only for RuBoard - do not distribute or recompile |
When you get right down to it, the Internet is an unsecure communications system. While the Internet was designed to be efficient and robust, it was not designed to be inherently secure. The Internet's original security was provided by simple access control: only trustworthy military installations, corporations, and schools were allowed to have access. At each of those organizations, only trustworthy individuals were allowed to have accounts. In theory, people who abused the network lost their access.
The idea of using access control to ensure security failed almost immediately. In December 1973, Robert Metcalfe noted that high school students had gained access to the Internet using stolen passwords; two computers had crashed under suspicious circumstances. In RFC 602 (reprinted on the following page) Metcalfe identified three key problems on the network of his day: sites were not secure against remote access; unauthorized people were using the network; and some ruffians were breaking into computers (and occasionally crashing those machines) simply for the fun of it.
Today, the Internet's overall security posture has changed significantly. As we saw in Chapter 2, the simple act of browsing a web page on a remote computer can involve sending packets of information to and receiving them from more than a dozen different computers operated by just as many different organizations. The division of responsibility among multiple organizations makes it possible for each of these organizations and many more to eavesdrop on your communications, or even to disrupt them.
Yet in many ways, today's Internet is more secure than the early network of the 1970s and 1980s. The reason is the widespread and growing use of cryptography.
RFC 602Arpa Network Working Group Bob Metcalfe (PARC-MAXC)Request for Comments: 602 Dec 1973 NIC #21021 "The Stockings Were Hung by the Chimney with Care" The ARPA Computer Network is susceptible to security violations for at least the three following reasons:
All of this would be quite humorous and cause for raucous eye winking and elbow nudging if it weren't for the fact that in recent weeks at least two major serving hosts were crashed under suspicious circumstances by people who knew what they were risking; on yet a third system, the system wheel password was compromised by two high school students in Los Angeles, no less.[2] We suspect that the number of dangerous security violations is larger than any of us know and is growing. You are advised not to sit "in hope that Saint Nicholas would soon be there." |
[1] The Terminal Interface Processor was the ARPANET's anonymous dialup server.
[2] The wheel password is the superuser password.
only for RuBoard - do not distribute or recompile |