model until we’ve had an opportunity to review some basic physiological characteristics in the next chapter. So, what’s the difference?

Well, when we look at the historical emergence of computer networks, we find that the very concept of trust was totally submerged within a number of characteristics of an interaction environment that was (and is) termed security. As we will see, the characteristics of security are typically considered individually. The degree to which any particular characteristic is provided is often not considered relatively to other characteristics. Consequently, there is typically not a characterization of the overall level of trust with which a particular interaction environment should be imbued. We will address the concept of a cumulative level of trust in Chapter 5. For the moment, let us consider the foundations of computer networks and their various security characteristics.

Early computer networks were typically provided by a single vendor, the vendor of the computer systems involved in the network. Such configurations were termed proprietary networks. The characteristics of security provided on such networks were typically defined by the characteristics of the computer systems themselves. The idea of heterogeneous networks, enabling the connection of a wide variety of different computers, was somewhere off in the future. It was with the advent of such networks that the idea of computer and network security finally came to the fore. So, let us consider the mechanisms of computer networks as typified by the initiative which ultimately culminated in today’s Internet. This seminal development activity was started within the United States Department of Defense in 1969, at the height of the Cold War exacerbated by the war in Vietnam. The primary networks in use at the time were those of terrestrial wired telephony; telephone networks based on fixed circuit switches. Such switched systems were susceptible to disruption through attacks on the switches themselves. In an effort to guard against a total loss of network connectivity from a highly directed attack, a project to consider the development of adaptable routing networks was started within the Defense Advanced Research Projects Agency (DARPA); the project ultimately developed the ARPANET, forerunner to the Internet.

Paradoxically in view of its origin, within the emergent world of the Internet, security in any guise was not a highly prized design characteristic. The network took form within a rather cloistered environment. Physical access to the communication pathways was restricted, meaning that many intervening personnel and physical access policies of organizations that had access to the fledgling network greatly restricted the presence of malevolent users. The early design requirements of the network were resilience and utility. It needed to survive a nuclear attack and it needed to facilitate useful information interchange and processing. As a consequence, the network was imbued with a significant level of trust by its highly restricted set of users. Only when it was opened to the general public did the deficiencies become obvious.

At the time of introduction of the general network to the public at large, physical connectivity of networks was still mostly through terrestrial wires, the end-points of which were typically in the offices of the telephone company. Thus, they were perceived to be moderately safe from eavesdropping. Indeed, covert surveillance of telephone conversations was usually done at the end points of the circuits; by using bugs in the phone or in the room, as all fans of James Bond movies clearly recognize. However, other techniques such as inductive coupling allow intercepting signals over, say, sub sea cables. Such clandestine technologies were not widely appreciated with the early inception of computer networks in general, and with the Internet specifically. Rather, in those early days, the concern regarding networks was with uptime and ubiquity, not with security. When the threats posed to network traffic were fully recognized, remedial action was the order of the day, not redesign of the basic networks to encompass security characteristics. Consider it an

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)