6 Aging Protocols That Could Cripple the Internet

by Serdar Yegulalp, InfoWorld

The biggest threat to the Internet is the fact that it was never really designed. Instead, it evolved in fits and starts, thanks to various protocols that were cobbled together to fulfill the needs of the moment. Few of those protocols were designed with security in mind. Or if they were, they sported no more than was needed to keep out a nosy neighbor, not a malicious attacker.

For example, the BGP protocol is used by Internet routers to exchange information about changes to the Internet’s network topology. However, it also is among the most fundamentally broken, as Internet routing information can be poisoned with bogus routing information.

One of email’s underlying protocols is SMTP, which has no inherent security due to its origins in a time when cyberattacks were not common. Meanwhile, a warning for domain name system (DNS) security was sounded in 2008 when a massive flaw in the protocol’s design was discovered. That spurred work on DNSSEC, a security extension for DNS, as a way to keep forged data from being inserted into DNS servers. However, DNSSEC needs to be implemented to work in the first place.

NTP keeps the clocks of computers around the world in sync, but it is a product of an age in which security was not a top priority, making it possible to use the mechanics of the protocol, in conjunction with a fleet of compromised computers, to launch denial-of-service attacks.

Meanwhile, Internet Protocol (IP) version 4 is fast running out of Web address space, and the only solution is a migration to IPv6. Secure Sockets Layer (SSL) has had a replacement for years, but only now are Internet organizations replacing it.  Article