Internet Security

 

Related Terms: Biometrics; Computer Crime; Data Encryption; Downloading Issues; Firewall; Spam; Virus

Internet security is a subset of actions aimed at securing information based on computers and in transit between them. In the modern environment the two subjects are closely linked. Neither computers nor the networks that connect them are inherently secure. Computers were subject to attack before the Internet became a public utility—because illegitimate software hidden on commercial diskettes could be fashioned to load itself on a computer and play havoc with data in memory or placed on a fixed drive. The Internet, by its very nature—initially conceived of as an open network to facilitate free exchange of ideas and information—is vulnerable. According to the Internet Systems Consortium (ISC), which conducts four surveys each year, in January 2006 there were some 395 million Internet hosts in operation—and billions of computers consulting billions of pages carried by those hosts. Despite best efforts, a system of this size and complexity will inevitably have points of entry that can be abused—and software programs frequently have unknown weaknesses that hackers (for fun) or criminals (for gain) discover and turn to their advantage until the flaws are fixed.

Computer networks hold valuable and often protected, private information, not least data on identities; credit cards; financial data; technical, trade, and government secrets; mailing lists; medical records; and the list could be continued. These data are vulnerable on the computer and in transit. The Internet, as a connector between computer systems, is also a highway of access to valuable data stores. The vulnerabilities are loss of data through malicious erasure, the acquisition of proprietary information, the manipulation of the data such as illegal withdrawals and transfers of funds, the capture and criminal use of credit cards or identities, and any and all unauthorized uses to which information may be put. Internet security breaches can also potentially have direct physical consequences if the wrong people hijack systems that control transportation or power systems. Computers have become so pervasive, and their networking so universal, that Internet security and security in general are closely linked objectives of society.

FORMS OF ATTACK

Internet security deals narrowly with one means by which computer crime (covered in more detail elsewhere in this volume) is committed. In the mid-2000s Internet-based criminal activity appears to be less of a threat than localized computer crime. This point was emphasized by Andrew Harbinson, a computer crime fighter working for Ernst & Young in Ireland. Harbinson wrote in Accountancy Ireland that the ratio between "insider" and Internet crime is roughly 3 or 4 to 1—and this despite a different trend in some reports. Since the corporate scandals of the early 2000s, many companies have been reluctant to report internal frauds fearing an adverse response from the stock market. Significant crime, according to Harbinson, reflects motive and opportu-nity—and insiders know systems much better and can exploit them more effectively than hackers fishing around from the outside.

Systems disruptions arising from the immaturity of teenaged hackers, the malicious intent of grownups, and the organized activities of pressure groups are the most common forms of Internet attack. These take the form of destructive or simply irritating software programs (viruses) that minimally "send a message," more seriously disrupt operation or cause shut downs, and in extreme forms cause serious loss of data. Other names associated with viruses are worms, Trojan horses, logic bombs, and sniffers—described further under Computer Crimes in this volume. Deliberate, organized, and sometimes automated programs to overload selected sites so that they are forced out of action are sometimes mounted by dissident groups. This type of action is known as "distributed denial of service." A common Internet-based crime is the theft of valuable lists—either for use or resale by the thief or as a means of blackmailing the target. Finally, spam, in the sense of undesired e-mail, is a nuisance and a bother but does not rise to the level of a vulnerability.

The National Institute of Standards and Technology (NIST), a government agency, defines seven categories of "incidents" (but numbered in good computer fashion from 0) used to sort out unusual network events in the federal government. These are Cat 0, Scheduled and Planned Tests (and therefore not actual breaches, even if they appear as such); Cat 1, Unauthorized Access (actual penetration without authority); Cat 2, Denial of Service (by exhausting resources); Cat 3, Malicious Code (viruses, etc.); Cat 4, Improper Usage (a user violating established policies); Cat 5, Scans/Probes/Attempted Access (unsuccessful but potentially preparatory to an attack later); and Cat 6, Investigation (unconfirmed attempts not yet fully reviewed).

Notably, perhaps—and perhaps an indication of the general health of the Internet and its chief managers (the hosts, portals, the communications companies, and the government)—no major blackout of the Internet has taken place to date literally shutting down the World Wide Web as a whole or in some region of the world.

VULNERABILITIES

Internet vulnerability arises from human factors, failures of "defensive" technologies, and from weaknesses in software products or their interactions.

Access to systems is usually protected by passwords. Careless assignment, use, and storage of passwords is in part a human factor leading to vulnerabilities. The MITRE Corporation, with funding from the U.S. Department of Homeland Security (DHS), maintains Common Vulnerabilities and Exposures (CVE), a dictionary and reference system to databases that hold CVE data by many other organizations. MITRE's CVE Website identifies, from among 7,000 CVE entries, 1,117 which relate to password vulnerabilities. These vulnerabilities have frequently arisen because passwords, particularly Systems Manager passwords, have been stored in forms easily recognized by outsiders.

Perhaps the best known protection technology is the firewall, a software system that monitors a network's or a single computer's interactions with the Internet. Firewalls are designed to capture, store, and analyze "on the fly" a series of recent commands received from the Internet. The firewall accepts these commands and temporarily puts them in a buffer to look at them before letting them execute. It has its own database of patterns of commands which signal trouble. When it finds such a pattern in its buffer, it ignores that set of commands and thus protects the system.

Virus detection and monitoring programs work by incorporating logic and data which enable them to scan and thus to recognize viruses in their many forms before these are able to do any damage. Virus detection software, of course, is constantly updated as malicious ingenuity creates ever newer attempts at slipping into computers disguised in innocent forms like e-mail attachments. When intruders discover ways to penetrate firewalls or slip viruses past virus detectors, the system becomes vulnerable.

By far the largest number of vulnerabilities are created by undiagnosed weaknesses in operating systems and in ordinary software. Attackers probing systems either know about these weaknesses, or chance across and then learn to exploit them. Software development takes many people. Programs of real use tend to be complex. To test or debug programs developers use so-called "back doors" to enable them to interact with a running program; such back doors are sometimes "left open" but become known in the hacker community. The same aims are usually achieved in the same way in programming as in other fields; thus skilled developers will know where to look for exploitable features of a software system.

 1 | 2  NEXT