Examination Of The Threat Of Internet Security

Essay, Research Paper EXAMINATION OF THE THREAT OF INTERNET SECURITY The threat of Internet security is an issue of growing concern. In the last decade, the number of computers in use has exploded. For quite some time now, computers have been a crucial element in how we entertain and educate ourselves, and most importantly, how we do business. Research indicates that approximately ninety percent of all computer systems are insecure and hackable. This report points out areas of vulnerability and areas of common security leaks, such as, chat rooms, e-mail, browsers and modems. The report substantiates the reasons for the growing concern and recommends ways to tighten Internet security as well as ways to reduce the risk of Internet hacking through the use of security devices including, but not limited to network firewalls, password audits, encryption and security scans. Internet security is a tool utilized to protect customers and educated employees. Not securing company information on computer systems costs a business in both dollars and customer trust. Although no one is ever one hundred percent secure, if companies keep the security software up-to-date all the time, the chances are much lower that they will be hacked. Internet security has never been more complex, especially today with Internet telecommunications infrastructures crossing ground, air, ocean, and space. Within the last five years, businesses have begun to need to share data across wide areas. Unlimited new types of hacking crimes are possible. The Internet has become a playground for CYBER HIJACKERS, HACKERS AND TERRORISTS. The Internet is a tempting network for crime because of the following: No global regulation No “finger prints” or traceable unique digital ID s that are always ON and non removable on computers today. A general lack of experienced security IT personnel Errors/bugs created by software vendors create security holes Lack of technology understanding on the part of the average user who is an easy prey. Easy access to the Internet from anywhere makes it harder to control. Online security is a concern and if not correctly implemented, it can become a problem: protecting businesses digitally is now as important as protecting them physically. Employees – Set-up Internet security guidelines Make certain that employees keep strategic business information out of Internet chat rooms and E-mail messages. Secure your E-mail with encryption service. Encryption services ensure that other people can not view the information contained therein. E-mail – Recent virus attacks have illustrated how macro and script code could spread easily through e-mail attachments, and people were advised to avoid opening potentially dangerous attachments. However, Windows users can also spread viruses without opening attachments. While updating the virus detection software is very important, it is not a complete solution for this problem. The flaws in the software also need to be corrected. Denial-of-service e-mail attacks There are two types of denial-of-service e-mail attacks: ping-pong auto-responders, which are simply return addresses, and cascading confirmation receipts. Both instances would result in an infinite amount of redundant e-mail traffic causing networked computers to disconnect or just crash. Computer hackers look for computers that are permanently connected to the Internet and that are not protected by firewalls. Modems – Business security measures can be rendered insufficient if a modem is attached to a networked computer. An employee connected to his/her computer through the modem bypasses the firewall, and has access to the entire company computer network. Unfortunately, this practice is entirely too prevalent and well known to hackers. A determined hacker encountering an Internet firewall will typically first try to go around the security by finding an unprotected modem on a networked computer. Unauthorized modems pose more threat on an organization s security than ever before, largely as a result of the evolution of computer networks. Browsing the Web – Use a proxy service or browse anonymously Hackers can get to your business through your employees home computers too. Every click made with the mouse is recorded. And while the information that is recorded is not always used against the user, he/she is probably giving away more information about the organization than suspected. Computers on the Internet are identified by their IP addresses. Those with dial-up Internet connection receives a new IP address each time making it more difficult for the hacker to track, but those with a permanent connection to the internet run a higher risk of the hacker being able to access their information. With IP addresses as a key, hackers could compile anything from credit card numbers to customer data that has been input into Web forms. Chat Rooms – Most chat rooms do not implement serious security policies and clearly defined boundaries of chat room behavior. Too many chat rooms have become nothing more than a fertile hunting ground for the worst the Internet has to offer including: con artists, stalkers and malicious hackers. Employees and personal computer users should only utilize secure chat rooms accessible by registered users only. All identities of registered users are known to the chat room s administrator. Knowing with certainty the true identity of the registered users is the only way to effectively create “user accountability.” Because chat room “predators” want to escape accountability, the greatest majority of them run from any web sites that requires confirmation of their personal information. However, to get a positive user identification on the Internet is not easy. Predators can fill out a registration form with false information. It is possible for a registrant to slip through with false identity data and then they are free to exert their damage with little risk of being caught or held accountable. If there is no accountability, there is no security for chatters. This is a serious problem. Internet Security Flaws – Over 500 potential problems, businesses are too busy to correct them all — The majority of successful attacks on computer systems via the Internet can be traced to exploitation of one of a small number of security flaws. A few software vulnerabilities account for the majority of successful attacks because hackers are opportunistic – taking the easiest and most convenient route. They exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, by scanning the Internet for vulnerable systems. Firewalls – Install a Firewall. A firewall is nothing less than a gatekeeper a combination of hardware and software that insulates your company s computers from outside intrusion, while still allowing the user to access the Internet freely. Firewalls work most of the time, but are not full proof. The most common problem with firewalls is that they can be misconfigured, or their configurations can change from one day to the next. Nonetheless, firewall protection is necessary for company networks, as well as individual or home PC s. Firewalls examine the contents in the data stream for irregularities. Just about every computer connected to the Internet is probed regularly many times every day. Hackers make a game out of poking into randomly selected PC s, just to see what they can find. Even if hackers do not do any damage, the fact that they can uncover your server s weaknesses in seconds should be enough to make you realize the potential risk of the breach in your Internet security. Web Scan Network Audits – An on-line automated remote auditing service that provides an external view of what services the organization s network is making visible to the internet on a repeatable and reliable basis. By checking for potential security vulnerabilities and network misconfigurations. Security scan audits can identify weaknesses before the product or service is released and can also help improve the quality of their applications. The service consists of: configurable audit scheduling on weekly or monthly basis; e-mail alert messages whenever a scheduled audit is complete, or when audits detect changes in the network from a previous audit; reporting on active hosts; performing different types of scan; reporting on ports that are open and services running on them; scanning on demand that provides the flexibility of invoking an immediate scan on a given configuration. It is a reliable, repeatable test, with comparisons reported from one run to the next. This allows the organization to check for the addition or removal of services and hosts that might otherwise go unnoticed, and to confirm that the firewall or host is allowing only the expected set of services to be visible on the internet. Application Audits – Audits that take an in depth look at an organization s web application. Application audits consist of design and code review, as well as live “penetration testing.” This provides a thorough examination of the organization s service from a technical perspective to determine how secure it really is. User ID and Passwords – It is recommended that user ID s be revalidated and passwords be changed at least once per year. When an employee leaves and organization his/her user ID should be removed from the computer network at that time. Users should understand their responsibility to keep passwords private and to report changes in their user status or suspected security violations. The simplest way to recover from the compromise of a password is to change it. Therefore, passwords should be changed on a periodic basis to counter the possibility of undetected password compromise. It is also recommended that users memorize their passwords and not write them down on post-it notes. In addition, users should select a password that is not easily guessed (”love,” “money,” “wizard” are very common). Many hackers will try default passwords or commonly used passwords before resorting to more sophisticated methods. Compromised user accounts get the hackers inside the firewall and inside the target computer and/or network system. Once inside, most hackers can use widely accessible exploits to gain root or administrative access. Encryption – When a web page is not encrypted, it means that it is possible for other people, hackers, to view the web page when it is downloaded. It also means that the user can not check the identity of the web site. Encryption software is available that can automatically encrypt files and directories when the user logs off the computer and decrypt them when the user logs back on, providing a transparent way to protect files from any nosy intruders. If the organization or user is worried about a word processor leaking scraps of your sensitive documents all over the hard drive, he/she can use a secure text editor that automatically encrypts documents. It is also possible to e-mail secret memos to co-workers from within the text editor. Navigator security settings can let a user know before he/she does something that might be unsafe such as: the user is entering an encrypted site the user is leaving an encrypted site the user is viewing a page with an encrypted/unencrypted mix the user is sending unencrypted information to a site. With the growth in business use of the internet, network security is rapidly becoming crucial to the development and use of the Internet. Therefore, in so much as, there are threats to Internet security, through the use of protective devices the risks can be minimized. Every organization and personal computer user needs to decide for themselves the level of security necessary and then be certain to maintain the level to effectively reduce the threat to their Internet security. Soon, security will be an integral part of our day to day use of the Internet and other networks.