Internet Security.
Abstract
Online users today are faced with multitude of problems and issues. A typical online user is vulnerable to virus, worms, bugs, Trojan horses etc.; he/she is also exposed to sniffers, spoofing their private sessions; and they are also vulnerable to phishing of financial information. Not only this but users are also constantly subjected to invasion of privacy with the multitude of spy ware available for monitoring their surfing behaviours. If this is not all, users are also subjected to malwares that stop or totally destroy their machines render them helpless. These instances only indicate that the Internet is not a safe place for online users. Users are constantly vulnerable to hacked sessions, attacks and phishes that make them wary of going online. However, the trend does not stop at that. In fact corporations and government sector organizations are also faced with the same problems. Corporate information are being hacked; emails are read; government secret information are subject to security risks and banks are being hacked and millions stolen. Some of the reasons behind such attacks include the weaknesses inherent in the networks of the companies and government organizations; other reasons include carelessness of users. Whichever the case internet security issues have become one of the major concerns for technologists and users alike. There is a great need for understanding the nature of the attacks, the attackers, the networks, the loop holes and the measures taken to counteract them. The following research identifies the various methods and techniques of attacks online and how they expose the users to information theft; corruption of systems; and loss of funds. The research also identifies the various methods that are being used to counteract these attacks and how effective they are proving for the users. Some suggestions are also given for future security measures for networks and network users.
Chapter 1: Introduction
The Internet has revolutionized the way people live today. Activities ranging from access to information to entertainment; financial services; product purchase and even socializing all seem to take place online. Due to its wide coverage and pervasive information collection, millions of people are relying on the Internet for almost all kind of activities. And with frequent usage, they have also come to trust the Internet to provide a gateway for personal, home and office convenience. The basic simple structure of the Internet based on a host of backbones and host servers, however makes it vulnerable to many risks. The hosts vary from supercomputers to personal computers using different types of hardware and software. The common link in all of these hosts is the TCP/IP (Transport Control Protocol/Internet Protocol). This language again is based on simple functionality that is if a host has TCP/IP then it can easily connect to other computers that have same backbones and operating systems. This open technology not only expose the Internet to numerous security risks and pitfalls but it also becomes the real issue for its users. This is because attacks on IP is possible; IPs do not perform robust mechanisms for authentication for packets of data that come onto the Internet. Without the authentication mechanism any data packet may claim it originates from certain address but there is no sure way to check the claim of the data packet. The most important fact is that the higher layer on the ISO/OSI Reference Model lack host authentication such as through cryptographic applications. For this reason it is easy for users to enter into any host and alter/change the content of other users’ systems. Since there is no check for such criminal activities, Internet crime and security breaches continue to rise along with the evolution of the Internet. Yet the Internet continue to grow at a tremendous speed, spreading far and wide pervading all levels of human activities from personal browsing to high definition business activity. Issues of security becomes significantly noticeable when a price is attached with Internet security breach. To name a few instances, companies have gone bankrupt; personal information has been revealed to public domains; national databases have been hacked, and businesses have lost significant amount resulting from espionage etc. These are but some examples of the gravity of Internet Security issue. As the Internet becomes more complex the nature of the problem inherent in internet security also evolved. This is due to the fact that security breakers have also become intelligent, anticipate and undermines the security measures taken. It is also one of the reasons why today many companies and public sector units are considering internet security as part of their risk management plans to avoid financial and business losses. Individuals on the other hand spend huge amount on protection software’s and security barriers such as password protection, authentication etc. Despite these measures, time and again one reads or hears of Internet security breach that has resulted in loss of millions of pounds.
1.1 Purpose
The gravity of the issue of Internet security and its breaches have prompt the researcher to investigate on the various internet security problems that users are facing today. These may range from business explicit to personal in nature. The purpose of this research is to identify the different types of Internet security problems faced by consumers, businesses, government and individuals. At the end of the research, the researcher aims to resolve these problems by recommending solutions and by devising better measures for safer Internet environment.
1.2 Scope
Readers will find this research valuable for understanding the different approaches attackers to undermine Internet security. Since the nature of the problem is technical in nature lay persons may not fully appreciate the problems and resolution outlined in this research. Instead professionals in the field of Computer Science as well as students and other researchers will find the information more relevant. The research is also generic in the sense that it outlines different problems and solutions so future researchers can use it as a platform for their own projects which may perhaps be more specific in nature. Due to limitations of this dissertation, the researcher has focussed only on major problems while there may be other prevalent problems pertaining to Internet security which may be investigated by future researchers.
1.3 Methodology
Internet security is a subjective issue that needs to be discussed from all type of users’ perspective. Furthermore, the problem with Internet security is that it require identification of the victims before one can categorize the gravity of the problem. For this reason the researcher consider a literature review of the various problems prevalent and faced by Internet users at all levels such as individual, communities, businesses, government sectors and international users. This would allow the researcher to identify the most frequently faced problems. The use of magazines, books and journal articles have been considered ideal for this investigation. In addition references from the Internet sources have also been found to considerably insightful.
Chapter 2: Literature Review
Any person using the Internet is subjected to Internet security and privacy risks. The risk becomes high as new technologies are introduced with holes in programs. Even the anti-virus software that one installs to counteract viruses, bugs and worms tend to become outdated within hours. This is because as soon as new technologies are introduced, software and programs for compromising them are devised and used to hack them.
A look at the following statistics will indicate the gravity of the situation:
Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
“– In 1999, 57% of large corporations and public agencies reported computer attacks.
— It is estimated that only 32% of serious hacker events are reported.
— 62% of organizations had a computer security breach within the last year.
— 30% of companies have reported system penetration by outsiders.
— 57% of companies reported the Internet was the point of entry for attacks.
— 32% of companies reported denial of service attacks.
— 55% of companies report incidents of unauthorized access by company insiders.
— Experts estimate 50-75% of companies connected to the Internet have 20 known security holes.” (Business Wire 2000)
Given the above figures one cannot actually understand the breadth and scope of Internet security. A survey of the different kind of security breaches are listed below. The literature survey will reveal how Internet security has become a major issue for online users whether individual user; corporate or government user.
2.1 IP Spoofing and Session Hijacking
One of the most basic and common security breaches is when a host claims to have an IP address of another host. This kind of attack is called spoofing. Considering the different router access control lists of different systems are connected to the Internet, the only way for receiving computers to recognize its data packet is through the IP address. An attacker may devise and use techniques to spoof IP address and send packets to a host that require certain actions which may be harmful. In addition some applications allow logins on IP address which open the server/host to great risks if the IP address is known to attackers.
On the other hand there are IP session hacking which are more serious than spoofing. It encompass damages at a more serious level as compared to mere breaking entry barriers. Session hijacking refers to the use of toolkits to hijack an ongoing session. The attacker takes over the user’s session and control the session without the user being aware of it; the so called hijacker may change, alter, give commands as the user does and may execute nasty commands. Steve Bellovin (1989) explains this concept as very dangerous if the attacker has access to a host; he/she may login as an authentic user and do anything as a user does (see example in Figure).
Figure1: Session Hijacking
In this diagram the user is on host A, carrying a session with a user on host G. The users are using a telnet session. An attacker is monitoring their progress from host H. He/she uses a toolkit to impersonate A to G. A’s session expires without him/her realizing the reason for it. G on the other hand remains unaware and continue with the telnet activity. In the process of impersonate the hijacker may obtain confidential information for getting into the user’s machine, a local area network or a corporate network.
This kind of problem can be resolved by using telnet-type applications with encrypted versions, the users can prevent potential attackers from taking over the session. He/she may see gibberish script instead of the whole session. He would need a cryptographic key to be able to decrypt the data stream from A to G or vice versa before he/she can hack the session (Gertz 1999).
2.2 Denial of service (DoS)
Between the years 2000 and 2002, sixty percent of UK companies have suffered security breaches while eighty five percent of the US companies suffered from network breach costing some $10 million in damages. This only shows that the number of incidents of security breach is increasing and as the Internet spread far and wide, it would also bring with it more threats and risks for breaches. Apart from the physical security, the Internet is also threatened by software breaches. Denial of Service or DoS is one of the instances of security breach. The concept can be explained as follows.
Most companies have outdated firewalls and network perimeters that focus on specific security models that do not adequately cover all aspects of security. Hackers on the other hand are always on the look out for weak links or loop holes in corporate security system for attacks. A virus, bug, worm or a spyware is sent through packets of information to the victim’s computer at a randomly selected spoofed address. The victim’s computer then sends a response to each of the spoofed addresses on his/her address book. The spoofed address sends out the same information to other addresses. The basis for DoS is that the attacks generate a response from the victims and once the program has a response it continues to distribute to other people on the network creating a chain reaction of responses. Some network takes it slow while others take less than one hour to generate the reaction (PC Magazine 2001). As a result of this, the traffic flow of the network is blocked and the users of the network are denied access of the services available. Some of the recent DoS attacks that have been known to shut down computer systems and networks include the Blaster worm and Welchia worm that infected hundreds of private networks by reproducing itself on the networks of companies. The Welchia and the SoBig.F both spread out by sending itself to a random address in a user’s directory. Once the user download the files and accidentally opens it the process of regeneration starts as the file begins to distribute personal information or replicate emails to any address in the directory. The worm is coded in such a manner that it starts open relays or holes in the email system. As the rate of distribution increases, the network slows down thereby denying company users of services available for that network. The Welchia and SoBig have not only significantly slowed down and denied services to corporate users but due to these actions they have incurred great costs to the companies (Lemke 2003).
2.3 Encryption
Encryption is a method of changing plain text messages from its original composition by replacing or rearranging the letters and numbers and converting the composition into an indecipherable format. This method uses a mathematical algorithm and a key for encryption. The length of the key is measured in bits which determines the weakness of the encryption program. The encryption key may be 40 bits in length but it will generate 1 billion possible keys or combination. For this reason encryption creators use long strings to increase security level (Voors 2003).
There are two types of encryption: the private and public key. Encryption in private key systems use algorithms and a symmetric key to encrypt and decrypt messages. Private keys are considered to be less secure because the same keys are used by both the encryption creator and the person who decrypts. Hence if an attacker even has access to the encryption key he can decrypt the message. In either case it has been observed attackers can access the key from the third party vendor who provides encryption and decryption services, can match and open the messages easily (Voors 2003).
The technology is not a new one and can be traced to the time of Julius Caesar in 1900 B.C. However, recent development in encryption has come about during the World Wars and more recently with the advent of computer era. “In the early to mid-1980s, Phil Zimmerman developed software that implemented the concept of public-key encryption and revolutionized the world’s perception of encryption. Pretty Good Privacy (“PGP”), as the software is called, was released in the early 1990s. The program extended the use of encryption from major governments and militaries to ordinary businesses and private citizens.” (Voors 2003) There has been conflict in the perception of Zimmerman and the government of the use of encryption PGP. The US government considered distribution of PGP to private users and Internet as violation of the Arms Export Control Act whereas Zimmerman considered it as a good way of preventing users from becoming victims of security attackers (Voors 2003).
The use of encryption systems has today spread to various sectors such as businesses, hospitals, utilities and communication companies who are aware of the need for protection of information. For example businesses use encryption to secure customer’s personal information and credit card numbers. A large number of hospitals around the world today encrypt patients’ records to ensure privacy. Therefore, it could be said that the use of encryption at all levels of network users has become common. It is then not surprising when attackers target the encryption method of coding and attempt to “break in” for decoding information. Despite third party regulation and law enforcement to secure encryption systems, nevertheless decryption keys are often leaked to the attackers through the back doors thereby compromising the authenticity of security (Voors 2003).
2.4 Web Trackers and Spyware
Spyware has reached an epidemic level and according to Brien Posey (2004) will only get worse. Approximately 95% of the world’s PCs are infected with spyware and the removal tools used are only effective for a few months. The types of new spyware are released with every new counteractive tool for removing them. There are different kinds of spyware that are used by attackers for various purposes.
Find Out How UKEssays.com Can Help You!
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.
View our academic writing services
For example specific software technology has been devised to track the web surfing habits of users. These softwares have been devised to observe user behaviours for marketing purposes and also to invade the user’s privacy. Despite user outcry of privacy issues, web trackers continue to become prevalent when users are online. Companies devise these web trackers to collect data without the users being aware of it and sell it to marketing companies that target the same users. For example the WebHancer installs a program onto the user’s computer when the user downloads the software. The program is bundled with a host of user applications but in actuality the web tracker is being installed too. The web tracker then monitors the user and sends out report of information such as how long did the user remain on a particular site, usage patterns, personal information etc. to the company that sponsor the programs. Others such as the NetGenesis tracks data from cookies and sends out reports to the program producer (PC-3P Online 2004). There are others still which trick users into installing spyware. This happens when users are surfing the internet and see a pop-up window that intimates Windows error message. Although the Windows error message may look familiar but it differ greatly. Users in a hurry to fix the problem click on the button thinking they have fixed the problem whereas in actuality they have initiated the spyware.
Other forms of spyware that tend to get installed when users accidentally or through trickery visit an infected web page that trigger ActiveX controls. ActiveX controls work on the weaknesses of IE and hence take control over the users surfing behaviour.
There are other forms of spyware that come in the form of emails. Mail programs such as Outlook Express tend to open mail in any of the formats especially in HTML form. A spyware is usually coded in the email message. when the user opens the email it initiates the malicious script to execute the spyware onto the user’s system. To resolve Posey (2004) recommends the use of spyware removers such as Ad Aware and Spybot. However, even after the installation of these softwares the spyware is not removed then it is recommended that the user manually removes the spyware by rebooting the machine in safe mode and go to Task Manager to remove the spyware.
Furthermore, user machines operating on Windows XP have the option of downloading and installing Service Pack 2 which allow users to fix a number of IE security holes including pop up blockers. Alternatively, the users can go to IE zone for guidance on step by step enhancing the security of IE browser.
2.5 Sniffing
Not only this but professionals are also of the view that the trend of “packet sniffers” has increased significantly recently. There is little the user can do to prevent hackers from “sniffing” or capturing packet of data containing clear text passwords. One of the reasons why this process has become even more easy for the packet sniffers is that there are tools available for scanning sessions on the Internet that vie for open sessions or open port to enter into the user’s system. Where systems maintain clear text password, the user is victimized the most easily. With new technologies like one-time passwords such as S/Key, PGP, token based authentication devices etc. users can prevent sniffing from happening. They can devise secret tokens and pins, and password-like strings to prevent decryption (Melber 2004).
However, one of the reasons why sniffers continue to have accesses to passwords and secret tokens is that the password authentication protocols are weak. The problem is inherent in the fact that Microsoft operating systems and networks still support legacy authentication protocols. Lan Manager and NT Lan Manager for example support old protocols which create holes in the security system. The decryption keys for these old authentication protocols have features that allow access to the operating system at different levels. Although, Microsoft has revised its authentication protocols for new OS such as NTLMv2 and Kerberos nevertheless the integration of the old protocols into the new ones force new OS to operate and obey commands when hackers enter into the system (Melber 2004).
Kerberos is considered to be an industry standardized and approved authentication protocol for Internet Engineering Task Force’s Request for Comments 1510. Microsoft has added some features to the Kerberos but nevertheless the protocols that is behind this new protocol is based on the old model. According to Derek Melber of Microsoft (2004):
“Kerberos enforces the mutual authentication process by using a ticketing system.
The authentication process is handled primarily by the client, reducing the load on the servers.
Domain controllers share the authentication load by running as Kerberos Distribution Centres (KDCs).
No portion of the password is ever transmitted over the network.
Attackers are prevented from capturing and replaying packets from the network since the packets are time sensitive.” (Melber 2004). With these measures it is expected that Microsoft based products would have become more sensitive to sniffers and packet stealers.
2.6 Information and Identity theft
Despite warnings and precautionary measures users around the world are being victimized constantly. One of the latest trends is information theft on the Internet. The internet has made it easier for attackers to scan personal information such as Social Security and credit card numbers, and use it for their own gain. For example Kristina Stefanova of The Washington Times (2002) reports of scam email messages sent to AOL users claiming to be from AOL billing department. The message says:
“Our records indicate that the credit card information on file for your AOL account is not up-to-date. Therefore, you will need to replace it with another or newer credit card information,” it said. “Outdated information on your AOL account may cause bill processing problems which in some cases could lead to service interruptions and termination of your account.”
Users unaware of the nature of the scam believed the message to be authentic and revealed their credit card information resulting in loss of thousand of dollars. To counteract companies have now started to set up privacy policy to secure their sites as well as make the customers aware of their rights and legal responsibilities for protecting their credit card information. Yet despite this fact, many companies and their customers have become victims of such scams.
The biggest concern resulting from information theft is that as more and more companies are moving online to enhance their services and ease the process of buying and selling, the dollar value of Internet risks have also increased manifolds. For example Thomas Tribunella (2000) notes that more products, trade investments and banks are going online and offer services that require user authentication of personal information. This kind of requirement not only expose the users and the company to online fraud but also disrupt website stability. Hackers are motivated by greed, monetary gain, ego, entertainment and political causes. These factors initiate them to attack individual as well as corporate users by destroying information or stealing information that may prove destructive to the individual users. In such cases it is recommended that firewalls be installed for user authentication, access control lists and installation of dynamic packet filters. Stealing of identity information and financial information may decrease with these measures but does not guarantee its eradication for good (Tribunella 2000).
2.7 Phishing
Related to information theft there is a trend on the Internet whereby web pages are replicated using the same information and encryption as the original website. The user unaware of the fact that they have arrived at a wrong address wilfully enter personal and financial information. This is called phishing. According to Sandi Hardmeier (2004) phishing refers to “creating a replica of an existing Web page in an attempt to fool a visitor into providing personal, financial, or password information.” The hackers behind the phishing technique can send out email to claim that they are from legitimate business or government organization, and require users to enter personal identification numbers, passwords, credit card information or social security numbers that would ultimately allow them to use the information to access funds from the user’s account (See Figure 2: Phishing).
Figure 2: Phishing
A typical phishing email looks like an original email with graphics and message that identify them as authentic. They provide a link to which the user will be transported to the web site that also look like the original website. The only sign that one can detect a fake from the original is that the URL given as a link would differ from the one that opens the browser window. To check whether an email is a potential phishing one can type the URL of the company into the browser address bar. If the icon on the page where the link is similar to the one sent in the email then it is an authentic email, not a phisher (Hardmeier 2004).
2.8 Virus, worms and Trojans
According to Michael Durkota (2005) of US-CERT “Trojan horses are one of the most malicious programs to infect any computer. Even though there are different kinds of removal tools available on the internet, the chances of identifying the right program for the specific Trojan is difficult and by that time the virus would have infected the whole computer.” (Durkota 2005) Internet users are exposed to the Trojans easily as it target online users who are connected to the Internet (network of networks). A computer that does not have an anti-virus program is likely to become infected with Trojans horses especially through emails and internet explorer. Some of the measures for preventing Trojans from entering by not opening unsolicited attachments in email messages; unsolicited links; using updated anti-virus software; use an internet firewall and keeping the system patched.
Similarly malware like MyDoom, ILOVEYOU and Blaster worm all have been designed to infect user machines by shutting down their systems. The most important aspect of these malwares is that they are intended to particular program type such as Microsoft and therefore corrupt all executable files related to it. The MyDoom Worm for example has “successfully infected enough victims in order to shut down SCO’s web site, followed by new variants that targeted Microsoft’s web site.” (Dancheve 2004). Malware authors are aware of the advanced computer users and also know how the Internet works. Although they do not cross the line of the law but nevertheless they can do great harm to the users by infecting the Internet with the Worms which spread quickly through interface browsers, instant messaging and emails. Email attachments, file transfers, browsing web pages which initiate ActiveX all are vulnerable to malware being attached to them (Danchev 2004)
2.9 How to Prevent Internet Security breaches?
2.9.1 Data encryption software
The Internet as mentioned earlier runs on proxy servers and through host servers. The proxy servers serve as the hub for application services that allow a variety of protocols such as Telnet, SMTP, FTP, and HTTP etc. to transfer information. Host servers on the other hand uses these services but are not connected directly to other servers. in case of the proxy server application, the client connects with the proxy server that initiates the connection to the external server. In some cases depending on the type of proxy server used, the internal clients can perform redirection without the user being aware of it. The proxy server then initiates the connection through specified format. This prevent the users from being attacked by external servers as proxy servers require authentication before access is granted. The access control list protocol has to be updated before the user or system is allowed to have access to the network. More sophisticated proxy servers, called Application Layer Gateways or ALGs can further enhance security by configuring and blocking subsections of protocols. For example an ALG for FTP can allow “get” command and disallow “put” command so that the users cannot put any files on the remote server. This type of filtering of commands is effective as compared to the host servers that only has the capability of fully allow server to interact with other servers/users or totally deny the service (Fraser 1997).
Another method of protecting users from being attacked through servers is to protect secret tokens and PINs. Professionals in the technology field recommend users to use upper and lower case characters with digits and special characters when assigning passwords for access on public domain. This is important as it would prevent access through hardware devices and software as well. The secret Pretty Good Privacy key is another method of unauthorized access. Cryptography products such as PGP ensure the user is not attacked by providing encrypted connections between two location points on the Internet (Fraser 1997).
2.9.2 Anti virus softwares
From time to time one reads of malicious bugs and viruses like Melissa and Love Bug that run in email script and target the users by entering their systems and destroy programs etc. One of the reasons why bugs and viruses easily access users’ system is due to the fact that these target Microsoft products such as Internet Explorer and Outlook Express The most common interface among consumer IE is not only vulnerable to attacks but it is also being targeted by perpetrators. Outlook for example is a weak tool as it automatically opens email as read when a user clicks on a new email. As a result the virus is triggered even when the user attempts to delete the unsolicited email by clicking on it (Aspinwall 2000). Aspinwall also writes (2000) “The chances of a computer virus getting to your system may be less than 1% or greater than 10% depending on where you surf, who sends you e-mail attachments, etc., but eventually a virus will get close to you–if not actually destroy data and thus rob you of hours of hard work.” For this reason there is more reason for taking precautionary measures for virus attacks.
To resolve Aspinwall recommends users to install anti virus softwares such as McAfee, Virus Scan, Virex, Norton AntiVirus, Trend Microsoft pcCillin etc. or any other products that serve the same purpose. Furthermore, the user also has the choice of using Netscape as an interface and Eudora for email browsing. These produ
Cite This Work
To export a reference to this article please select a referencing style below: