Internet security: threats, vulnerabilities, and mitigation strategies

Internet Security

With the increasing awareness and use of the internet, organizations and individuals are facing newer security issues each day. Everyday people purchase goods on the internet and any hacking as a "joke" could cause the customer's credit card information to fall in the wrong hands. Misuse of such had been on a rise recently all over the world. Governments have now started to enforce strict internet laws to minimize such occurrences. It is unfortunate that internet being such a powerful tool which is used by millions to benefit them is being misused by some. "The Computer Security Institute released a study earlier this year in which 85% of respondents said they experienced a computer breach, with 64% serious enough to cause financial losses"( Tim Lemke, p.7). Many companies have started to produce high tech anti-virus and adware or spyware detectors. Such companies have made available their products online and for the benefit of the customers, they have provided them with a free trial or free demo version to get a feel of the product before they spent their valuable money to purchase it. However, not realizing that the availability of such trials and demos are for the benefit of the masses, hacker have started to crack these products and are providing it for free all over the internet at various websites. Because of this many such companies have faced losses and excellent products have been taken off the market. Internet has created many security issues as well particularly as far as hackers are concerned and an organization should be up-to-date with the security threats to prevent any mishaps.

Organization also face a threat from within the organization itself i.e. employees who know and are familiar with the computer system. "The U.S. Department of Justice's Computer Crime Unit contends that 'insiders constitute the greatest threat to computer systems'" (Scott Charney). The organizations need to take disciplinary measures and ensure that risks from within the organization are eliminated. However such disciplinary measures cannot be taken against outside hackers and thus the use of security tools like firewalls should be made. Firewalls are very important for any organization that has an internet access. "A firewall prevents unauthorized access to data on servers that reside behind the firewall. Whether your organization has an existing network or is setting up a new one, firewall planning is extremely important" (Microsoft). A firewall enables the organization to monitor the data going out and coming to its servers. Unwanted traffic can be blocked thus any unauthorized attempts of an invasion from outside can be prevented and thus provides security to the organization's data. Email is a tool that cannot be blocked out by an organization and its use has far too many advantages rather than disadvantages. Many organizations that do not require a fully activated internet but do require services like email, should install firewalls that are particularly created for this function. These firewalls block out any other internet traffic apart from emails. Thus it limits it vulnerability. However those that do require all the components of the internet to be functional should also use firewalls to monitor and prevent attacks.

Email can also have harmful effect on an organization. One such factor is spam through email. "Ed Amoroso, CISO of AT& T, says that among the 2.8 million e-mails sent to his company every day, 2.1 million, or 75%, are junk" (Scott Berinato).Spam mailing costs organizations thousands of dollars and a lot of time of the employees get wasted in trying to delete the spam mail which would otherwise be used productively. "According to Worldtalk's Cost of SPAM Analysis, employee time lost to sifting through junk e-mail can cost a 5,000-person corporation upwards of $12,000 USD a day, not taking into account the possible bandwidth issues and the cost of network administration" (Dawn Harris). Moreover virus and spywares are also sent via email to users. A firewall cannot detect or protect a computer from internet viruses and it is highly important for an organization to have a top of the line anti-virus installed which is updated on a regular basis. Any infection by a virus or other malicious tools can cause the organization to lose priceless data. Such a loss would be devastating. Other tools like Telnet and FTP are also important and its use cannot be eliminated. Username and passwords are sent in clear text by telnet and FTP and any outside intervention can cause the loss of privacy. However improved versions with secure authentication methods are being developed that do not undergo clear text transmission and thus organizations should update their systems to use those.

Tools that scan for and detect security holes within the network should be adhered to by organizations. These tools would scan for any vulnerability that could be exploited by hackers. This would be a preemptive step in the security measures that an organization would take and high risk vulnerabilities can be addressed as a priority before any incident of unauthorized access can occur thus keeping safe critical data. Moreover benchmarks should be used to keep the security up-to-date. "Benchmarks are complex documents and most system administrators and security practitioners have neither the time nor the breadth of expertise to test every aspect man-ually. Automated testing makes that job easy and reliable" (Alan Paller). The U.S. government has also been stepping up its fight for a better internet security for organizations. "The Energy Department, along with four other federal agencies and the Center for Internet Security (CIS), today announced the release of a security configuration benchmark for Oracle Database Versions 8i and 9i running on Windows and Unix" (Grant Gross). Extensible Authentication Protocol Over Ethernet is a very important tool for security. It is used for wireless and wired protocols.

Internet has opened doors to hackers and other mischievous people to cause disruptions and loss to individuals as well as organizations. Many competitor organizations also make use of these unfair means to tap into vital data to gain an insight on the plans of their competitors. Such unethical means although wrong are on the rise and they will never end. Newer ways will be developed by people for such unfair means and indeed newer ways will be developed by others to ensure top notch security. The advantages of internet cannot be overlooked and it has served to be a vital ingredient in ecommerce. People access it from their PCs and cell phones while organizations need it for their own benefits. Thus it is important for organizations to use security tools in order to prevent any misfortune. Organizations normally have employee data, customer data and other critical data which could be easily misused if gone in the wrong hands. Hence it is important for them to protect it with all means possible. Firewalls, anti-viruses, spam protection are all tools that would save a company from monetary losses. Benchmarks should also be used by companies to detect and be informed of any security loopholes that its network might have. Some services that are potentially dangerous like email, remote login etc. are also important to use and their use cannot be omitted. Therefore organizations should use protective measures against these to minimize or eliminate others from gaining access to their systems.