Hi, everyone, Ed Amoroso here.
I want to start by telling you about something that we had in telephony many years ago,
its called the party line.
Now, I don't mean party as in having candy and drinks and so on, but rather,
it is a kind of thing where a community would
use teleph in a way that if you picked up the phone,
you could hear somebody else's conversation.
That's sort of how it worked. Everybody potentially could be part of a big group,
and you just had good manners,
and you knew that if your neighbor was on the phone, you just didn't use it.
I know it sounds crazy,
but it's something that existed many years ago.
Now, turns out that a lot of the layer two or local area network protocols,
layer two meaning in the context of the very traditional OSI stack,
which also, by the way,
if you don't understand the OSI layered protocol stack,
layer one to layer seven,
take some time and take a look at that,
makes sense for you to go off,
do a little bit of research to understand that.
But at any rate, at layer two,
where you've got protocols such as Ethernet.
the way these things were designed always reminds me of that.
Now, more modern incarnations fixed a little bit of this,
but here's, more or less,
how Ethernet was originally conceived.
Imagine a big wire in front of me,
and there are all these little connections to me, to other computers.
Let's say I'm a computer,
and we're all connected to this Ethernet local area network.
Here's how the protocol of Ethernet was designed to work.
An entity called a frame would be created.
So different packet with layer two.
The frame would be created.
It find its way out onto the wire,
and it go to the first interface and say,
"Hello, am I for you?"
And whoever is at the other end would go, "No,
no," whatever, but most part you'd say no.
They would have an address.
They would have and we call that a MAC address,
and you'd say no.
So go to the next person.
"Hey, am I for you?"
You go, "Nope, not for me." And it comes to me.
Let's say I'm a security hacker,
and I like to read everything,
and I like to see everything.
Comes to me, it doesn't have my address. It says, "Am I for you?"
And I go, "Yeah you are for me. "
I want everything.
I say yes to everything.
It's called sniffing.
Now, that's not a great situation, right?
I'm sure a lot of you have gotten on trains or have
gone to have a coffee in a coffee shop in your town,
and you jump on to a WI-Fi local area network.
And people probably told you,
"Hey, be a little careful when you do that."
And the reason is because for the most part,
somebody can, more or less,
do what I just said,
subject to security that might have been overlaid.
And we're going to spend time in our course here going through it,
but I just want to show you the base technology
and give you the raw situation before we put security.
Does that makes sense? A lot of times people go,
"No, you can't do that." And you go, "Why?"
So, well, because I put the security.
Well, you put the security, that's the whole point.
If you hadn't, you'd have a very different situation.
So most layer two protocols do not have embedded in
them the kinds of protections that you would want to make private conversations,
say, on a train or something using Wi-Fi.
There's another problem, and that's that the native protocols
that we use at almost every layer are not encrypted.
Now, you can encrypt them but they're not natively encrypted,
meaning we designed all these things.
We didn't design it at conception time.
It's sort of like if you're building a house and you want to wire it,
let's say you want to put some wires in your home for whatever reason,
you don't think Wi-Fi is good enough.
You want to put Ethernet.
Would it be better to put that in when you're
building the house while the walls are still off,
or would you want to do it after you've built the whole house and then you overlay?
In cyber security, we call that retrofit.
That's a term that describes an activity that you don't want to do in security,
and the problem is in a local area network setting, for the most part,
the security, the privacy,
the confidentiality has been retrofit.
So the attack here is called sniffing.
And that just means positioning a piece of equipment,
software or whatever onto a network.
You can see our little diagram of Alice and Bob on the little network.
And we see a packet emanating from Alice to Bob,
and you see C sitting there just pulling from the LAN,
pulling whatever, just whatever packet comes,
you just take it, as I said earlier.
You have to have that in mind when you're doing network design,
when you're doing cyber security.
You have to assume,
and there's a little awkward term,
we call it in, some sense, a naked packet.
Now, you might be snickering little bit, but you get the idea,
meaning there's really no protective clothes around it.
The protective clothes being encryptions.
So you have to make that assumption and we have to take
the steps to add encryption, confidentiality and privacy.
They're not natively built in to the base infrastructure that
comprises both public Internet and also
the enterprise networks that you might be using at school,
at work, in government,
in military, whatever networking you're using.
The native case tends to be insecure.
So let's keep that in mind as we think this through.
Native base case generally insecure,
we tend to retrofit on top of it.
If we had our choice,
I'd rather design the security in from the start.
So we'll see you on the next video.
Dr. Edward G. AmorosoResearch Professor, NYU and CEO, TAG Cyber LLC
