ITAG - Information Technology Architecture Group

ITAG Architectural Guidelines: Network

The Internet is composed of many networks all of which share a common protocol suite, the "Internet Protocol" (IP). This common protocol permits these networks to interconnect and appear to be one cohesive network.

However each network is managed independently of the others. No guarantees are generally made as to the the confidentiality of data flowing through the network. Nor do networks guarantee that packets will not be altered or dropped.

The TCP Protocol (layered on top of IP) handles checking that packets have not been accidentally damaged (and discards packets that are damaged). It also arranges to resend packets that are lost or damaged in transmission. However it is oriented toward the type of errors that tend to occur "in nature." An intruder who is making intentional changes can easily arrange for an altered packet to pass TCP's error checks.

It is therefore important for applications handling important and sensitive data to provide "strong" checks to prevent malicious altering of data in transit and to protect the privacy of data in transit. Cryptographic techniques are typically used to provide "strong" privacy and security. Exactly how this should be accomplished depends on the design and requirements of the application sending data over the network.

MITnet, the MIT Campus network is managed both by IS&T as well as by individual departments. Individual portions of the network are vulnerable to eavesdropping by various members of the community. The most common form of physical network technology found on campus is the "Ethernet." In Ethernet technology, all data is sent on a common network "bus." All computers on the segment receive all data sent by all of the other computers on the segment, including data not intended for it. It is up to the hardware on the individual computers to filter out and remove data that is not intended for it.

An intruder who breaks into a particular computer can typically easily arrange for the compromised computer to receive all data, including that data not intended for it. This data is now available to the intruder. So although the intruder may not be on the MIT Campus, and typically usually isn't even in the United States, the computer that they have compromised is on our network and can be used to compromise data.

Most of our networks are "switched." A switched network typically does not send all data to all computers. HOWEVER, switches can be fooled into sending data to a computer that it isn't intended for. Many toolkits used by intruders have the software necessary to perform this trickery. Therefore just because a network is known to be "switched," it shouldn't be assumed to be secure.

The bottom line is that it is best to assume that anyone can eavesdrop and alter data that flows across the Internet, including just on the MIT Campus, and take appropriate precautions in the application to prevent unauthorized interception and alteration.

For applications that make use of the Web, one of the simplest approaches is to use the "Secure Sockets Layer" (SSL) software that is available on almost all web browsers and most web server. Using SSL, all data that travels from the web server to the web browser (and back) is encrypted. This encryption provides protection both from eavesdropping and alteration.

Although SSL provides encryption, it does not, by itself authentication or authorize clients. See the section on Identification and Authorization for more details.