CS 373 – Week 6 Writeup

This week, we focused on network security. Why is network security important? It can help keep dangerous hosts and data out of a network, prevent retrieval of sensitive information, and protect hosts without self-protection such as IoT devices, hosts that run on legacy software, and mobile devices.

The robustness principle is was published by Jonathan Postel in RFC 1122:
“Be liberal in what you accept, and conservative in what you send”

Postel’s principle is applicable today, just as when it was written in 1998. with some considerations for certain industries or applications. Upon first glance, it may seem like the first part of the principle addressing what a network should accept is too inclusive. This was my impression. Shouldn’t we be wary of malevolent actors that will exploit any opportunity to breach my network? But in the RFC, Postel cautions that we should “assume that the network is filled with malevolent entities that will send in packets designed to have the worst possible effect. ” He is by no means advocating for free and open network policies (though RFC 2468 does describe him as a hippie). His principle is mostly referring to the ability of programs to work under any conditions. The example he uses in his RFC 1122 is that a program using a protocol with an attribute with 4 expected values should not crash if it encounters a fifth value. The second part of the principle describes how hosts should communicate with each other. It is better to go with tried and true applications of protocols than to use legitimate but perhaps more obscure features of a protocol that may result in unintended results.

This week we revisited the Man in the Middle attack. Typically, the man in the middle attack is performed by a malicious actor intercepting communications between two unsuspecting hosts, usually named Alice and Bob. Then, a malicious actor can eavesdrop between the two, change message in transit, or pretend to be one host to another host. How does a malicious actor start a man in the middle attack? One way is a technique called address resolution protocol (ARP) poisoning where the malicious host floods the network with ARP responses. This fools hosts into think that your MAC address corresponds to the network gateway. Then, hosts will begin sending their packets to you. Another technique to perform a man in the middle attack is TCP hijacking where an attacker can inject, create, and change data in a TCP stream. One of the interesting points raised is that there is actually “good” man in the middle behavior as well such as the case of proxies, which intercept outgoing traffic and rewrite packet headers so attackers can’t transmit protocol attacks. An HTTP proxy can also intercept dangerous traffic and prevent connections to dangerous hosts.