FREE ESSAY ON INTERNET SECURITY

INTERNET SECURITY

Internet Security Many people today are familiar with the Internet and its use. A large
number of its users however, are not aware of the security problems they face when using
the Internet. Most users feel they are anonymous when on-line, yet in actuality they are
not. There are some very easy ways to protect the user from future problems. The Internet
has brought many advantages to its users but has also created some major problems. Most
people believe that they are anonymous when they are using the Internet. Because of this
thinking, they are not careful with what they do and where they go when on the net.
Security is a major issue with the Internet because the general public now has access to
it. When only the government and higher education had access, there was no worry about
credit card numbers and other types of important data being taken. There are many
advantages the Internet brings to its users, but there are also many problems with the
Internet security, especially when dealing with personal security, business security, and
the government involvement to protect the users. The Internet is a new, barely regulated
frontier, and there are many reasons to be concerned with security. The same features
that make the Internet so appealing such as interactivity, versatile communication, and
customizability also make it an ideal way for someone to keep a careful watch on the user
without them being aware of it (Lemmons 1). It may not seem like it but it is completely
possible to build a personal profile on someone just by tracking them in cyperspace.
Every action a person does while logged onto the Internet is recorded somewhere (Boyan,
Codel, and Parekh 3). An individual's personal security is the major issue surrounding
the Internet. If a person cannot be secure and have privacy on the Internet, the whole
system will fail. According to the Center for Democracy and Technology (CDT), any website
can find out whose server and the location of the server a person used to get on the
Internet, whether his computer is Windows or DOS based, and also the Internet browser
that was used. This is the only information that can be taken legally. However, it can
safely be assumed that in some cases much more data is actually taken (1). These are just
a few of the many ways for people to find out the identity of an individual and what they
are doing when on the Internet. One of the most common ways for webmasters to find out
information about the user is to use passive recording of transactional information. What
this does is record the movements the user had on a website. It can tell where the user
came from, how long he stayed, what files he looked at, and where he went when he left.
This information is totally legal to obtain, and often the webmaster will use it to see
what parts of his site attracts the most attention. By doing this, he can improve his
site for the people that return often (Boyan, Codel, and Parekh 2). There is a much more
devious way that someone can gain access to information on a user's hard-drive. In the
past, the user did not need to be concerned about the browser he used; that changed when
Netscape Navigator 2.0 was introduced. Netscape 2.0 takes advantage of a programming
language called Java. Java uses the browser to activate programs to better enhance the
website the user was viewing. It is possible for someone to write a program using Java
that transfers data from the user's computer back to the website without the user ever
being aware of anything being taken. Netscape has issued new releases that fix some but
not all of the two dozen holes in the program (Methvin 3). Many people do not realize
that they often give information to websites by doing something called direct disclosure.
Direct disclosure is just that, the user gives the website information such as their
e-mail address, real address, phone number, and any other information that is requested.
Often, by giving up information, a user will receive special benefits for registering
such as a better version of some software or being allowed into member only areas (Boyan,
Codel, and Parekh 2). E-mail is like a postcard. E-mail is not like mailing a letter in
an envelope. Every carrier that touches that e-mail can read it if they choose. Not only
can the carriers see the message on the e-mail, but it can also be electronically
intercepted and read by hackers. This can all be done without the sender or the receiver
ever knowing anything had happened (Pepper 1). E-mail is the most intriguing thing to
hackers because it can be full of important data from secret corporate information to
credit card numbers (Rothfeder, Special Reports 2). The only way to secure e-mail is by
encryption. This makes an envelope that the hacker cannot penetrate. The downside to
using encryption on a huge network like the Internet is that both users must have
compatible software (Rothfeder, Special Reports 2). A way to protect a persons e-mail is
to use an autoremailer. This gives the sender a false identity which only the
autoremailer knows, and makes it very difficult to trace the origin of the e-mail (Boyan,
Codel, and Parekh 4). Another but more controversial way of gathering data is by the use
of client-side persistent information or cookie (Boyan, Codel, and Parekh 2). Cookies are
merely some encoded data that the website sends to the browser when the user leaves the
site. This data will be retrieved when the user returns at a later time. Although cookies
are stored on the user's hard-drive, they are actually pretty harmless and can save the
user time when visiting a web site (Heim 2). Personal security is an important issue that
needs to be dealt with but business security is also a major concern. An Ernst and Young
survey of 1271 companies found that more than half had experienced computer-related
break-ins during the past two years; 17 respondents had losses over $1 million (November
1995 Feature). In a survey conducted by Computer Security and the FBI, 53 percent of 428
respondents said they were victims of computer viruses; 42 percent also said that
unauthorized use of their systems had occurred within the last 12 months (Rothfeder,
November 1996 Feature 1). While electronic attacks are increasing more rapidly than any
other kind, a large number of data break-ins are from the inside. Ray Jarvis, President
of Jarvis International Intelligence, says In information crimes, it's not usually the
janitor who's the culprit. It's more likely to be an angry manager who's already looking
ahead to another job(Rothfeder, November 1996 Feature 3). While electronic espionage is
increasing, so is the ability to protect computer systems. The American Society for
Industrial Security estimates that high-tech crimes, including unreported incidents, may
be costing U.S. corporations as much as $63 billion a year (Rothfeder, November 1996
Featuer 1). There are many ways for businesses to protect themselves. They can use a
variety of techniques such as firewalls and encryption. Firewalls are one of the most
commonly used security devices. They are usually placed at the entrance to a network. The
firewalls keep unauthorized users out while admitting authorized users only to the areas
of the network to which they should have access. There are two major problems with
firewalls, the first, is that they need to be installed at every point the system comes
in contact with other networks such as the Internet (Rothfeder, November 1996 Feature 5).
The second problem is that firewalls use passwords to keep intruders out. Because of
this, the firewall is only as good as the identification scheme used to log onto a
network (Rothfeder, November 1996 Feature 2). Passwords, a major key to firewalls, are
also the most basic of security measures. The user should avoid easily guessable
passwords such as a child's name, birthdate, or initials. Instead, he should use cryptic
phrases and combine the use of small and capitalized letters such as THE crow flys AT
midnight. Another easy way to avoid problems is to change the password or phrase at least
once a month (Rothfeder, November 1996 Feature 5). Just in case an intruder does get
through the first layer of security, a good backup is to have all the data on the system
encrypted. Many browsers come with their own encryption schemes, but companies can buy
their own stand-alone packages as well. Most encryption packages are based on a
public-private key with their own private encryption key to unlock the code for a message
and decipher it. Encryption is the single best way to protect data from being read, if
stolen, and is rather cost effective (Rothfeder, November 1996 Feature5). Businesses need
protection but they cannot do it alone. The Federal government will have to do its part
if the Internet is going to give us all the returns possible. Businesses will not use the
Internet if they do not have support from the government. In the United States there is
no set of laws that protect a person's privacy when on the Internet. The closest rules
that come to setting a standard of privacy is an assortment of laws beginning with the
Constitution and continuing down to local laws. These laws unfortunately, are not geared
for the Internet. These laws are there only to protect a person's informational privacy
(Boyan, Codel, and Parekh 3). Now, because of the booming interest and activity on the
Internet in both the personal and the business level, the government has started
investigating the Internet and working on ways to protect the users. The Federal Bureau
of Investigation (FBI), the Central Intelligence Agency (CIA), and the National Security
Agency have all devoted small units to fighting computer security crimes. After Senate
hearings, the Justice Department proposed that a full-time task force be set up to study
the vulnerability of the nations informational infrastructure. This would create a
rapid-response team for investigating computer crimes. They also proposed to require all
companies to report high-tech break-ins to the FBI (Rothfeder, November 1996 Feature 4).
Security for the Internet is improving, it is just that the usage of the Internet is
growing much faster. Security is a key issue for every user of the Internet and should be
addressed before a person ever logs on to the net. At best, all users should have
passwords to protect themselves, any businesses need to put up firewalls at all points of
entry. These are low cost security measures which should not be over looked in a possible
multi-billion dollar industry. Works Cited Boyan, Justin and Eddie Codel and Sameer
Parekh. Center for Democracy and Technology Web Page
Bibliography
Http://www.13x.com/cgi-bin/cdt/snoop.pl accessed January 26, 1997: 1-4. Heim, Judy.
Here's How. PC World Online January 1997: 1-3. Methvin, David W. Safety on the Net.
Windows Magazine Online (1996): 1-9. Lemmons, Phil. Up Front. PC World Online February
1997: 1-2. November, 1995 Feature PC World Online November 1995 1-3. Pepper, Jon. Better
Safe Than Sorry. PC World Online October 1996: 1-2 Rothfeder, Jeffrey. February 1997
Special Report. PC World Online February 1997: 1-6 Rothfeder, Jeffrey. November 1996
Features. PC World Online November 1996: 1-6