40 VPNs discussed in the book rely upon sophisticated techniques for combating the man-in-the- middle attack, sometimes relying upon per-packet or time-oriented authentication, or even the quick shifting of keys.

2.4.3.5 Replay attack

A replay attack is essentially what would happen if an attacker were to record a transmission from A to B, even if the attacker is unable to read the message, then replay the message at a later time. Sometimes attacks of this nature can work if used in concert with an IP spoofing assault or even a man-in-the-middle one. Some VPNs combat this threat by serializing the packets, some by encapsulating the IP header as well as the datagram, and some by using synchronized timestamping. A combination of these techniques could also be used.

2.4.3.6 Detection and cleanup

Computer break-in incidents are difficult to detect and more difficult to prosecute. According to the Computer Emergency Response Team CERT, a full 35 of all high-degree break-ins go completely undetected by the system administrators responsible for the equipment compromised; an even higher 85 of all incidents go unreported. Sometimes it is only by accident that an administrator notices the tell-tale symptoms of a break-in. Strange things found in the temporary directory, strange processes running, applications found that were not distributed with the operating system, and users reporting that they are having trouble logging in or have forgotten their passwords somehow are clues. When attackers are careful to clean up after themselves, the odds that someone will notice decrease dramatically. If they are careless or just joyriders, detection is much easier and cleanup is simpler. The biggest gut-wrenching feeling occurs when the attacker seems not to have changed anything. If only a minimal clue to their penetration is left, you can be assured that you need to sanitize—and quickly. For a whole host of security-related documents, including current advisories, check with CERT directly at http:www.cert.org . In closing, always try to be quick to respond to any threat or apparent break-in as soon as you are notified or as soon as you discover it. The faster you are at taking care of things, the less impact there is overall. Even though you are sure to have a restricted budget and inadequate resources for your security efforts, try to follow through with all measures you can take to pursue the attackers. If they think you are too busy or uncaring, they will come back, with better tricks and harsher consequences. Be attentive to what they were trying to do as well as what they did. If you can connect the dots, you may put yourself in front of them, and possibly even catch them. Dont just assume they will disappear or that they didnt really do anything anyway. Just to reiterate: keep good backups, change user accounts and passwords regularly, and develop a registry for access and authentication levels that can be deployed organization-wide.

2.5 Patents and Legal Ramifications

Cryptographic routines are complex mathematical systems, and the people who have created them are experts who have spent a great deal of resources to create and protect their systems.