Online users today are faced with multitude of problems and issues. A typical online user is vulnerable to virus, worms, bugs, Trojan horses etc.; he/she is also exposed to sniffers, spoofing their private sessions; and they are also vulnerable to phishing of financial information. Not only this but users are also constantly subjected to invasion of privacy with the multitude of spy ware available for monitoring their surfing behaviours. If this is not all, users are also subjected to malwares that stop or totally destroy their machines render them helpless. These instances only indicate that the Internet is not a safe place for online users. Users are constantly vulnerable to hacked sessions, attacks and phishes that make them wary of going online. However, the trend does not stop at that. In fact corporations and government sector organizations are also faced with the same problems. Corporate information are being hacked; emails are read; government secret information are subject to security risks and banks are being hacked and millions stolen. Some of the reasons behind such attacks include the weaknesses inherent in the networks of the companies and government organizations; other reasons include carelessness of users. Whichever the case internet security issues have become one of the major concerns for technologists and users alike. There is a great need for understanding the nature of the attacks, the attackers, the networks, the loop holes and the measures taken to counteract them. The following research identifies the various methods and techniques of attacks online and how they expose the users to information theft; corruption of systems; and loss of funds. The research also identifies the various methods that are being used to counteract these attacks and how effective they are proving for the users. Some suggestions are also given for future security measures for networks and network users.
Chapter 1: Introduction
The Internet has revolutionized the way people live today. Activities ranging from access to information to entertainment; financial services; product purchase and even socializing all seem to take place online. Due to its wide coverage and pervasive information collection, millions of people are relying on the Internet for almost all kind of activities. And with frequent usage, they have also come to trust the Internet to provide a gateway for personal, home and office convenience. The basic simple structure of the Internet based on a host of backbones and host servers, however makes it vulnerable to many risks. The hosts vary from supercomputers to personal computers using different types of hardware and software. The common link in all of these hosts is the TCP/IP (Transport Control Protocol/Internet Protocol). This language again is based on simple functionality that is if a host has TCP/IP then it can easily connect to other computers that have same backbones and operating systems. This open technology not only expose the Internet to numerous security risks and pitfalls but it also becomes the real issue for its users. This is because attacks on IP is possible; IPs do not perform robust mechanisms for authentication for packets of data that come onto the Internet. Without the authentication mechanism any data packet may claim it originates from certain address but there is no sure way to check the claim of the data packet. The most important fact is that the higher layer on the ISO/OSI Reference Model lack host authentication such as through cryptographic applications. For this reason it is easy for users to enter into any host and alter/change the content of other users’ systems. Since there is no check for such criminal activities, Internet crime and security breaches continue to rise along with the evolution of the Internet. Yet the Internet continue to grow at a tremendous speed, spreading far and wide pervading all levels of human activities from personal browsing to high definition business activity. Issues of security becomes significantly noticeable when a price is attached with Internet security breach. To name a few instances, companies have gone bankrupt; personal information has been revealed to public domains; national databases have been hacked, and businesses have lost significant amount resulting from espionage etc. These are but some examples of the gravity of Internet Security issue. As the Internet becomes more complex the nature of the problem inherent in internet security also evolved. This is due to the fact that security breakers have also become intelligent, anticipate and undermines the security measures taken. It is also one of the reasons why today many companies and public sector units are considering internet security as part of their risk management plans to avoid financial and business losses. Individuals on the other hand spend huge amount on protection software’s and security barriers such as password protection, authentication etc. Despite these measures, time and again one reads or hears of Internet security breach that has resulted in loss of millions of pounds.
The gravity of the issue of Internet security and its breaches have prompt the researcher to investigate on the various internet security problems that users are facing today. These may range from business explicit to personal in nature. The purpose of this research is to identify the different types of Internet security problems faced by consumers, businesses, government and individuals. At the end of the research, the researcher aims to resolve these problems by recommending solutions and by devising better measures for safer Internet environment.
Readers will find this research valuable for understanding the different approaches attackers to undermine Internet security. Since the nature of the problem is technical in nature lay persons may not fully appreciate the problems and resolution outlined in this research. Instead professionals in the field of Computer Science as well as students and other researchers will find the information more relevant. The research is also generic in the sense that it outlines different problems and solutions so future researchers can use it as a platform for their own projects which may perhaps be more specific in nature. Due to limitations of this dissertation, the researcher has focussed only on major problems while there may be other prevalent problems pertaining to Internet security which may be investigated by future researchers.
Internet security is a subjective issue that needs to be discussed from all type of users’ perspective. Furthermore, the problem with Internet security is that it require identification of the victims before one can categorize the gravity of the problem. For this reason the researcher consider a literature review of the various problems prevalent and faced by Internet users at all levels such as individual, communities, businesses, government sectors and international users. This would allow the researcher to identify the most frequently faced problems. The use of magazines, books and journal articles have been considered ideal for this investigation. In addition references from the Internet sources have also been found to considerably insightful.
Chapter 2: Literature Review
Any person using the Internet is subjected to Internet security and privacy risks. The risk becomes high as new technologies are introduced with holes in programs. Even the anti-virus software that one installs to counteract viruses, bugs and worms tend to become outdated within hours. This is because as soon as new technologies are introduced, software and programs for compromising them are devised and used to hack them.
A look at the following statistics will indicate the gravity of the situation:
“– In 1999, 57% of large corporations and public agencies reported computer attacks.
— It is estimated that only 32% of serious hacker events are reported.
— 62% of organizations had a computer security breach within the last year.
— 30% of companies have reported system penetration by outsiders.
— 57% of companies reported the Internet was the point of entry for attacks.
— 32% of companies reported denial of service attacks.
— 55% of companies report incidents of unauthorized access by company insiders.
— Experts estimate 50-75% of companies connected to the Internet have 20 known security holes.” (Business Wire 2000)
Given the above figures one cannot actually understand the breadth and scope of Internet security. A survey of the different kind of security breaches are listed below. The literature survey will reveal how Internet security has become a major issue for online users whether individual user; corporate or government user.
2.1 IP Spoofing and Session Hijacking
One of the most basic and common security breaches is when a host claims to have an IP address of another host. This kind of attack is called spoofing. Considering the different router access control lists of different systems are connected to the Internet, the only way for receiving computers to recognize its data packet is through the IP address. An attacker may devise and use techniques to spoof IP address and send packets to a host that require certain actions which may be harmful. In addition some applications allow logins on IP address which open the server/host to great risks if the IP address is known to attackers.
On the other hand there are IP session hacking which are more serious than spoofing. It encompass damages at a more serious level as compared to mere breaking entry barriers. Session hijacking refers to the use of toolkits to hijack an ongoing session. The attacker takes over the user’s session and control the session without the user being aware of it; the so called hijacker may change, alter, give commands as the user does and may execute nasty commands. Steve Bellovin (1989) explains this concept as very dangerous if the attacker has access to a host; he/she may login as an authentic user and do anything as a user does (see example in Figure).
Figure1: Session Hijacking
In this diagram the user is on host A, carrying a session with a user on host G. The users are using a telnet session. An attacker is monitoring their progress from host H. He/she uses a toolkit to impersonate A to G. A’s session expires without him/her realizing the reason for it. G on the other hand remains unaware and continue with the telnet activity. In the process of impersonate the hijacker may obtain confidential information for getting into the user’s machine, a local area network or a corporate network.
This kind of problem can be resolved by using telnet-type applications with encrypted versions, the users can prevent potential attackers from taking over the session. He/she may see gibberish script instead of the whole session. He would need a cryptographic key to be able to decrypt the data stream from A to G or vice versa before he/she can hack the session (Gertz 1999).
2.2 Denial of service (DoS)
Between the years 2000 and 2002, sixty percent of UK companies have suffered security breaches while eighty five percent of the US companies suffered from network breach costing some $10 million in damages. This only shows that the number of incidents of security breach is increasing and as the Internet spread far and wide, it would also bring with it more threats and risks for breaches. Apart from the physical security, the Internet is also threatened by software breaches. Denial of Service or DoS is one of the instances of security breach. The concept can be explained as follows.
Most companies have outdated firewalls and network perimeters that focus on specific security models that do not adequately cover all aspects of security. Hackers on the other hand are always on the look out for weak links or loop holes in corporate security system for attacks. A virus, bug, worm or a spyware is sent through packets of information to the victim’s computer at a randomly selected spoofed address. The victim’s computer then sends a response to each of the spoofed addresses on his/her address book. The spoofed address sends out the same information to other addresses. The basis for DoS is that the attacks generate a response from the victims and once the program has a response it continues to distribute to other people on the network creating a chain reaction of responses. Some network takes it slow while others take less than one hour to generate the reaction (PC Magazine 2001). As a result of this, the traffic flow of the network is blocked and the users of the network are denied access of the services available. Some of the recent DoS attacks that have been known to shut down computer systems and networks include the Blaster worm and Welchia worm that infected hundreds of private networks by reproducing itself on the networks of companies. The Welchia and the SoBig.F both spread out by sending itself to a random address in a user’s directory. Once the user download the files and accidentally opens it the process of regeneration starts as the file begins to distribute personal information or replicate emails to any address in the directory. The worm is coded in such a manner that it starts open relays or holes in the email system. As the rate of distribution increases, the network slows down thereby denying company users of services available for that network. The Welchia and SoBig have not only significantly slowed down and denied services to corporate users but due to these actions they have incurred great costs to the companies (Lemke 2003).
Encryption is a method of changing plain text messages from its original composition by replacing or rearranging the letters and numbers and converting the composition into an indecipherable format. This method uses a mathematical algorithm and a key for encryption. The length of the key is measured in bits which determines the weakness of the encryption program. The encryption key may be 40 bits in length but it will generate 1 billion possible keys or combination. For this reason encryption creators use long strings to increase security level (Voors 2003).
There are two types of encryption: the private and public key. Encryption in private key systems use algorithms and a symmetric key to encrypt and decrypt messages. Private keys are considered to be less secure because the same keys are used by both the encryption creator and the person who decrypts. Hence if an attacker even has access to the encryption key he can decrypt the message. In either case it has been observed attackers can access the key from the third party vendor who provides encryption and decryption services, can match and open the messages easily (Voors 2003).
The technology is not a new one and can be traced to the time of Julius Caesar in 1900 B.C. However, recent development in encryption has come about during the World Wars and more recently with the advent of computer era. “In the early to mid-1980s, Phil Zimmerman developed software that implemented the concept of public-key encryption and revolutionized the world’s perception of encryption. Pretty Good Privacy (“PGP”), as the software is called, was released in the early 1990s. The program extended the use of encryption from major governments and militaries to ordinary businesses and private citizens.” (Voors 2003) There has been conflict in the perception of Zimmerman and the government of the use of encryption PGP. The US government considered distribution of PGP to private users and Internet as violation of the Arms Export Control Act whereas Zimmerman considered it as a good way of preventing users from becoming victims of security attackers (Voors 2003).
The use of encryption systems has today spread to various sectors such as businesses, hospitals, utilities and communication companies who are aware of the need for protection of information. For example businesses use encryption to secure customer’s personal information and credit card numbers. A large number of hospitals around the world today encrypt patients’ records to ensure privacy. Therefore, it could be said that the use of encryption at all levels of network users has become common. It is then not surprising when attackers target the encryption method of coding and attempt to “break in” for decoding information. Despite third party regulation and law enforcement to secure encryption systems, nevertheless decryption keys are often leaked to the attackers through the back doors thereby compromising the authenticity of security (Voors 2003).
2.4 Web Trackers and Spyware
Spyware has reached an epidemic level and according to Brien Posey (2004) will only get worse. Approximately 95% of the world’s PCs are infected with spyware and the removal tools used are only effective for a few months. The types of new spyware are released with every new counteractive tool for removing them. There are different kinds of spyware that are used by attackers for various purposes.
For example specific software technology has been devised to track the web surfing habits of users. These softwares have been devised to observe user behaviours for marketing purposes and also to invade the user’s privacy. Despite user outcry of privacy issues, web trackers continue to become prevalent when users are online. Companies devise these web trackers to collect data without the users being aware of it and sell it to marketing companies that target the same users. For example the WebHancer installs a program onto the user’s computer when the user downloads the software. The program is bundled with a host of user applications but in actuality the web tracker is being installed too. The web tracker then monitors the user and sends out report of information such as how long did the user remain on a particular site, usage patterns, personal information etc. to the company that sponsor the programs. Others such as the NetGenesis tracks data from cookies and sends out reports to the program producer (PC-3P Online 2004). There are others still which trick users into installing spyware. This happens when users are surfing the internet and see a pop-up window that intimates Windows error message. Although the Windows error message may look familiar but it differ greatly. Users in a hurry to fix the problem click on the button thinking they have fixed the problem whereas in actuality they have initiated the spyware.
Other forms of spyware that tend to get installed when users accidentally or through trickery visit an infected web page that trigger ActiveX controls. ActiveX controls work on the weaknesses of IE and hence take control over the users surfing behaviour.
There are other forms of spyware that come in the form of emails. Mail programs such as Outlook Express tend to open mail in any of the formats especially in HTML form. A spyware is usually coded in the email message. when the user opens the email it initiates the malicious script to execute the spyware onto the user’s system. To resolve Posey (2004) recommends the use of spyware removers such as Ad Aware and Spybot. However, even after the installation of these softwares the spyware is not removed then it is recommended that the user manually removes the spyware by rebooting the machine in safe mode and go to Task Manager to remove the spyware.
Furthermore, user machines operating on Windows XP have the option of downloading and installing Service Pack 2 which allow users to fix a number of IE security holes including pop up blockers. Alternatively, the users can go to IE zone for guidance on step by step enhancing the security of IE browser.
Not only this but professionals are also of the view that the trend of “packet sniffers” has increased significantly recently. There is little the user can do to prevent hackers from “sniffing” or capturing packet of data containing clear text passwords. One of the reasons why this process has become even more easy for the packet sniffers is that there are tools available for scanning sessions on the Internet that vie for open sessions or open port to enter into the user’s system. Where systems maintain clear text password, the user is victimized the most easily. With new technologies like one-time passwords such as S/Key, PGP, token based authentication devices etc. users can prevent sniffing from happening. They can devise secret tokens and pins, and password-like strings to prevent decryption (Melber 2004).
However, one of the reasons why sniffers continue to have accesses to passwords and secret tokens is that the password authentication protocols are weak. The problem is inherent in the fact that Microsoft operating systems and networks still support legacy authentication protocols. Lan Manager and NT Lan Manager for example support old protocols which create holes in the security system. The decryption keys for these old authentication protocols have features that allow access to the operating system at different levels. Although, Microsoft has revised its authentication protocols for new OS such as NTLMv2 and Kerberos nevertheless the integration of the old protocols into the new ones force new OS to operate and obey commands when hackers enter into the system (Melber 2004).
Kerberos is considered to be an industry standardized and approved authentication protocol for Internet Engineering Task Force’s Request for Comments 1510. Microsoft has added some features to the Kerberos but nevertheless the protocols that is behind this new protocol is based on the old model. According to Derek Melber of Microsoft (2004):
“Kerberos enforces the mutual authentication process by using a ticketing system.
The authentication process is handled primarily by the client, reducing the load on the servers.
Domain controllers share the authentication load by running as Kerberos Distribution Centres (KDCs).
No portion of the password is ever transmitted over the network.
Attackers are prevented from capturing and replaying packets from the network since the packets are time sensitive.” (Melber 2004). With these measures it is expected that Microsoft based products would have become more sensitive to sniffers and packet stealers.
2.6 Information and Identity theft
Despite warnings and precautionary measures users around the world are being victimized constantly. One of the latest trends is information theft on the Internet. The internet has made it easier for attackers to scan personal information such as Social Security and credit card numbers, and use it for their own gain. For example Kristina Stefanova of The Washington Times (2002) reports of scam email messages sent to AOL users claiming to be from AOL billing department. The message says:
“Our records indicate that the credit card information on file for your AOL account is not up-to-date. Therefore, you will need to replace it with another or newer credit card information,” it said. “Outdated information on your AOL account may cause bill processing problems which in some cases could lead to service interruptions and termination of your account.”
The biggest concern resulting from information theft is that as more and more companies are moving online to enhance their services and ease the process of buying and selling, the dollar value of Internet risks have also increased manifolds. For example Thomas Tribunella (2000) notes that more products, trade investments and banks are going online and offer services that require user authentication of personal information. This kind of requirement not only expose the users and the company to online fraud but also disrupt website stability. Hackers are motivated by greed, monetary gain, ego, entertainment and political causes. These factors initiate them to attack individual as well as corporate users by destroying information or stealing information that may prove destructive to the individual users. In such cases it is recommended that firewalls be installed for user authentication, access control lists and installation of dynamic packet filters. Stealing of identity information and financial information may decrease with these measures but does not guarantee its eradication for good (Tribunella 2000).
Related to information theft there is a trend on the Internet whereby web pages are replicated using the same information and encryption as the original website. The user unaware of the fact that they have arrived at a wrong address wilfully enter personal and financial information. This is called phishing. According to Sandi Hardmeier (2004) phishing refers to “creating a replica of an existing Web page in an attempt to fool a visitor into providing personal, financial, or password information.” The hackers behind the phishing technique can send out email to claim that they are from legitimate business or government organization, and require users to enter personal identification numbers, passwords, credit card information or social security numbers that would ultimately allow them to use the information to access funds from the user’s account (See Figure 2: Phishing).
Figure 2: Phishing
A typical phishing email looks like an original email with graphics and message that identify them as authentic. They provide a link to which the user will be transported to the web site that also look like the original website. The only sign that one can detect a fake from the original is that the URL given as a link would differ from the one that opens the browser window. To check whether an email is a potential phishing one can type the URL of the company into the browser address bar. If the icon on the page where the link is similar to the one sent in the email then it is an authentic email, not a phisher (Hardmeier 2004).
2.8 Virus, worms and Trojans
According to Michael Durkota (2005) of US-CERT “Trojan horses are one of the most malicious programs to infect any computer. Even though there are different kinds of removal tools available on the internet, the chances of identifying the right program for the specific Trojan is difficult and by that time the virus would have infected the whole computer.” (Durkota 2005) Internet users are exposed to the Trojans easily as it target online users who are connected to the Internet (network of networks). A computer that does not have an anti-virus program is likely to become infected with Trojans horses especially through emails and internet explorer. Some of the measures for preventing Trojans from entering by not opening unsolicited attachments in email messages; unsolicited links; using updated anti-virus software; use an internet firewall and keeping the system patched.
Similarly malware like MyDoom, ILOVEYOU and Blaster worm all have been designed to infect user machines by shutting down their systems. The most important aspect of these malwares is that they are intended to particular program type such as Microsoft and therefore corrupt all executable files related to it. The MyDoom Worm for example has “successfully infected enough victims in order to shut down SCO’s web site, followed by new variants that targeted Microsoft’s web site.” (Dancheve 2004). Malware authors are aware of the advanced computer users and also know how the Internet works. Although they do not cross the line of the law but nevertheless they can do great harm to the users by infecting the Internet with the Worms which spread quickly through interface browsers, instant messaging and emails. Email attachments, file transfers, browsing web pages which initiate ActiveX all are vulnerable to malware being attached to them (Danchev 2004)
2.9 How to Prevent Internet Security breaches?
2.9.1 Data encryption software
The Internet as mentioned earlier runs on proxy servers and through host servers. The proxy servers serve as the hub for application services that allow a variety of protocols such as Telnet, SMTP, FTP, and HTTP etc. to transfer information. Host servers on the other hand uses these services but are not connected directly to other servers. in case of the proxy server application, the client connects with the proxy server that initiates the connection to the external server. In some cases depending on the type of proxy server used, the internal clients can perform redirection without the user being aware of it. The proxy server then initiates the connection through specified format. This prevent the users from being attacked by external servers as proxy servers require authentication before access is granted. The access control list protocol has to be updated before the user or system is allowed to have access to the network. More sophisticated proxy servers, called Application Layer Gateways or ALGs can further enhance security by configuring and blocking subsections of protocols. For example an ALG for FTP can allow “get” command and disallow “put” command so that the users cannot put any files on the remote server. This type of filtering of commands is effective as compared to the host servers that only has the capability of fully allow server to interact with other servers/users or totally deny the service (Fraser 1997).
Another method of protecting users from being attacked through servers is to protect secret tokens and PINs. Professionals in the technology field recommend users to use upper and lower case characters with digits and special characters when assigning passwords for access on public domain. This is important as it would prevent access through hardware devices and software as well. The secret Pretty Good Privacy key is another method of unauthorized access. Cryptography products such as PGP ensure the user is not attacked by providing encrypted connections between two location points on the Internet (Fraser 1997).
2.9.2 Anti virus softwares
From time to time one reads of malicious bugs and viruses like Melissa and Love Bug that run in email script and target the users by entering their systems and destroy programs etc. One of the reasons why bugs and viruses easily access users’ system is due to the fact that these target Microsoft products such as Internet Explorer and Outlook Express The most common interface among consumer IE is not only vulnerable to attacks but it is also being targeted by perpetrators. Outlook for example is a weak tool as it automatically opens email as read when a user clicks on a new email. As a result the virus is triggered even when the user attempts to delete the unsolicited email by clicking on it (Aspinwall 2000). Aspinwall also writes (2000) “The chances of a computer virus getting to your system may be less than 1% or greater than 10% depending on where you surf, who sends you e-mail attachments, etc., but eventually a virus will get close to you–if not actually destroy data and thus rob you of hours of hard work.” For this reason there is more reason for taking precautionary measures for virus attacks.
To resolve Aspinwall recommends users to install anti virus softwares such as McAfee, Virus Scan, Virex, Norton AntiVirus, Trend Microsoft pcCillin etc. or any other products that serve the same purpose. Furthermore, the user also has the choice of using Netscape as an interface and Eudora for email browsing. These products though may not support all of the services that Microsoft has to offer but they do prevent viruses from attacking the whole system. Eudora for example is a safe email browser and can be used to control unsolicited emails as well.
2.9.3 Digital signatures
One of the most important and critical aspect of digital communication is that the Internet does not offer secure transmission. Online email sessions especially are being hacked and emails read o a regular basis. Hackers can sniff open sessions and acquire passwords in text form; they may hack into corporate accounts through scanning tools for generating passwords protected email accounts etc. To counteract these instances of security breach, digital signatures have been created through Public Key Infrastructure or PKI (Kolodzinski 2002). The PKI is basically a digital data transmission tool for secure Internet interaction. The PKI relies on encryption comprising of keys to protect the digital information. The integrity and confidentiality of the digital information is ensured as it is only accessible by the intended receiver. The sender has a public key that can use to encrypt a message; the message is then sent to the receiver. The receiver as a private key which he can use to decrypt the information. The PKI is certified, issued and managed by local certification authority. This way only the sender, receiver and the certification authority can have access to the information being sent. Today there are various kinds of PKI and managed by a host of certification houses. According to Oscar Kolodzinski (2002) despite the positive side of PKI, the technology is not without pitfalls of its own. One is that the PKI certification is not a guarantee that information will not be accessed by third party users. Instead it merely guarantees that the company that issues the PKI will protect the keys issued to the users. A host of PKI companies such as RSA Security, Entrust, and Verisign have become and announce themselves as digital certification authorities whereas this fact has not been acknowledged by the government or any official entity. For this reason there are number of corporations that do not fully embrace PKI as they know that the freeware version of the tools are available to everyone and it is difficult to stop attackers from devising ways to enter into the certification hub and access keys data.
2.9.4 Digital Certificates
Digital certificates are one of the most widely used security techniques. They are provided by third party certification authority that verifies the applicant’s identity and generates certificate for legal transactions. The certificates ensure that the electronic message such as credit card information and other personal details are not tampered during transmission on the Internet. The digital signatures rely on encryption algorithm for scrambling and unscrambling of the same. The two most common security protocols in digital certification is SSL (secure sockets layer) by Netscape and SET (secure electronic transaction) by Visa International. These have been developed to ensure that credit card users’ security when they are trading online. the SET uses digital certificates to identify the buyer, server and merchant bank. In this regard the SET employee’s public key cryptography to secure the messages (Tribunella 2002). A typical digital certificate would contain:
* “Serial number
* Information about the certificate holder
* The certificate holder’s public key and corresponding private key
* Information about the certifying authority
* The certifying authority’s digital signature
* An expiration date. ” (Tribunella 2002)
One of the most commonly used methods of security measures for the Internet is firewall. Firewalls have maligned with bad reputation for not implementing security policy at the network level. In reality firewalls do provide certain level of protection and help organizations to enhance specific machine security. Not only this but firewalls are easy to use, cost efficient and not complex to install (Aspinwall 2000).
A firewall basically operates on multilevel security by first erecting a wall between the network that is the private network and the Internet. The firewall then monitors the traffic with specific characteristics and allow it to pass through gateways to the user machine. When digital traffic does not comply with the firewall criteria, then the information cannot pass through the gateways thus preventing unauthorized traffic such as viruses and bugs from entering into the computer. the most important part in building a firewall is setting criteria for packets to have access or denied at the gateways. Depending on the nature of the traffic network administrators can establish the kinds firewalls (Aspinwall 2000).
Another aspect is that firewalls are not always specific to one machine if they are created for a network. Hence the configuration of routers, network segments and host computers to build effective firewalls is essential. The use of different components, filter routers and proxy servers further limit the administrator’s scope for defining firewalls for a particular network. For example the router may move data back and forth depending on the categorization given to it. Suppose packets are designed to move to A and B machines but sometimes are also required by C machine. Then putting up a firewall to block C altogether will reduce the firewall’s functionality and usability to the network user C. For this reason, firewalls are not considered an ideal tool for internet security but it is nevertheless one of the most secure (Aspinwall 2000).
2.9.6 Security Tools
Apart from the above, there are bundles of programs that users on the Internet can prevent, block and control unwanted connection activity. Examples include ZoneAlarm, Norton Internet Security, BlackICE Defender, Sybergen Secure Desktop and McAfee Personal Firewall. These products are ready made products that have been vouched for by experts (Fraser 1997; Aspinwall 2000). These products are simple and effective and save time for the users without going to the hassle of configuration etc. For DSL users, Watchguard SOHO has been considered to be an effective hardware firewall that allows the user to share one DSL or cable line with multiple PCs while choosing levels of filters according to the user need. It filters by blocking undesirable web sites and tells the user that the site has been blocked and a log of the incident is sent for review. The product comes under a one year subscription and allows high level of internet privacy without compromising the integrity and confidentiality of the users.
Apart from that there are privacy protection issues at work such as harassment of information, discriminatory, email privacy issues etc. that may be addressed by the network administrator and IT in-charge of the company by configuration it with a private program or firewall (Fraser 1997).
The most common threats to the user on the Internet is through the most frequently used programs. For example the use of IE for browsing and Outlook Express for email are two of the most targeted software because these programs can execute ActiveX programs in Web pages. Hackers have anticipated the way IE and Outlook operate by devising ways to induce users to download and execute destructive programs to the user’s machine. For this reason Microsoft has devised security patches and updates for its programs and operating system such as Windows 98 and SE, Windows 2000 and XP etc.
2.9.8 Surf Anonymously
According to Aspinwall (2000) users can avoid attackers by surfing anonymously. Surfers tend to user either IE or Netscape for their browsing purpose. These browsers not only are most commonly used they are also vulnerable to online attackers. For example they may give out information that are stored as Cookies or become lodged in the machine’s cache. Personal information such as passwords, data shared, mailing lists or credit card information etc. remains open to the attackers as long as the user is online and not logged out of the website. Similarly, there are websites that launch secret programs to advertise or spy on user activities called Fries that become lodged into the browser. These are designed to read keystrokes and logged for advertising uses. To avoid Fries and other spyware from being lodged into the system Aspinwall recommends:
Elizabeth Amberg (2000) in her article on Software Focus on Security outlines the use of Window Washer from WebRoot which help to support the up-to-date versions of Web browsers so that it help to remove unneeded system files and temporary files from programs which in turn help to protect user’s privacy. The use of Windows Washer help to delete documents and Internet tracks from overwriting of data up to 10 times with random characters. Similarly DiskLock from Power On Software also help to lock files and encrypt programs that offers various types of encryption of various types including DES, SCSI devices and IDE drives. This is especially designed for public computers where the network has centralized workstations and multiple users but nevertheless it still require high level of security system to prevent unauthorized user access to the mainframe. The intuitive interface makes the encryption and decryption process easy for data protection with the use of hot key screen locking options. For example:
“School network administrators require security at the network, session, and application levels of their systems. For those using the Windows NT platform, Novell offers FireWALL for NT, a directory-enabled security product that integrates Internet security features with network bandwidth management functionality. The easy-to-use solution ensures that critical traffic receives priority during peak network usage, while the school’s Internet presence remains secure.” (Amberg 2000).
Other software security programs include FireWALL for NT; NetWare server; LabExpert; Cyber Patrol; and eSafe Enterprise filters etc. help ensure Internet security for users and servers alike.
2.9.9 Family Security
Apart from the above technical aspects of Internet security, users nowadays have also been complaining of the increasing pornographic sites, gambling sites and the like which are not suitable for young surfers. These web sites, according to parents and educators corrupt the new generation as youngsters are exposed to adult content at an early age and become influenced by them easily. To resolve parents can protect children from becoming exposed to explicit content by using filtering software that does not allow youngsters to enter the websites restricted for adults only. Programs like ChatNanny, NetNanny and CyberSitter all spy on the user’s activities to help parents to block out unwanted websites.
Alternatively, parents can use family ISPs that already dedicate filters for family related websites and aid parents in monitoring children’s internet activities.
2.9.10 Intrusion Detection Systems (IDS)
As hackers follow prevention technologies, sophisticated detection tools must be devised in order to counteract security breaches. The use of IDS is among the latest technique of detection of unauthorized access. The classification of intrusion detection systems fall into two broad techniques. The first one detects anomalies and explores intrusion associated with deviation from normal system or user behaviour. The second method uses signature detection to discriminate abnormal patterns or signatures. The methods have advantages as well as disadvantages as application software for detecting online security breach (Kazienko & Dorosz 2004). (See Figure 3: Classification of Intrusion Detection Systems)
Figure 3: Classification of Intrusion Detection Systems
Firstly when one considers the intrusion detection issue, the systems have to be categorized whether needs to have IDS (individual based) or HIDS (host based). Once this has been established, then the whole segment of the local area network can be configured accordingly. For example systems that monitors incoming connection attempts such as RealSecure Agent, PortSentry help detect unauthorized connection attempts to TCP or UDP ports using port scan tools.
Other type of HIDS help to monitor network traffic (packets) that attempts to access the host. The systems can be protected by intercepting the suspicious packets and detect the packet. (Kazienko & Dorosz 2004).
Apart from these the IDS is also help systems to monitor file system integrity; check privileges through LogCheck; monitor register state for Windows platform etc. Similarly, the network based type of IDS called NIDS are often used for local network detection. It has similar features that detect suspicious packets that reach the network through interface browsers or operating systems.(Kazienko & Dorosz 2004).
Similarly, there are Computer Misuse Detection System (CMDS) which are built-in system for analyzing logs to detect abnormal user behaviour. The ACID (Analysis Console for Intrusion Databases) is a PHP based analysis engine that search databases for activities that deviate from the usual traffic behaviour. Packets are analyzed down to their payload to identify similar or matching packets. Alerts are the sent out to the administrator who would perform a verification of the system events. Although this is a tedious and long analysis of the network traffic coming in or going out nevertheless it ensures greater security even if the packets are encrypted using algorithm (Kazienko & Dorosz 2004).
Chapter 3: Analysis and Conclusions
Computer security is a serious issue and has grave implications such as unauthorized access to the system, destruction of information and damages in monetary terms. Security vulnerability is subject to how weak the network is and how sensitive it is to security needs. A corporate intranet is vulnerable to the external environment as it has to be connected to partner or customers to complete transactions. Security vulnerabilities arises when the weak link result in problems and extensive damages to the users.
Security vulnerabilities is basically a flaw in the computer system that can result in security breaches. Vulnerabilities can arise from encryption, policy oversight, logic error and internal spying etc. Others include deficient passwords, sabotage, theft, network protocol design and eavesdropping (Grippo and Siegel 2001). Unauthorized access may result from application or operating system code theft. This is usually the case when there is an architectural problem or deficient security design. Specified action must be formulated for each vulnerability and security features to ensure that it is not altered by attackers.
Proper and effective network security provides the following:
* “Accountability–proof that an intended transaction indeed took place.
* Confidentiality–protection of confidential information from an eavesdropper.
* Integrity–assurance that the information sent is the same as the information received.
* Authority–assurance that those who request data or information are authorized to do so.
* Authenticity–assurance that each party is who they say they are.” (Grippo and Siegel 2001)
In the above the author has mentioned a variety of attack techniques employed by hackers. These include:
Denial of Service
Information theft etc.
In any case, Internet security result in financial and user liability. Measures for counteracting the computer security must be identified before hand so that effective security measures can be taken. These include:
Physical security include limiting users access to specific files; restricting public information about the network; enforcing user policies; creating awareness; locking access to network when there is a problem in the interface and locking critical equipments from attacks.
Systems must be logged and monitored constantly for any kind of suspicious patterns or IP addresses that would help identify hackers.
Security software as mentioned earlier takes care of filtering viruses as well as prevent the systems from unauthorized access.
Firewalls according to experts can actually reduce the level of security breach by examining IP addresses. This method of filtering and monitoring data packets help in limiting intruders from accessing the local area network and servers from the Internet (Grippo and Siegel 2001).
From the above literature it has been observed that hackers tend to attack users and corporations based on the weak infrastructure rather than the software and tools they use. Infrastructure makers like Microsoft often rely on similar platforms and typologies. Even the security measures used to detect malware, viruses, bugs and spyware are based on the same logic of seek and destroy. It does not actually address the problem of technological platform. Similarly, most hackers target Microsoft products and applications and hence devise programs to destroy the application software and users accordingly. As Microsoft increases its products and services, newer methods and techniques are also being created to seek and access into these services. Users on the other hand are unaware of the mind and technological games that hackers and producers are playing, continue to purchase and use the same products all over again. This place them in a highly vulnerable position.
Furthermore, with the proliferation of new techniques for tampering and breaching security hackers are also learning of user behaviour and how they react or respond to certain online activity. For this reason hackers are becoming smarter in devising new techniques to initiate their malware and viruses. The use of trickery to initiate ActiveX based programs as well as email to trigger the chain reaction of viruses not only increase the vulnerability of the Internet but it also increases the risks to the users. Anyone going online is most vulnerable unless he/she adopts measures like firewalls, encryption of information, anti-virus programs to protect them from these attacks. Yet despite these measures, as one observe there is no guarantee that the users are protected from the malicious activities of hackers.
The problem is not only inherent information theft or invasion of privacy. The implication of Internet security breach grave as it encompass the hacking of financial information that may result in loss of billions of pounds. In cases where hackers enter corporate or national networks through the Internet, it can render the nation crippled by destroying the network or shutting it down. These cases although have not been so prevalent in the UK as compared to in the US nevertheless the potential of its proliferation is great. For this reason it is critical that users whether government, corporate or individual take precautionary measures. To resolve there are a number of tools, techniques and methods available, not to mention the technologies available.
However, the major concern is not to increase the number of tools, techniques or methods but rather to design an effective infrastructure that discourage potential attackers. Even with the latest technologies corporations are being victimized on a regular basis upon various reasons including espionage; greed; monetary gain; or revenge etc. At a individual level, users are being victimized because hackers are keen on studying user behaviour, invade privacy, mischief or simply to beat the challenge of having control over the online user. These instances only indicate that with the development of new technologies, even newer technologies will be devised to counteract the security measures. This is evidence in the article by Brent Wible (2003) who notes that hackers are holding contests to compete against security measures. These contests basically motivate hackers to devise better ways and measures for detecting holes in programs and email programs to attack the users. Given this scenario it is therefore imperative that security creators note the trend and pattern of hackers’ behaviours and attitudes.
Not only users should take heed in understanding the need for enhancing security measures when going online but also to promote it by creating awareness and adopting security programs and infrastructure that deter perpetrators from entering into their systems. This however does not so practical for the corporate or government users because of the fact that government and corporate networks operate on a different level; their security measures are also different and require extensive investigation of holes before they can create security measures for connecting with other networks or the internet. For example corporations cannot merely ask users to install anti-virus for protecting itself from potential malware. Instead it would have to evaluate its network infrastructure, the degree of connectivity to the Internet and the number of users involved; it would have to also take into consideration of the user’s convenience, information transmission, session durations and the kind of information allowed to be transmitted. For most of the corporate users experts recommend encryption of databases as well as its transmission.
The choice of encryption depends on the level of security needed and the flexibility requirement. Once these parameters have been established, the corporate network administrators can then devise a plan for the kinds of software, spy bots and antivirus for its networks. However, the process does not stop here. Corporations are also vulnerable to new technologies. Attackers use new technologies and at times steal it from the corporation itself (espionage). For this reason the task of securing a corporate network is ongoing and cannot be stopped entirely.
Similarly at the government networks too is vulnerable to the above attacks apart from attacks from enemy countries. One of the reasons that has become revealed from the literature review is that most of the networks are based on known platforms. Hackers detect and know how to enter these platforms which make the individual networks even more vulnerable to attacks. In the researcher’s opinion, technologist should be looking out for new platforms that is encrypted and not open to hackers rather than engage in devising new methods or technologies for addressing individual problems.
Chapter 4: Recommendations
4.1 Rationale and Considerations
Looking over the trend in the past years on Internet security one observe there has been a rise in increasing complexity and vulnerabilities; changing environment which has brought with it new risks; greater connectivity and exposure to the mainframe environment; growth in internet abusers and law violators; democratization of internet empower abusers etc. These instances have rendered traditional security approaches less useful to the victims as the complex and fast changing security environment has become exposed to the attackers as soon as new technologies are implemented. Effective security involves the obtainment of technology and apply risk reduction practices that foresees the attackers’ perspectives as well as the application users. According to David T. O’Neill and Peter S. Tippett (2001) Internet security should not only meet the challenge of organizational needs but also to foresee the future of internet economy. Information integrity and confidentiality is therefore inherent in the adopting security programs that is risk-based, holistic, dynamic and pragmatic. By this the authors mean:
1. Risk based: Protecting against every known threat that is physical or software related so that it is impossible for attackers to use the same resources as the organization to attack. Organizations must acknowledge that risks are liable to come in some form or the other and hence must transfer the risk to mechanisms for covering it such as insurance.
2. Holistic: Organizations must realize that they are always faced with multi faceted. Critical data and systems must address risks at all levels such as electronic threats, malicious coding; physical security; human threats, privacy risks; and downtime. To counteract security programs must address the need of disciplinary tools for addressing these aspects and others besides.
3. Dynamic: Good security means it must be dynamic in process to address the changing technological and physical environment. One must understand that information flow needs to be steady and yet be protected from perpetrators and threats. And for this reason, security programs must address the ever changing nature of threats and risks.
4. Pragmatic: Last but not least all security endeavours should be with the view to support users without imposing high costs. Furthermore security should not be implemented at the cost of productivity or time of users. Overly restrictive controls or unnecessarily stringent control tend to increase cost of technical support for addressing risks (O’Neill and Tippett 2001).
Apart from the above consideration should not only focus on the types of technologies that would prevent the attackers from recurring the hacking activities but it must also address the issue of deterrence. Brent Wible (2003) in his article on hackers writes:
“Computer crime comes in many varieties, including online theft and fraud, vandalism, and politically motivated activities. Other hackers simply try to break code, seeking challenge, competition, and bragging rights. Whatever the motivation, intrusions have serious costs. At the very least, a violated site must patch the security hole. Even a non-malicious trespass disrupts the victim’s online services while the breach is fixed. Not knowing whether or not a breach was malicious, companies generally expend resources investigating the matter, often hiring private investigators so that they do not suffer reputational loss. If other hackers become aware of the site’s vulnerability, a non-malicious hack may be the precursor to more malicious attacks. Finally, considering the gravity of the risk, attack victims may change their behaviour, becoming reluctant to put valuable information online.”
To resolve private users, companies as well as government should take approaches to deter criminal activities on the internet to make it a safer and secure place for individuals to come online. Wible propose the adoption of the Beckerian framework in which the policy makers should take concrete steps in formulating procedures and disciplinary measures for addressing deterrence. Keeping in view of the social norms, the monetary costs, the social architecture and the prevalent crimes, the government should take legal actions to define criminal activities and deterrence, and devise measures for disciplining them accordingly.
Alternately, civil actions should be taken. Before that the kinds of liabilities must be address in order to track the source of liability. Wible notes there are four varieties of tort liability:
a. hacker liability
b. ISP liability
c. Security company liability
d. liability for victims who fail to take private precautions (Wible 2003)
For each of these tort liabilities, the law should make provisions for responding to computer crimes and resolve the programs that the majority of the population is facing. Security software is not the only way to resolve the issue. Behavioural as well as legal constraints must also be taken into account to address the solutions for virtual crimes. Dorothy and Peter Denning (1997) have argued that “the solutions … cannot be achieved solely by technological means. The answers will involve a complex interplay among law, policy, and technology.” And “Because sophisticated hackers are not susceptible to regulation through code, code must be supplemented to deter computer crime. Even in Lessig’s own terms, code must be complementary to the other “modalit[ies] of regulation”–law, social norms, and the market. Yet it is precisely these mechanisms that have proved unable to constrain illegal hacking effectively.” (Wible 2003)
Apart from the civil actions, individual, corporate and government users must also take into consideration of devising new infrastructure that is more secure. The focus should not be on how to eradicate hackers but rather on how secure it should be. This would leave the architect to devise infrastructure that minimize holes in the new infrastructure rather than on devising security measures. Once the infrastructure has been created, the users can then detect the holes and create ways to prevent unauthorized access. This can be done by using the different software available or by devising new ones based on the new structure. No doubt this suggestion does not guarantee ultimate security but it would minimize the chances of security breach when the entity goes online.
The biggest threat online is unauthorized access of information that if used would result in financial losses. As more organizations go online the implication of such information loss is grave. the result is that users will become internet shy and will not transact online whether for purchasing purposes or conducting online banking etc. The net result is that trade and businesses would not flourish; and loss of user confidentiality. To resolve security policy makers as well as technologists should devise measures that would address the importance and use of secure transmission such as through encryption of information even in ordinary online session. This would help prevent the hackers from decrypting information as and when he/she feels like. Not only this but policy makers should also ensure that encryption service providers abide the law and not leak out encryption keys or information to other “buyers”. Certification authority must be set up to deal with this issue so that users gain confidence in the Internet’s integrity and security.
Aspinwall, J. 2000, The Complete Guide to Internet Privacy. Mother Earth News. October 2000. p.32.
Author not available, 2001 “Internet Security and Computer Security Problems” PC-3P Onl