3.9 Proprietary Protocols
Anyone can invent and deploy a new protocol. Indeed, that is one of the strengths of the Internet. Only the interested hosts need to agree on the protocol, and all they have to do to talk is pick a port number between 1 and 65535.
Many companies have invented new protocols to provide new services or specialized access to their software products. Most network services try to enforce their own security, but we are in no position to judge their efforts. The protocols are secret, the programs are large, and we seldom have access to the source code to audit them ourselves. For some commercial servers, the source code is available only to the people who wrote the software, plus anyone who hacked into those companies. Such problems have hurt several well-known vendors, and resulted in the spread of dangerous information, mostly limited to the Bad Guys.
But hacking into a company isn't necessary if you want to find holes in a protocol: Reverse-engineering software or over-the-wire protocols is remarkably easy. It happens constantlywitness the never-ending stream of security holes reported in popular closed-source commercial products.
The following sections describe some popular network services.
RealAudio was developed by Real Networks and has become a de facto standard for transmitting voice and music over the Internet. In the preferred implementation, a client connects to a RealAu-dio server using TCP, and the audio data comes back via UDP packets with some random high port number.
We don't like accepting streams of incoming UDP packets because they can be directed at other UDP services. Though UDP is clearly the correct technology for an audio stream, we prefer to use the TCP link for the audio data because we have more control of the data at the firewall. Though RealAudio lacked this at the beginning, a user can now select this connection method, which is consistent with the convenient and generally safe firewall policy of permitting arbitrary outgoing TCP connections only.
3.9.2 Oracle's SQL*Net
Oracle's SQL*Net protocol provides access to a database server, typically from a Web server. The protocol is secret. If you trust the security of an Oracle server and software, this secrecy is not a big problem. The problem is that the server may require a number of additional ports for multiple processing. These ports are apparently assigned at random by the host operating system, and transmitted through the main connection, in a mechanism similar to rpcbind. A firewall must either open a wide number of ports or run a proprietary proxy program (available from some firewall vendors) to control this flow.
From a security standpoint, Oracle could have been more cooperative, without compromising the secrecy of their protocol. For example, on UNIX hosts, they could control the range of ports used by asking for specific ports, rather than asking the operating system for any arbitrary port. This would let the network administrator open a small range of incoming ports to the server host. Alternately, the protocol itself could multiplex the various connections through the single permitted port.
The security of this particular protocol is unknown. Are Oracle servers secure from abuse by intruders? What database configuration is needed to secure the server? Such questions are beyond the scope of this book.
3.9.3 Other Proprietary Services
Some programs, particularly on Windows systems, install spyware, adware, or foistware. This extra software, installed without the knowledge of the computer owner, can eavesdrop and collect system and network usage information, and even divert packet flows through special logging hosts. Besides the obvious problems this creates, bugs in these programs could pose further danger, and because users do not know that they are running these programs, they are not likely to upgrade or install patches.