Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
esources so that the required real-time <strong>in</strong>teractions of that system with its legitimate peers are<br />
detrimentally impacted?<br />
A basic attribute of network environments is that risks to elements with<strong>in</strong> that system <strong>in</strong>crease <strong>in</strong><br />
direct relationship to the network’s population size. The larger the community of networked<br />
devices, the greater the possibility that at least one of those devices has been constructed with<br />
latent bugs that can be leveraged to compromise that device to directly or <strong>in</strong>directly attack other<br />
parts of the system. Also, the larger the community of humans that can access elements with<strong>in</strong><br />
the total network system, the greater the possibility that at least one of those humans will exploit<br />
bugs either <strong>in</strong>tentionally (maliciously) or accidentally. Hostile electronic attacks may be<br />
conducted by both the corrupted <strong>in</strong>sider (e.g., <strong>in</strong>sider threat) as well as by unauthorized<br />
personnel who have leveraged system or process blemishes to ga<strong>in</strong> unauthorized (remote) entry<br />
<strong>in</strong>to the system. It can also occur by means of accidental mistakes made by authorized<br />
personnel.<br />
Widely used COTS network equipment, such as Internet technologies, is more easily assembled<br />
<strong>in</strong>to large network systems than less popular communications technologies. For example, the<br />
Aeronautical Telecommunications Network (ATN), which is used for air traffic management<br />
systems today, is built us<strong>in</strong>g open system <strong>in</strong>terconnect (OSI) protocols. OSI protocols are rarely<br />
deployed today except with<strong>in</strong> specialized niche environments. Because of this, it is<br />
comparatively difficult to l<strong>in</strong>k ATN systems with other networks to create large network<br />
communities. IP systems, by contrast, are ubiquitously deployed today. Because of this, it is<br />
comparatively easy to l<strong>in</strong>k together IP-based systems with other networks to create large<br />
network environments. A key po<strong>in</strong>t to recognize is that just because an IP-based system is not<br />
connected to a large network environment today, does not mean that it cannot easily be<br />
connected <strong>in</strong>to a large networked environment tomorrow, perhaps <strong>in</strong>advertently. For example,<br />
<strong>in</strong>advertent exposure of allegedly stand-alone (i.e., physically isolated via an air gap) IP<br />
networks to remote Internet-based attacks have occurred many times <strong>in</strong> real life by means of<br />
<strong>in</strong>adequately secured modems located with<strong>in</strong> those allegedly isolated networks.<br />
Widely deployed public networks have larger populations of users than small private networks.<br />
The more people with<strong>in</strong> the network<strong>in</strong>g community, the greater the probability that one or more<br />
of them may pose an attack risk to the elements with<strong>in</strong> the system. The larger the cumulative<br />
number of users with<strong>in</strong> any aspect of the network, the greater the possibility is that a user may<br />
purposefully or accidentally exploit those weaknesses <strong>in</strong> a detrimental manner.<br />
The <strong>in</strong>clusion of the words “aspect of the network” <strong>in</strong> the previous sentence is a reference to a<br />
technical po<strong>in</strong>t that is partially expla<strong>in</strong>ed with<strong>in</strong> appendix A. That po<strong>in</strong>t is that <strong>in</strong> large networkof-network<br />
systems, such as the worldwide Internet, network access control defenses are<br />
established between discrete network adm<strong>in</strong>istrative entities by means of security firewalls [23].<br />
Firewall technologies have significantly improved over time. Unfortunately, so has the<br />
sophistication of attacks aga<strong>in</strong>st them. A class of exploits 3 exist that may possibly circumvent<br />
the access control protections of firewall systems. Should these attacks succeed, then those<br />
attackers could access network systems where they are not authorized.<br />
3 e.g., fragmentation attacks, time-based attacks, HTTP-based (Port 80) attacks, and other emerg<strong>in</strong>g exploits.<br />
23