Internet growth statistics from year 2000 to 2008 show the Middle East region as having the highest percentage increase in the number of Internet users at an 1177% gain,
Africa with a 1030%,
Latin America and the Caribbean by 660%.
More mature Internet markets like
Asia (up 363%),
Europe (up 264%),
Oceania (up 154%) and
North America (up 128%)
grew their respective number of Web users at a more moderate pace.
The Internet is a $1.5 Trillion dollar industry, there are about 85 million (85,000,000) .com domains registered today. In 1995, there were 18 billion (18,000,000,000) lookups for .com for the entire year. Today, in 2010, there are 54billion (54,000,000,000) lookups for .com daily. The estimated internet users are 1,802,330,457 for December 31, 2009. IPv4 address space with 4.3 billion IP addresses is predicated to reach exhaustion in less than 2 years.
In addition to the tremendous growth of the internet, there is an exponential increase of web and traditional applications, with hundreds of millions of people using social applications daily; Facebook has over 400 million users and LinkedIn over 60 million users. This trend is followed by an increase in online gamers, demand for VoIP phones and IP based video that use the internet as transport.
The FBI announced it considers cyber-attacks to be the third greatest threat to the security of the United States. The only two preceding it are nuclear war and weapons of mass destruction (WMD)
It is no news that: The FBI announced it considers cyber-attacks to be the third greatest threat to the security of the United States. The only two preceding it are nuclear war and weapons of mass destruction (WMD). A new term "Cybergeddon" has been coined, relating to the potential loss of intellectual property, intelligence infrastructure and related industries dealing primarily in data exchange or storage. The target today is not a person or place, but rather a person's data or a place's significance.
Attempting to police internet security or at a more granular level a simple application is now a huge task and one to be taken very seriously; with approximately 2 billion users, 4.3 billion IP addresses and millions applications on varied Technology platforms.
Why the failure to address cyber-security attacks?
Let us address some of the inherent issues that have created an environment which has failed to substantially address Cyber-attacks;
- Applications are the threat vector;
no matter how robust an infrastructure or architecture is the primary goal is to transfer information which is a function of the application. Application level security embedded in code, API sockets encryption and tagging is a rarity. Applications have in some cases become threats, with developers leaving back doors for maintenance/repair and the use of hidden keys and commands not apparent to security experts.
- Cyber-attack libraries or archives are not universally available.
- With a huge global internet population, there is high degree of trust (high uncertainty on sites being accessed) on the internet, a liberal use of SSL and other IP port/transport based security platforms.
- Firewalls and DMZ are inadequate to handle new required security rules nor adequately handle current threats
Firewalls and DMZs are now legacy systems for today threats, the technology is archaic. Therefore there is no visibility or control since Ports are not applications, IP addresses does translate to users and IP headers does not connote content; Applications have changed while firewalls/DMZs have remained the same.
- Lack of Cross-Functional expertise; the prevalent question is where does the function of security fall?
- Software/OEM platform Developers?
- Application developers?
- Anti-Virus Developers?
- IETF and other Security standard bodies?
- IP OSI Session and Transport engineers?
- Network Engineer, Telecom, ISPs, and Content providers?
- Cloud & Data Center Operators?
- Equipment Manufacturers? Users?
The stakes are high; hackers no longer want to be found, they use threats that elude traditional detection mechanisms. We now have international state-sponsored hackers. Current mechanisms are not able to control application usage, have limited view of traffic and lack the intelligence parameters by which to detect threats.
A better way to ensure Network Security
Any proposed System will support continued network operation in the presence of successful attacks with minimal human intervention we have considered the following requirements, best practices, considerations and Technologies:
- Artificial Intelligence (AI):
Build AI cyber-attacks universal libraries (to include blacklist libraries) with object-oriented neural nets, genetic algorithms, traditional search algorithms, and knowledge-engineering methods. The AI system can reside on multiple nodes of the network; AI is a sub-function of the systems.
- AI will be capable of identifying applications regardless of port, protocol, user, evasive tactic or SSL; Universal Application (sub-set can be applied to a customer) library to be developed. The AI system will have unique parameter to detect users regardless of IP address. Provide a granular visibility and policy control over application access/functionality.
- Centralized Management: System able to collect real-time data from applications on usage, user daily access patterns, and Network bandwidth associated with voice, data, video, specific websites, databases and services with warehousing and cataloging features. Interface with Anti-virus, OEM software and other security agent to ensure cataloging and provide a broad decision making base.
- Deployment with no network degradation; the use of intelligent agents without direct intrusion in real-time and able to implement direct action; able to Isolate and handle threats with minimal effect on network.
- Apply the Open Systems Interconnect (OSI) Seven Layer Network model's concepts into the context of information security; taking a viewpoint of network model layers rather than discrete solutions and logical or physical hardware layers.
All existing security solutions reside on one or more OSI layers, for example firewalls reside primarily on the Network and transport layers, while Ethernet encryption resides on the Data link layer, SSL on transport layer, Juniper’s Datatrac on the application layer/physical layer and IPSEC on the Network layer. “Suppose that we apply good security through the underlying layers, with physical isolation (layer one), private VLANs (layer two), and firewalls with tight packet filter policies (layers three and four). But then we are deficient on our application layer security (layer seven, and often layers six and five), using unpatched server software and poorly written application and script code.
Since the vulnerabilities lie within the application, in a pure seven-layer model we would be hard pressed to defend against this at the lower levels, as the controls at lower layers would only be able to address their respective layer of protocol, and not issues that occur above.
A firewall and DMZ are not sufficient to protect a host from outside attack if the ports that the firewall allows connect to vulnerable services (WWW, SMTP, Netbios, SQL). The services themselves need to be secure.This illustrates the conventional approach of defense in depth - a firewall and DMZ are not sufficient to protect a host from outside attack if the ports that the firewall allows connect to vulnerable services (WWW, SMTP, Netbios, SQL). The services themselves need to be secure. Denial of Service is a mere circuit breaker or lead pipe away when dealing with the physical layer, the physical realm is also the hardest to maintain an audit log or monitor; Van Eck Phreaking was coined to describe remote eavesdropping on the signals.
- The system proposed can reside on a Firewall, Router, node or as a standalone; customizable to fit any network. Let presume that an IP address is a man, the data is his suitcase, the routing protocol is the car and the airports, houses and buildings visited are virtual gates like ports, access equipment, networks, data Centers and ISP providers.
The question would be: Which requires the highest level of security? Do you secure the man more than the data, car or the gates?
- Using the OSI model, the information to be delivered resides in the suitcase. That means that catching the unauthorized person before he leaves his house is very vital or while he is in the car before reaching a given perimeter of the airport. The ability to place the system on various nodes can enable a 99.9% pre-emptive detect and resolution rate.
- Employment of IPv6 features, customization of headers, IPv6 API socket encryption. Security features like IPSEC, Unique identifiers, extension headers (AH,ESP,SPI,SA), customization/encrypted of the flow label (20bits) in the IPv6 header, encrypted reserved bits of IPv6 Network/subnet address, use of unique identifiers and custom mapping techniques available in IPv6.
Some of the fore mentioned IPv6 features will help alleviate futuristic attacks such as cloud and virtual desktop hijacking and Identity theft.
In conclusion manufacturers of security devices, software and systems need a framework to develop a more coordinate response to attacks, sharing data as the cyber threat to the world economies can only escalate with time.