Just a thought here, would it be possible to redesign network communication from scratch? Given the overwhelming and increasing number of cyber threats(2 million new threats a month) and gigantic breaches whitch are increasing also in size. Would it be possible to do so?
That kind of has been done with the ipv6 specification. But the problem is adoption. People are going to wait as long as possible to invest in ipv6 while ipv4 is working for them. Its just not easy to replace ipv4 with ipv6!
Do I understand it right, if we would switch to ipv6 many the types of todays attacks could be prevented?
It solves a few problems.
IPsec enhances the original IP protocol by providing authenticity, integrity, confidentiality and access control to each IP packet through the use of two protocols: AH (authentication header) and ESP (Encapsulating Security Payload).
"IPv6 can run end-to-end encryption. While this technology was retrofitted into IPv4, it remains an optional extra that isn’t universally used. The encryption and integrity-checking used in current VPNs is a standard component in IPv6, available for all connections and supported by all compatible devices and systems. Widespread adoption of IPv6 will therefore make man-in-the-middle attacks significantly more difficult.
IPv6 also supports more-secure name resolution. The Secure Neighbor Discovery (SEND) protocol is capable of enabling cryptographic confirmation that a host is who it claims to be at connection time. This renders Address Resolution Protocol (ARP) poisoning and other naming-based attacks more difficult. And while not a replacement for application- or service-layer verification, it still offers an improved level of trust in connections. With IPv4 it’s fairly easy for an attacker to redirect traffic between two legitimate hosts and manipulate the conversation or at least observe it. IPv6 makes this very hard.
This added security depends entirely on proper design and implementation, and the more complex and flexible infrastructure of IPv6 makes for more work. Nevertheless, properly configured, IPv6 networking will be significantly more secure than its predecessor."