Internet Security Measures an Assessment

Internet Security Measures- An Assessment

The world of the Internet is truly an amazing and wonderful place where any information on any topic is available, right at your fingertips, with the mere click of a button. The Internet is very much like a huge city where high rises filled with honest people and slums filled with the lower classes coexist side by side; where there are both good people as well as the bad and dishonest criminals living in one place. Criminals in the real world may be relatively easier to find than those in the cyber world who are virtually impossible to find. This may be due to the practical difficulties in finding the criminals and tracking them down through virtual space and taking action on them. The battle between Internet thieves and Internet administrators has been actually going on for many years; the Internet, in fact, has been in existence from the 1940's.

It was originally known as 'Darpanet' and was a defense device to aid the Government in the eventuality of a nuclear war. The defense personnel used this Darpanet to communicate messages between the various Government networks. The later form of this type of communication came to be known as the 'net' or the 'Internet.' Now there are more than 30 million users from all over the world, and there are more than 40 million sites on the Internet. From its humble beginning when the connection was given to universities in America, to the present day when connections are given to small businesses, to Internet Service Providers, and to individual users, the Internet has indeed come a long way. The Internet can now be accessed by any number of users, both private and public, and the service is offered by a large number of Internet providers.

Now that access to the Internet is not difficult, and the number of users is vast, and the amount of information being generated is enormous, there is a natural tendency for dishonest users to turn to crime. Experts are of the opinion that this may be to a large extent due to the design structure of the Internet. Each computer is as powerful as the next one and there is no central hub to control information and this has granted unlimited power to the totally undeserving. There are, thus, no rules on regulation, and break-ins have become more and more frequent and easy. The users have all the power to control or regulate discipline and this is why the Government finds itself incapable of passing any sort of control measures on the use of the Internet. The end result of this is that security is lapsed and Internet users find themselves exposed to 'hackers' or thieves.

Hacking is generally done on computers of the Universities. This tendency is to avoid getting caught using Government computers as the fine, if caught, would be rather heavy. However, inexperienced users may innocently cause a break in and cause a lot of problems. Strict security measures need to be adopted to secure Internet safety. Though these measures are taken almost everyday- once a security method is conceived, another breach happens, and the process continues. The point is that virtually every day sees a new sort of break in or security breach and this has to be remembered by the providers of Internet security. (Internet Battle)

An example of an actual hack attack would explain the need for Internet security measures and how this issue was dealt with when it happened on a huge scale on the largest independent web site, Yahoo in February 2000. More than a million people use Yahoo regularly to access services such as e-mails and search engines. Patrick Taylor, the head of the security system, was flabbergasted at the intensity of the attack. It started to spread to Amazon.com and buyer.com both of who rely on the Internet to conduct their businesses. Soon, news sites like CNN and ZDnet were hit and traffic to these sites came to a literal standstill. The FBI was contacted and a serious investigation was launched. Though the motive behind the attack was impossible to decipher, the result was that of disruption of normal commercial activities that were being conducted on the Internet by private users. The method of the attack was found to be that of using one computer to tap into and secretly install damaging software onto hundreds of other computers.

The destructive software would then bombard the other computers with a whole lot of unnecessary information and details that would finally corrupt the other computer and make it go into an overload mode whereby the system would have to inevitably shut down. The Internet would then be useless to its various users. The investigation into who committed this crime was undertaken and this was where the difficulty lay. The criminal could have operated from any corner of the world in this system with no borders or watchmen at the gate to keep intruders away. The system had been upgraded to the latest security measures but to no avail. The general consensus was that a whole lot of new knowledge systems and resources were needed to even understand the depths of the crime.

The enormous number of users of the Internet on an everyday basis made it even more difficult as this tended to produce more and more criminals who would find their source of excitement in committing crimes of this nature. As the investigation revealed, software to commit Internet crimes was easily downloadable on the Internet in some sort of a package that would just have to be turned on to start to create its damage after installation. There had been a filter installed on the computer to prevent such an attack but it proved to be less than useful as any minor mutation or changes would have rendered it completely inadequate for the purpose for which it was intended. With this came the knowledge that any computer that allowed web surfing, whether it was used at home or at the office was prone to such an attack, at any time, especially if the connection involved high speed.

The hacker could definitely access any machine that was connected to the Internet and start his mischief. He could actually type in any address at random, try to gain access to the person's machine, and if he succeeded, could leave potentially disastrous software on the machine that would be set, like a time bomb, to a certain time, after which it would begin its attack. At this point of time, any evidence that would point at him would have long since disappeared and he would have the last laugh. It was thus proven that any machine could most unwittingly get involved in a hack attack and the preventive measures for such massive attacks in the future would have to be further researched before a satisfactory method could be discovered. The conclusion drawn was that, in order to find and assess Internet security that involved hackers and breakers in, partnerships with the concerned industry would have to be formed whereby each could help the other in case of a breach in security.

The other method was to go back to traditional methods of Internet security measures like integrating themselves into particular chat rooms and investigating the chatters and being on the lookout for anybody who would brag that they had successfully hacked into a particular computer system. However, privacy being a major issue, such methods was best used with a certain amount of discretion and within the existing rules laid down by the legal system, some of them relatively new. The investigators were able to conclude that security measures for the internet needed to be assessed in more detail since this particular episode was the third of its kind, the first one being the Melissa virus, the second one being the Y2K bug, and the third one being the Denial of Service Virus.

A national plan had to be immediately installed by the Federal Government in order to protect information systems that were becoming more prone to such attacks in direct proportion to the increase in the number of users of such technology. The extent of vulnerability of certain businesses was also to be assessed and plans were to be made to suit such users in the best way possible. The public nature of Internet hacking success stories were to be remembered when planning security measures; the very fact that the criminal would be able to enjoy his success in hacking without leaving behind him any evidence that would get him caught needed to be remembered. (Hack Attack)

Whatever be the nature of the breach of Internet security, the fact remains that this is an issue for which no one person can be held responsible. As Internet users are growing, so are the criminals and each person who uses the Internet, be he an IT professional or a PC user, needs to give the matter a lot of thought and attention. A coordinated action has to be taken against the security threats, by the Internet security providers as well as the companies that use these services. Finally, each and every person who uses the Internet would also have to use security measures for their systems like anti-virus software and firewall technology. Keith Lowry, Director of Security at Pilot, feels that a hacker has the time and the opportunity and the need to do harm and these are the facts that have to be addressed for the user to be able to deal with him effectively. This can be achieved when information is shared freely between the various users. Even though providers insist that basic security is a must for all users, not all Internet users have any sort of security for their systems and thus find themselves acutely vulnerable to security attacks.

No one, including the top management of a company, likes to take on the onus of responsibility on themselves for such breaches of security and the criminals find it an easy job to succeed in their condemnable acts, and most of these crimes do go unpunished-about one in sixteen is ever detected or caught. For example, banks that are breached never complain of such a thing having happened, to prevent panic being created among its customers. This means that the criminal could get away scot- free with no trail to lead towards him. The companies may adapt measures such as decoys or even cages, but the best idea would be to report any breach of security to the concerned authorities immediately. The best home-based methods would be, therefore, for both companies, as well as individuals to assume responsibility for the upkeep of security standards and enter into a joint cooperative effort to share all information so that the criminal could be caught before the next serious breach of security were to happen. (Who's Responsible for Internet Security?)

Are there any laws or guidelines for Internet Security? The astonishing fact is, there are none! There is no such thing as 'Internet Law'. However, Internet security is something that has been a growing need, especially in the recent past. A lawyer in the real world would be able to talk about security of any product in the real world, but the real world laws do not apply to the cyber world of the Internet. (Internet Law) there are however, of late, some laws that have been passed for the purpose of Internet Security. One of these is the 'Children's Internet Protection Act'. This act was passed in May 2002 for the protection of children from reading unsuitable material from Internet libraries. This would force all such libraries to enable a filter that would allow an adult user to open it with a password or a code and prevent access to children who might inadvertently chance upon such material that neither would nor suit them.

Violation of this law would result in the levying of hefty fines by the lawmakers. Laws for the protection of minors that are similar to the previous one are the 'Children's Online Protection Act', the 'Child Pornography Prevention Act', and the 'Children's Online Privacy Act'. All these acts would prevent minors from viewing or participating in acts unsavory to them. (Constitutional Laws in Cyberspace) however, these laws would in no manner deter the cyber criminal from committing his despicable acts of crime. Generally, any technological advances would result in a spate of crimes being committed by people who would be experimenting in the new medium. The medium may be used to commit the traditional crimes of credit card theft, security frauds, and infiltration of trade secrets, as well as the brand new crimes of hacking, spreading viruses, and cracking. Some other more threatening crimes are cyber stalking and even child exploitation scams. (Cyber Crimes)

In what manner can such crimes be dealt with? Some lawmakers feel that these crimes should, in fact, be treated as if they were real world and real time crimes and then go about deciding the means to deal with them. The hitch here that is faced by lawmakers is that the Internet is a medium that would allow a person in Ohio to commit a crime on someone in Florida, remaining anonymous all the time. This is what makes it difficult to apprehend the criminal and take any action on him. The arm of law does not usually extend over hundreds of miles of real space and one state would not follow the same laws as another, miles away. Meaningful investigations would, therefore, be quite impossible, on account of the widely disparate laws governing each state. Enforcement of across the state surveillance laws is also impossibility, due to the simple reason of there being no laws to substantiate these surveillance orders. This is where the need for cooperation and sharing of all information across borders and even internationally by the concerned

Governments become vitally important. Reliable and surefire equipment would have to be constructed for this purpose. Likewise, law enforcement agencies would have to now divulge any information that another would want or need, even if it were a top secret that would never have been divulged in the real world. Crimes that were generally confined to the real world in real time are now being planned in real time and being executed in cyber time and cyber space both of which makes lawmakers see the very real necessity of jurisdiction that would cover the Internet as one whole. Federal and State and local law enforcement agencies could therefore have to share their information about cases that are being investigated at the same time so that there would be a link established between them, if it were present and duplication could be avoided. The Attorney General Reno, in January 2000, made up a list of needs for security measures to be taken. She included the fact that there should exist a network to deal with cyber crime on a 24-hour basis.

This would involve establishing a central power point where an officer or a responsible person would attend to calls on cyber crimes being committed, at any time of the day or night. She also insisted that there should be a common online site that would be used for the sole purpose of sharing information at all times. This type of information would go a long way toward solving cyber crimes. She advocated the use of existing mechanisms such as XSP and LEO. The Attorney General's next idea was to hold annual or bi annual meetings at a common place and share information on all ongoing as well as old cases that had needed the services of an Internet investigator. Her final advice was to engage in developing more mechanisms such as XSP to aid in the interstate and cross border investigations on cyber crimes and also aid investigators by cooperative sharing of information. She holds the state and local law enforcement organizations responsible for all investigations of Internet Crime and prosecution of any such criminals, but the problem lies in the lack of proper resources and funding for all these activities.

Such resources are a vital necessity in investigations of such a type of high technology crimes that have no borders or frontiers. Strong laws are needed, keeping in mind the devious nature of these cyber crimes, to fight these crimes and use the Internet in a safe manner, and this would be made possible only if the necessary resources were provided for it. Some acts that protect the Computer and its users and also the users of the Internet are the 'Computer Fraud and Abuse Act' that was passed in 1984 to protect access to any computer without necessary authorization. This act also protected private information that the Government or private agencies were entitled to protect and not share with any outsider. Another similar act was the Privacy Protection Act that was passed in 1980. This act offers protection against any law enforcement officials attempting to seize or take into their custody work related papers of a private nature that belonged solely to the user of the computer.

The 'Electronic Communications Privacy Act', passed in 1986, took into consideration the delicate balance needed between users of such telecommunications, service providers, and the genuine needs of government officials to investigate such material in their search for cyber criminals. However, this act was full of inconsistencies, especially in the environment of the growing number of Internet users. Access to e-mails, voice mails and user access logs were all necessary for investigators and this act protected companies and individuals from having to part with such information that they considered to be private. This act hampers investigations to a large extent but succeeds in protecting Internet users to a certain extent. The 'Telephone Harassment Law' makes it unlawful for any person to harass another using the telephone.

This law applies to the Internet too in the same manner as it does in real life. Certain malicious persons use the computer and the Internet to post a fraudulent message pretending to be the person that they actually intend to harass. The message may convey the victim's willingness to take part in, for example, in a sexual act. The intended victim may not even be aware that such a message has been posted and he may be baffled by the numerous responses that he may receive in reply. This type of harasser may escape scot-free and go virtually unpunished because of the anonymous nature of the Internet. The 'Cable Communications Policy Act' of 1984 grants a certain amount of protection to cable television providers. The providers of the Internet through a cable network have adapted this act in such a way that they have the right to refuse to part with any information requested by investigators in their pursuit of a crime or criminal.