CRIM 3460 Introduction to Critical Infrastructure Protection Fall 2016
Chapter 6 – Internet
School of Criminology and Justice Studies University of Massachusetts Lowell Historical Timeline 1957 - 2003 The human organizations behind the Internet? Legislation leading to Commercialization Who governs the Internet, today? Invention . ARPA - Advanced Research Projects Agency . NSF – National Science Foundation . IETF – Internet Engineering Task Force . W3C – World Wide Web Consortium . ICANN - Internet Corporation for Assigned Names and Numbers created to sell blocks of names
The Internet is a network that runs TCP/IP . A network of networks . A generic term used in the 1970s in reference to the ARPANet network . Internet is a network that links computer networks all over the world by satellite and telephone, connecting users with service networks such as e-mail and the World Wide Web.1
1Encarta® World English Dictionary © 1999 Microsoft Corporation 1957 - USSR launches Sputnik and USA responds with creation of ARPA = Advanced Research Projects Agency 1962 - Licklider of MIT proposes “Intergalactic Computer Network” as head of ARPA’s command and control program Joseph Carl Robnett "Lick" Licklider developed the idea of a universal network, spread his vision throughout the IPTO, and inspired his successors to realize his dream by creation of the ARPANET. (Robert) Taylor’s “Terminal Problem” . How to connect one terminal to 2 or more computers 1968 - ARPA contracts BBN to build packet switched ARPANet
Back-of-Envelope Sketch: Back-of-Envelop Sketch: A Server (Sigma7) … 4 Computers located in UCLA, … and a Switch (IMP) SRI (Palo Alto), UCSB, Utah 1969 - Jon Postel starts list of users - eventually becomes DNS - for ARPA - he runs IANA for 30 years DNS (Domain Name Server); “Telephone Book” of Internet. DNS translates: http://www.myname.tld into 120.131.200.41 The RFC Process . Steve Crocker of UCLA creates RFC = Request For Comment - major tool of Internet evolution
Cluster of Servers on East and West Coast 1973 - Vinton Cerf of Stanford and Robert Kahn of DARPA (Defense Acquisition Research Projects Agency) invent TCP for interoperability and reliability across a network of networks = the “Internet” protocol. . First use of the term, “Internet” . Bob Metcalf invents Ethernet for LANs = Local Area Networks = to become dominant LAN protocol 1976 - DARPA requires use of TCP in ARPANet
1978 - Vinton Cerf, Jon Postel, Danny Cohen divide TCP into 2 parts: TCP and IP - thus TCP/IP is born 1979 - ARPANet Internet exceeds 100 users . Bellovin of UNC invents USENET news group network 1981 - NSF creates CSNet for non-ARPANet university use 1982 - Jon Postel creates SMTP (Simple Mail Transport Protocol) thus standardizing e-mail
ARPANET at 1,000 users - research centers: Stanford/XPARC, USC/ISI, Triangle Park, MIT 1988 - Al Gore discovers the Internet – NRC report chaired by Kleinrock suggests the commercialization of the Internet - attracts Gore’s attention 1989 - Tim Berners-Lee (CERN) invents the World Wide Web: . HTML . Hyper-linked documents
1992 - Congress gives NSF permission to commercialize the Internet (NSFNet) . Number of users exceeds 1 million 1993 - NSF creates InterNIC to support Internet . AT&T contracted to maintain DNS structure . NSF awards 5-year contract to Network Solutions to sell domain names for $50/year subscription . Number users exceeds 2 million
Mosaic - First graphical browser . Turned web into a visual web . Made it easy to use . Ran on low-cost PCs 1995 - After spending $200M from 1986-1995 NSF out-sources the Internet to 4 companies via Department of Commerce 1997 - Clinton administration directs Secretary of Commerce to privatize the DNS to increase competition and International participation
Department of Commerce National Telecom and Information Admininistration (NTIA) produces “Green Paper” on governance of Internet and DNS in a private ownership world ICANN created to sell blocks of names Internet Assigned Numbers Authority (IANA) is responsible for coordination of DNS root and IP addressing/other resources
http://www.internetassignednu mbersauthority.org/
Non-profit, LLC formed IT sector members as a forum for managing risks to IT infrastructure and corporations. Members participate in national and homeland security efforts to strengthen IT infrastructure through cyber information sharing and analysis Members help improve incident response via collaboration, analysis and coordination, which drives cybersecurity policy, incident response and information sharing Current officers and board members are with Cargill, Oracle, Intel, AT&T, BAE Systems and HP.
Figure 6-1 (in Text). Internet age versus classical industrial age Figure 6-2 (in Text). AS500 network: the most-connected 500 autonomous systems in the global Internet Figure 6-3 (in Text). Core autonomous systems of the Internet Simulation . Spread virus in AS500 Internet with vulnerability of 5%. . Spread virus in AS500 Internet with vulnerability of 10%. . Spread virus in AS2000 Internet with vulnerability of 5%. . Spread virus in AS2000 Internet with vulnerability of 10%.
Simulations illustrates the relationship between Internet structure and node vulnerability under stress. Assume a virus starts spreading from a node chosen at random. What is the risk that it will spread to other nodes? . AS500 with a 5% probability of spreading (vulnerability) produces a low-risk (exceedence and risk profile) . AS500 with a 10% probability produces a modest risk due to the increase in vulnerability . AS2000 (less resilient to cascades) with a 5% probability produces a higher risk than AS500 due to less resiliency . AS2000 with a 10% probability produces a catastrophic risk network due to the increase in vulnerability
Figure 6-4 (in Text). DNS structure of the global Internet
Figure 6-5 (in Text). The ISO-OSI protocol stack.
Figure 6-6 (in Text). Governance of the Internet is mostly a collection of voluntary groups.
Figure 6-7 (in Text). Example of sending an email via TCP/IP protocol Internet = TCP/IP . Any device that understands TCP/IP is on the Internet Internet’s webgraph has a high spectral radius . Vulnerable to the spread of viruses Logical DNS structure is a tree . DNS is the “telephone book” . Updated frequently . Controls who is on the Internet Internet governance is voluntary; so far
What is “Internet Security”? Properties of Sand Piles; Internet SOC at the physical, virtual levels Cyber Exploits: Real or Hype? . Vulnerabilities . Consequences . Black Swans . Reality Check . Einstein on Offense
Internet as Biology . The Internet Ecosystem . Predator-Prey Systems . Limit cycles and extinction . Gause’s Law . Paradox of Enrichment . The Internet monoculture Policy Options . Traditional . Radical
Biology Internet DNA TCP/IP Alphabet Messenger RNA Internet Routing Cisco Router Mutation Innovation Unix > MacOS Extinction Creative Destruction DEC, CDC, Multics Co-evolution Co-evolution 3G : iPhones Food Network Supply Chain ARM > Apple > iPad Predators Users, Hackers, e-Commerce RussianBusinessNet Prey Hardware, Software Windows, MS Office
Vulnerabilities constantly change . Some go up, some go down Malware . Insiders . Stolen laptop . Denial of service (DOS) . Financial fraud (phishing) . Password sniffing . Open wireless access
Regulation : Should the Internet be regulated? Will it kill it? What is legitimate regulation? Larry Lessig’s 4 Codes: . East Coast Code: Internet laws cannot oppose existing laws o Fraud, Theft, Pornography, subject to same rules . West Coast Code: Rules of Internet operation driven by ‘Internet culture’ o TCP/IP, WWW, media, other standards drive the culture . Social Norms: Internet law/regulation follow social norms o Censorship, free speech, privacy, civil behavior . Markets and Commerce: information supply and demand = classical economics