Internet Security
Many people today are familiar with the Internet and its use. A large number of its
users however, are not aware of the security problems they face when using the Internet.
Most users feel they are anonymous when on-line, yet in actuality they are not. There
are some very easy ways to protect the user from future problems.
The Internet has brought many advantages to its users but has also created some major
problems. Most people believe that they are anonymous when they are using the Internet.
Because of this thinking, they are not careful with what they do and where they go when
on the "net." Security is a major issue with the Internet because the general public now
has access to it. When only the government and higher education had access, there was no
worry about credit card numbers and other types of important data being taken. There are
many advantages the Internet brings to its users, but there are also many problems with
the Internet security, especially when dealing with personal security, business
security, and the government involvement to protect the users.
The Internet is a new, barely regulated frontier, and there are many reasons to be
concerned with security. The same features that make the Internet so appealing such as
interactivity, versatile communication, and customizability also make it an ideal way for
someone to keep a careful watch on the user without them being aware of it (Lemmons 1).
It may not seem like it but it is completely possible to build a personal profile on
someone just by tracking them in cyperspace. Every action a person does while logged
onto the Internet is recorded somewhere (Boyan, Codel, and Parekh 3).
An individual's personal security is the major issue surrounding the Internet. If a
person cannot be secure and have privacy on the Internet, the whole system will fail.
According to the Center for Democracy and Technology (CDT), any website can find out
whose server and the location of the server a person used to get on the Internet, whether
his computer is Windows or DOS based, and also the Internet browser that was used. This
is the only information that can be taken legally. However, it can safely be assumed
that in some cases much more data is actually taken (1). These are just a few of the
many ways for people to find out the identity of an individual and what they are doing
when on the Internet.
One of the most common ways for webmasters to find out information about the user is to
use passive recording of transactional information. What this does is record the
movements the user had on a website. It can tell where the user came from, how long he
stayed, what files he looked at, and where he went when he left. This information is
totally legal to obtain, and often the webmaster will use it to see what parts of his
site attracts the most attention. By doing this, he can improve his site for the people
that return often (Boyan, Codel, and Parekh 2).
There is a much more devious way that someone can gain access to information on a user's
hard-drive. In the past, the user did not need to be concerned about the browser he
used; that changed when Netscape Navigator 2.0 was introduced. Netscape 2.0 takes
advantage of a programming language called Java. Java uses the browser to activate
programs to better enhance the website the user was viewing. It is possible for someone
to write a program using Java that transfers data from the user's computer back to the
website without the user ever being aware of anything being taken. Netscape has issued
new releases that fix some but not all of the two dozen holes in the program (Methvin
3).
Many people do not realize that they often give information to websites by doing
something called direct disclosure. Direct disclosure is just that, the user gives the
website information such as their e-mail address, real address, phone number, and any
other information that is requested. Often, by giving up information, a user will
receive special benefits for "registering" such as a better version of some software or
being allowed into "member only areas" (Boyan, Codel, and Parekh 2).
E-mail is like a postcard. E-mail is not like mailing a letter in an envelope. Every
carrier that touches that e-mail can read it if they choose. Not only can the carriers
see the message on the e-mail, but it can also be electronically intercepted and read by
hackers. This can all be done without the sender or the receiver ever knowing anything
had happened (Pepper 1). E-mail is the most intriguing thing to hackers because it can
be full of important data from secret corporate information to credit card numbers
(Rothfeder, "Special Reports" 2).
The only way to secure e-mail is by encryption. This makes an envelope that the hacker
cannot penetrate. The downside to using encryption on a huge network like the Internet
is that both users must have compatible software (Rothfeder, "Special Reports" 2). A way
to protect a persons e-mail is to use an autoremailer. This gives the sender a "false"
identity which only the autoremailer knows, and makes it very difficult to trace the
origin of the e-mail (Boyan, Codel, and Parekh 4).
Another but more controversial way of gathering data is by the use of client-side
persistent information or "cookie" (Boyan, Codel, and Parekh 2). Cookies are merely some
encoded data that the website sends to the browser when the user leaves the site. This
data will be retrieved when the user returns at a later time. Although cookies are
stored on the user's hard-drive, they are actually pretty harmless and can save the user
time when visiting a web site (Heim 2).
Personal security is an important issue that needs to be dealt with but business security
is also a major concern. "An Ernst and Young survey of 1271 companies found that more
than half had experienced computer-related break-ins during the past two years; 17
respondents had losses over $1 million" ("November 1995 Feature"). In a survey conducted
by Computer Security and the FBI, 53 percent of 428 respondents said they were victims of
computer viruses; 42 percent also said that unauthorized use of their systems had
occurred within the last 12 months (Rothfeder, "November 1996 Feature" 1).
While electronic attacks are increasing more rapidly than any other kind, a large number
of data break-ins are from the inside. Ray Jarvis, President of Jarvis International
Intelligence, says "In information crimes, it's not usually the janitor who's the
culprit. It's more likely to be an angry manager who's already looking ahead to another
job"(Rothfeder, "November 1996 Feature" 3).
While electronic espionage is increasing, so is the ability to protect computer systems.
"The American Society for Industrial Security estimates that high-tech crimes, including
unreported incidents, may be costing U.S. corporations as much as $63 billion a year"
(Rothfeder, "November 1996 Featuer" 1).
There are many ways for businesses to protect themselves. They can use a variety of
techniques such as firewalls and encryption.
Firewalls are one of the most commonly used security devices. They are usually placed at
the entrance to a network. The firewalls keep unauthorized users out while admitting
authorized users only to the areas of the network to which they should have access.
There are two major problems with firewalls, the first, is that they need to be installed
at every point the system comes in contact with other networks such as the Internet
(Rothfeder, "November 1996 Feature" 5). The second problem is that firewalls use
passwords to keep intruders out. Because of this, the firewall is only as good as the
identification scheme used to log onto a network (Rothfeder, "November 1996 Feature" 2).
Passwords, a major key to firewalls, are also the most basic of security measures. The
user should avoid easily guessable passwords such as a child's name, birthdate, or
initials. Instead, he should use cryptic phrases and combine the use of small and
capitalized letters such as "THE crow flys AT midnight". Another easy way to avoid
problems is to change the password or phrase at least once a month (Rothfeder, "November
1996 Feature" 5).
Just in case an intruder does get through the first layer of security, a good backup
is to have all the data on the system encrypted. Many browsers come with their own
encryption schemes, but companies can buy their own stand-alone packages as well. Most
encryption packages are based on a public-private key with their own private encryption
key to unlock the code for a message and decipher it. Encryption is the single best way
to protect data from being read, if stolen, and is rather cost effective (Rothfeder,
"November 1996 Feature"5).
Businesses need protection but they cannot do it alone. The Federal government will have
to do its part if the Internet is going to give us all the returns possible. Businesses
will not use the Internet if they do not have support from the government.
In the United States there is no set of laws that protect a person's privacy when on the
Internet. The closest rules that come to setting a standard of privacy is an assortment
of laws beginning with the Constitution and continuing down to local laws. These laws
unfortunately, are not geared for the Internet. These laws are there only to protect a
person's informational privacy (Boyan, Codel, and Parekh 3).
Now, because of the booming interest and activity on the Internet in both the personal
and the business level, the government has started investigating the Internet and working
on ways to protect the users.
The Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), and the
National Security Agency have all devoted small units to fighting computer security
crimes. After Senate hearings, the Justice Department proposed that a full-time task
force be set up to study the vulnerability of the nations informational infrastructure.
This would create a rapid-response team for investigating computer crimes. They also
proposed to require all companies to report high-tech break-ins to the FBI (Rothfeder,
"November 1996 Feature" 4).
Security for the Internet is improving, it is just that the usage of the Internet is
growing much faster. Security is a key issue for every user of the Internet and should
be addressed before a person ever logs on to the "net". At best, all users should have
passwords to protect themselves, any businesses need to put up firewalls at all points of
entry. These are low cost security measures which should not be over looked in a
possible multi-billion dollar industry.
Works Cited
Boyan, Justin and Eddie Codel and Sameer Parekh. Center for Democracy and Technology Web
Page. Http://www.13x.com/cgi-bin/cdt/snoop.pl accessed January 26, 1997: 1-4.
Heim, Judy. "Here's How." PC World Online January 1997: 1-3.
Methvin, David W. "Safety on the Net." Windows Magazine Online (1996): 1-9.
Lemmons, Phil. "Up Front." PC World Online February 1997: 1-2.
November, 1995 Feature PC World Online November 1995 1-3.
Pepper, Jon. "Better Safe Than Sorry." PC World Online October 1996: 1-2
Rothfeder, Jeffrey. "February 1997 Special Report." PC World Online February 1997: 1-6
Rothfeder, Jeffrey. "November 1996 Features." PC World Online November 1996: 1-6
|