‘How does the internet work?’ Is a question that defies a simple, short answer… ‘Because it does… ‘ may not satisfy the more inquisitive… a lesson I have learned. However, if the question was more on the lines of ‘How does the Internet work at its most fundamental level?’ Then the answer lays in the communication foundation of the Internet, and that answer would simply be ‘TCP/IP’.
It would be at this point in the conversation that the obligatory whiteboard and an array of colored pens would appear, as I eagerly instruct my inquisitive (foolish) student on the length and breadth of Internet protocols, blissfully leading them to a place of regret and despair.
So what is TCP/IP? And should I really care?
TCP/IP was invented by the pioneers of ARPANET way back in the 70’s, (with support from the US military) the predecessor of today’s Internet. TCP/IP is used by everything currently connected to the Internet including the device you’re reading this on.
TCP/IP or ‘Transmission Control Protocol and Internet Protocol’ provides end-to-end connectivity specifying how the data should be formatted, addressed, transmitted, routed and received at the destination. TCP/IP has been enhanced over the years but the basic protocol hasn’t really changed since it was first specified by our flare wearing boffins in 1975 in RFC 793 ‘far out… ‘
So what’s the problem with TCP/IP?
Well, nothing, so far as the protocol itself works and is reliable, guaranteeing delivery of data packets in the order they were sent. It functions exactly as it was designed to do. The protocol was produced some 40 odd years ago and it is testimony to the ‘Elders of the Internet’ that it has endured for so long.
TCP/IP would continue to the defacto standard of the Internet if the Internet was not a playground for criminals and hackers determined to undermine it through cyber-crime for example.
Security is now at the top of most businesses agendas, and that’s where it should stay, given the speed of change and the sophisticated techniques used by modern cyber-criminals.
Security, then is one of the key drivers for change…
So how do we make things more secure?
We are all used to application level security such as AntiVirus and Internet Security packages and the like. These products essentially ‘prevent’ or ‘pro-actively’ deter security vulnerabilities at the application end, usually where a human is involved and is often the last step, and also the weakest link, in the security chain.
But what about at the protocol layer? Could there be a way of making things more secure at the lower levels and thereby augmenting the security at the higher layers?