Internet Security
Internet security is a subset of actions aimed at securing information based on computers and in transit between them. In the modern environment the two subjects are closely linked. Neither computers nor the networks that connect them are inherently secure. Computers were subject to attack before the Internet became a public utility—because illegitimate software hidden on commercial diskettes could be fashioned to load itself on a computer and play havoc with data in memory or placed on a fixed drive. The Internet, by its very nature—initially conceived of as an open network to facilitate free exchange of ideas and information—is vulnerable. According to the Internet Systems Consortium (ISC), which conducts four surveys each year, in January 2006 there were some 395 million Internet hosts in operation—and billions of computers consulting billions of pages carried by those hosts. Despite best efforts, a system of this size and complexity will inevitably have points of entry that can be abused—and software programs frequently have unknown weaknesses that hackers (for fun) or criminals (for gain) discover and turn to their advantage until the flaws are fixed.
Computer networks hold valuable and often protected, private information, not least data on identities; credit cards; financial data; technical, trade, and government secrets; mailing lists; medical records; and the list could be continued. These data are vulnerable on the computer and in transit. The Internet, as a connector between computer systems, is also a highway of access to valuable data stores. The vulnerabilities are loss of data through malicious erasure, the acquisition of proprietary information, the manipulation of the data such as illegal withdrawals and transfers of funds, the capture and criminal use of credit cards or identities, and any and all unauthorized uses to which information may be put. Internet security breaches can also potentially have direct physical consequences if the wrong people hijack systems that control transportation or power systems. Computers have become so pervasive, and their networking so universal, that Internet security and security in general are closely linked objectives of society.
FORMS OF ATTACK
Internet security deals narrowly with one means by which computer crime (covered in more detail elsewhere in this volume) is committed. In the mid-2000s Internet-based criminal activity appears to be less of a threat than localized computer crime. This point was emphasized by Andrew Harbinson, a computer crime fighter working for Ernst & Young in Ireland. Harbinson wrote in Accountancy Ireland that the ratio between "insider" and Internet crime is roughly 3 or 4 to 1—and this despite a different trend in some reports. Since the corporate scandals of the early 2000s, many companies have been reluctant to report internal frauds fearing an adverse response from the stock market. Significant crime, according to Harbinson, reflects motive and opportu-nity—and insiders know systems much better and can exploit them more effectively than hackers fishing around from the outside.
Systems disruptions arising from the immaturity of teenaged hackers, the malicious intent of grownups, and the organized activities of pressure groups are the most common forms of Internet attack. These take the form of destructive or simply irritating software programs (viruses) that minimally "send a message," more seriously disrupt operation or cause shut downs, and in extreme forms cause serious loss of data. Other names associated with viruses are worms, Trojan horses, logic bombs, and sniffers—described further under Computer Crimes in this volume. Deliberate, organized, and sometimes automated programs to overload selected sites so that they are forced out of action are sometimes mounted by dissident groups. This type of action is known as "distributed denial of service." A common Internet-based crime is the theft of valuable lists—either for use or resale by the thief or as a means of blackmailing the target. Finally, spam, in the sense of undesired e-mail, is a nuisance and a bother but does not rise to the level of a vulnerability.
The National Institute of Standards and Technology (NIST), a government agency, defines seven categories of "incidents" (but numbered in good computer fashion from 0) used to sort out unusual network events in the federal government. These are Cat 0, Scheduled and Planned Tests (and therefore not actual breaches, even if they appear as such); Cat 1, Unauthorized Access (actual penetration without authority); Cat 2, Denial of Service (by exhausting resources); Cat 3, Malicious Code (viruses, etc.); Cat 4, Improper Usage (a user violating established policies); Cat 5, Scans/Probes/Attempted Access (unsuccessful but potentially preparatory to an attack later); and Cat 6, Investigation (unconfirmed attempts not yet fully reviewed).
ADVERTISEMENT
FROM OUR PARTNERS
Select Services
- Forced to pay more?
- Salesforce costs up to 65% more than Microsoft Dynamics CRM. Compare.
- Collaborate in the cloud with Office, Exchange, SharePoint and Lync videoconferencing.
- Begin your free trial at Microsoft.com/office365
- Get on the same page
- Show and tell by sharing your screen instantly at join.me. Free.
- Shred No-Handed!
- Hands Free Shredding From Swingline Lets You Do More Productive Things!
- Winning new customers?
- SMB experts share their secrets at PersonallyPB.com/smb
- Turn Fans into Customers
- Social Campaigns from Constant Contact. Sign up now - it's free!
