the apps. Make sure your Web server is secure, and your browsers are secured to the latest patch level. "
Tony Kapela, a researcher who demonstrated the routing attack at DefCon, says it may be time to resurrect IPSec. "IPsec was supposed to be host-to-host [router-to-router], but it didn't happen. This might be yet another reeason to do what we tried to do 10 years ago [with IPSec]," says Kapela, who is network director and partner for 5 Nines Data. "It's more important than ever to put money into efficient encryption."
And blaming TCP/IP for not doing what it wasn't intended to do is short-sighted, says Kaminsky, who is director of penetration testing for IOActive. "Yes, we had to fix DNS. Maybe someday we can figure out how to fix BGP. But these are at best fingers in the dike," he says. "We must as an industry secure our endpoints. It's 2008: Where's secure email?
Meanwhile, there will be more infrastructure risks exposed by researchers, he says. "We'll definitely find more infrastructure vulnerabilities. The reality is, they expose so much low-hanging fruit that was previously unreachable to an attacker, such as broken auto-updaters that do nothing but go to the insecure Internet and ask, 'Hello Internet! Do you have any arbitrary code you'd like me to install?' Who needs buffer overflows when you can intercept that request?" Kaminsky says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message