Internet Security Standards
Raymond R. Panko, University of Hawaii
Attacks on Dialogues
An IETF Focus on Dialogue Security
Authentication and Integrity
Adding Overlay Security to Individual Dialogues
Cryptographic Protection Systems (CPSs)
PPP and PPTP VPNs
Dialogue Security and Firewalls
Adding Security to Individual Internet Standards
A Broad IETF Commitment
Security and Vulnerabilities
The Core Three: IP, TCP, and UDP
Application Layer Standards
The State of Internet Security Standards
The Broad IETF Program
The Authentication Problem
Protection from Denial-of-Service Attacks
Internet Forensics Standards
When the Internet was created, security was left out of its TCP/IP standards. At the time, the crude state of security knowledge may have made this lack of security necessary, and the low frequency of attacks made this lack of security reasonable.
Today, however, security expertise is more mature. In addition, the broad presence of security threats on the Internet means that security today must be addressed deliberately and aggressively In 2004, between 5% and 12% of all sampled traffic moving across ISP networks was malicious (Legard, 2004).
This article describes two ways to add standards-based security ...