Issues & Challenges of Internet Security


By

Ranjana Srivastava
M.Phil (Computer Science), MCA, M.Sc IT
Lecturer
K.R. Mangalam Institute of Management
Kailash Colony, New Delhi
 


Working Title :-   " Issues & Challenges of Internet Security"

In the current commercial environment, businesses have no other choice but to connect all or part of their network to the rest of the world to allow them to stay in contact with their customers, suppliers, partners and employees.

In parallel with this growth in Internet connectivity in businesses, new threats emerge regularly, particularly in the guise of hackers, industrial espionage, computer crime etc.

These different threats facing the IT network are generally conveyed by thefts of business assets or intellectual property; they induce the shutdown or failure of the information systems in place, damage business images and reputations and alarm consumers.

Unless business can rely on solutions allowing them to eliminate most of these risks proactively, it is highly unlikely that they will be able to make use of the tremendous potential that the Internet offers in the development of their business.

New forms of computer threats are emerging at a faster pace than ever before. There can be little doubt that security continues to be a major commercial, as well as a technical concern. All the major security companies log thousands of new threats, including virus and worms every year.

As the number of security threats continues spiral and the thirst for information from the business and supply chain partners continues to increase companies are findings themselves caught between a rock and a hard place.

The conventional data security approach is not sufficient. In spite of several decades of research in the area of data security and more than one hundred products and items of equipments available on the market, hazards associated with Internet use are continuing to grow exponentially.

The increased complexity of the Internet and its applications, the determination of businesses to users provide to more services and content, the need to interact a growing number of items of equipment help undermine the security of IT environments.

  • Security, based on product installation remains insufficient for various reasons,
  • Ongoing detection of new vulnerabilities within systems and applications,
  • Continuous development and improvement of tools used to attack systems,
  • Need for regular patch installations on security equipment essentially due to its imperfection.

As a result, the corporate network becomes vulnerable at an increasing rate.

Security Considerations

The Hyper Text Transfer Protocol –HTTP draft proposed by the Internet Engineering Task Force or IETF HTTP working group, makes some initial suggestions as to the possible security threats involved in HTTP. Their security considerations include:

Client/session authentication

The basic authentication scheme used by HTTP does not provide a secure method of user authentication.

Abuse of Server Log Information

Servers are in the position to collect data about the information requested by clients. This information is considered confidential in nature and may be prohibited by law.

Transport Security

HTTP does not provide end to end protection across the net. The body of HTTP message is transmitted as clear text across the physical network which is used as the carrier.

Data Security Issues and Challenges

It is a science and study of methods for protecting data in Computer & Communication systems against accidental or intentional. The integrity and privacy of data are at risk from unauthorized users, external sources listening in on the network, and internal users giving away the store.

Data Tempering

Privacy of communication is essential to ensure that data cannot be modified or viewed in transit. Distributed environments bring with them the possibility that a malicious third party can perpetrate a computer crime by tempering with data as it moves between sites.

In a data modification attack, an unauthorized party on the network intercepts data in transit and changes parts of that data before retransmitting it.

Eavesdropping and Data Theft

Data must be stored and transmitted securely, so that information such as credit card numbers cannot be stolen.

Over the Internet in Wide Area Network (WAN) environments, both public carriers and private network owners often route portions of their network through insecure land lines, extremely vulnerable microwave and satellite links or a number of servers. This situation leaves valuable data open to view by any interested party. In Local Area Network (LAN) environments within a building or campus, insiders with access to the physical writing can potentially view data not intended for them. Network sniffers can easily be installed to eavesdrop on network traffic. Packet sniffers can be designed to find and steal user names and passwords.

Falsifying user identities

In distributed environment, it becomes more feasible for a user to falsify and identity to gain access to sensitive and important information.

Identity theft is becoming one of the greatest threats to individuals in the Internet environment. Criminals attempt to steal user's credit card numbers and then make purchases against the accounts.

Password Related Threats

In large system, user must remember multiple passwords for the different applications and services that they use.  For example, a developer can have access to a development application on a workstation, a PC for sending email, and several computers or Internet sites for testing, reporting bugs and managing configurations.

Users typically respond to the problem of managing multiple passwords in several ways:

  • They may select easy-to-guess password   such as name, fictional character or a word found in dictionary. All of these passwords are vulnerable to dictionary attacks.
  • They may also choose standardize passwords so that they are the same on all machines or web sites.
  • Users with complex passwords may write them down where an attacker can easily find them, or they may just forget those requiring costly administration and support efforts.

Unauthorized Access to Tables and Columns

The database may contain confidential tables, or confidential columns in a table, which should not be available indiscriminately to all users authorized to access the database. It should be possible to protect data on a column level.

Lack of Accountability

If the system administrator is unable to track user's activities then users cannot be held responsible for their actions. There must be some reliable way to monitor who is performing what operations on the data.

Multi Tier Systems

This problem becomes particularly complex in multi tier systems. The user connects to the application and the application logs on provides complete access for everyone with no auditing and unlimited privileges.

Tools for Internet Security

Considerations of a wide ranging security strategy might include:  the  identification services that control user access to network, both in terms of letting them on and what they are allowed to do certain applications might be blocked for certain employees; increasingly, intrusion prevention technology to guard against network attack and misuse; business that are reliant on Internet connectivity need secure connectivity; access to critical services, applications and data should be controlled via perimeter security. Tools that allow updates and patches to be pushes out remotely are increasingly vital. So, what tools are available to allow these considerations to be acted upon?

Anti-Virus Software

Used across all network workstations to counter the wave of viruses, worms and Trojan horses. It is crucial to update these with virus signature files on a regular basis. A growing number of companies and Internet service providers use gateway antivirus software as well.

Firewalls

Server firewalls are an accepted necessity, but it is becoming increasingly popular to install desktop firewalls, especially on those PCs or laptops that are used to remotely access and can therefore alert users when an unauthorized program tries to send data across the Internet.

Intrusion detection and prevention

Firewalls cannot protect against ports scans and denial-of-service attacks. Intrusion detection and prevention tools can identify potential threats and therefore all companies to take action to block a hacker or a particular IP address that's being used maliciously. Packet analysis tool allow even more sophisticated detection. Host-based intrusion prevention can protect servers from attack also.

Network Infrastructure

Switches and routers use various hardware and software features that support secure connectivity, perimeter security, intrusion prevention, identification services plus security management.

Access Control

Authentication, authorization and accounting services help ensure that only authorized users are allowed access to the network.

Secure wireless local-area network

Wireless LANs need to be installed with robust authentication and encryption capabilities to create a balance between the freedom and mobility that they provide with the risks of illegitimate network access from rogue access points and unauthorized client devices.

Encryption

Protecting data is the heart of security. Unsecured data e-mail and/or documents or wireless local-area networks lacking encryption, represent an easy way for data thieves to steal information.

Conclusion

As the Internet has become an integral part of companies' business operations, security on the Internet has also become an important issue for companies. It can seem at times that the balance of power is increasingly weighted towards those that have malicious intent. The volume of attacks has increased exponentially over the years – McAfee's Anti-Virus and Vulnerability Emergency Response Team (AVERT) the group of researchers that receive and deal with viruses and vulnerabilities as they become known  on average around 300 NEW attacks every month. Virus writing kits and the anonymity of the Internet as well as a few other factors have resulted in both more sophisticated attacks and attacks that are much easier to launch. It is always dependent on severity of course but if one of these slips through the net into your business the potential downsides can include compromised application availability, data confidentiality and data integrity. Most importantly all of these can result in lost profits.

References

* Firewalls and Internet security
   By William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin

* Network Infrastructure Security
   By Angus Wong and Alan Yeung, Springer, 2009

* Security Issues for the Internet and the World Wide Web
   By Debra Cameron, Computer Technology Research Corporation; 1st edition (May 1996)

* Distributed Systems Security: Issues, Processes and Solutions
   By Abhijit Belapurkar, Anirban Chakrabarti, Harigopal Ponnapalli, and Niranjan Varadarajan
   (Hardcover - Apr. 6, 2009)

* Internet Security Tips and Information
   By Jordan Liston (Kindle Edition - Oct. 1, 2009)
 


Ranjana Srivastava
M.Phil (Computer Science), MCA, M.Sc IT
Lecturer
K.R. Mangalam Institute of Management
Kailash Colony, New Delhi
 

Source: E-mail June 16, 2010

          

Articles No. 1-99 / Articles No. 100-199 / Articles No. 200-299 / Articles No. 300-399 / Articles No. 400-499
Articles No. 500-599 / Articles No. 600-699 / Articles No. 700-799 / Articles No. 800-899 / Articles No. 900-1000
Articles No. 1001-1100 / Articles No. 1101 Onward / Faculty Column Main Page