|
Project Description: The product of this effort is a document explaining the planning and process for evaluating the robustness of a TCP/IP stack. Project Impact: This project is anticipated to be beneficial to product testing teams, focusing on what tools to run, what observations to make, measurement of impact, and vulnerability mitigation. Project Details: TCP/IP is ubiquitous now, despite these security problems. In fact, the TCP/IP usage is expanding rapidly into new devices and new areas such as household devices and critical infrastructure areas. The more secure IP version 6 has not seen widespread deployment yet. Instead of totally replacing the present V4 stack, what we are seeing today is a cover up at the application layer (with VPNs, SSH, and SSL) to diminish the effect of those exploits. There are innumerous number of machines, features, and protocols using TCP/IP and therefore there is a need for structured methodology for evaluating the robustness of a given TCP/IP protocol stack. The IP stack code is the probably one of the first codes that gets to process the packets hitting an interface in a given device and therefore needs to be robust enough to handle any kind of malformed packet. The objective of this research is to develop a methodology for checking the robustness of an IP-based stack. We cover TCP, UDP and ICMP, the three most popular protocols implemented over an IP stack. Technically, we focus on the information needed for a product testing team to systematically check and estimate the robustness of a given stack. Our primary goal is to structuralize the evaluation process in such a way that a typical product testing team would have the knowledge of what tools to run, the best way to run those tools, what should they look for measuring the impact of the attacks, and possibly how to debug the causes of the impact, which is what the present security literature is lacking. While there are click-able GUI tools that are capable of running various tools described in this document, we focus on analyzing the output of various tools, explaining the "nuts and bolts" of various attack techniques, network setups and metrics to observe. We also explain various mitigation techniques and corresponding procedures. Project Deliverables: A document describing the methodology has been published at Status: Completed |
Guest
(