Internet Security, Risks Internet Security Presents Field

Internet Security, risks internet security presents field information technology implementing solutions address challenges. The paper 15 pages length ( including title reference page). 1. Title Page: Include, paper title, title, instructor's, date.

Internet security

In today's advanced technological world, online users are faced with a myriad of problems and risks. Any online user is vulnerable to Trojans, viruses, worms, spyware, and malware. The user is exposed to sniffers, spoofing software, and phishing. There are many tools that are employed online that breach a user's privacy without their knowledge Dinev & Hart, 2005.

Web tracking software is used by malicious companies to access a person's online behavior and information, which the company will sell to other marketing companies. Corporations and government institutions are constantly been hacked for their information. Banks have lost millions as the hackers access customer accounts and withdraw funds illegally Dinev & Hart, 2005.

The reasons for these attacks could be system weaknesses, or user carelessness. A user who is not careful when browsing online could divulge information that can be used by a hacker to access sensitive information online.

Introduction

The way people live today has been revolutionized by the internet. Majority of activities like financial services, socializing, information access, entertainment, and product purchase all take place online. People are now relying on the internet for these activities and more due to its pervasive information collection and wide coverage. With continuous and frequent use people have come to trust the internet as a gateway to home, personal, and office convenience Dinev & Hart, 2005.

The internet is vulnerable to many risks due to its simple nature based on host servers and a host of backbones. The hosts will vary from personal computers to supercomputers that make use of different software and hardware. The main linkage in all these hosts is the Transport Control Protocol/Internet Protocol (TCP/IP). This is the protocol used for all communications on the internet Hansen, 2001.

It is based on the functionality that if a host has the TCP/IP it can access other computers that are using the same operating system and backbone. TCP/IP is an open technology, which exposes the internet to numerous pitfall and security risks.

Internet Protocol (IP) does not perform any authentication of data packets, which makes it vulnerable to attacks by malicious users. Without an authentication mechanism, IP's cannot determine the authenticity of the data packets submitted Dinev & Hart, 2005.

This makes it difficult to determine the originality of a data packet. Therefore, a data packet can claim it is from a specific address, but there is no way this can be determined to be correct. It is easy for a user to enter into a host and make changes to the content in the system. There been no check for criminal activities, crime on the internet and security breaches have continued to increase as the internet evolves. The internet has continued to grow spreading to all levels of human activities and business activity. When a price is attached to an internet breach, security issues become significantly noticeable Kannan, Rees, & Sridhar, 2007.

There are companies that have filed for bankruptcy, personal information released to public domains, business have lost money through espionage, and national databases hacked. These are some of the issues that have arisen due to internet security breaches Cavusoglu, Mishra, & Raghunathan, 2004.

Internet security continues to evolve as the internet continues to become more complex. Malicious people have become intelligent, can anticipate, and undermine the internet security measure been undertaken. This is why a majority of companies are today considering internet security to be part of their risk management strategy in order to avoid business and financial loss Straub & Welke, 1998.

Individuals using the internet have been forced to spend a lot of money on software that will prevent any theft of their information online. Even with all these measure in place quite often we hear of an internet security breach that results in losses worth millions of dollars Dinev & Hart, 2005()

The purpose of this paper is identifying the various types of internet security issues that are faced by businesses, consumers, individuals, and governments. The paper will attempt to provide solutions to the issues identified, and devise measures that can be used to ensure a safe internet environment. Readers will find information that they can use to understand the various approaches attackers employ to breach internet security. The nature of this paper is technical, which might be difficult for lay users to understand. Persons in the technology field will grasp all the concepts presented and find the information relevant. The paper has focused on the major problems, but there are other prevailing problems that pertain to internet security that have not been discussed.

Different internet security breaches

Anyone who uses the internet is prone to privacy and security risks Miyazaki & Fernandez, 2000.

The risks a person is prone to increase as new technologies are developed and introduced. This is because new technologies mostly have bugs that malicious people can exploit. This makes it difficult for the antivirus software a person uses to keep up with the technologies. It has been established that not all hacker events are reported. This may be due to the negative effect such reporting could have on the individual or company Cavusoglu et al., 2004()

Denial of Service (DoS)

Companies have firewalls that are outdated and their network perimeters focus only on certain security breaches, which does not cover all the internet security aspects. Malicious individuals are always looking out for weaknesses in the corporate security systems Hansen, 2001.

Denial of Service is type of attack that generates malicious traffic, thus denying genuine user requests to the network any service. This attack starts by sending a worm, bug, spyware, or virus to the host computer using spoofed addresses. The host computer will respond to these requests assuming that the requests are genuine, which will in turn result in too many requests been served by the host computer Grazioli & Jarvenpaa, 2003.

Once the program has received a response it will continue to submit requests to others on the network. The network will be slowed down due to the amount of requests that the program will be submitting. In other instances, the network can fail to respond completely, which would deny genuine users access to the network services. The Welchia and Blaster worm are some type of DoS attacks that have resulted in the shut down networks. The worms were able to infect hundreds of private networks as they were able to reproduce themselves. Companies have suffered great losses due to these actions Hansen, 2001()

IP spoofing

IP spoofing is the most basic and common security breach. This breach involves a host claiming to have an IP address that belongs to another host. As different systems are all connected to the internet, there is only one way of identifying each computer system, which is the IP address. Using the IP address, the receiving computers are able to identify and respond to the requests or data packets Juul & Jorgensen, 2003.

The attackers could device a method of spoofing IP addresses and send data packets to the host computer. The data packets would require the host to perform certain actions that might be harmful or malicious. There are applications that will permit IP addresses to login and access the host or server. This would pose a great risk as the attacker could gain access to all the information and traffic that the host computer services Needham, 2003()

Spyware and web trackers

According to Kannan et al. (2007)

, spyware has reached the epidemic level, and it will get worse as time passes. It is estimated that 95% of computers worldwide have been infected with spyware. The tools used for the removal of spyware are not as effective, and they only last a few months. With the release of a new spyware, there is a removal tool developed for removing only this spyware. Web trackers are used to track the browsing habits of users. Web trackers are used for marketing purposes in order to understand the behavior of website users. They can also be used to invade the privacy of individuals as they monitor all the users' activities online Dinev & Hart, 2005.

Web trackers have been devised by online companies for data collection without the user's knowledge. Some of the companies will sell this data to marketing companies who will target the users with their advertisements. These trackers may be harmless, but they have the potential to be abused by malicious individuals. An individual can purport to have a genuine web tracker, which they will use to obtain person information about a person. The information could be used for identity theft or even credit card theft.

There are many pop-up windows that bombard a user when they go online. Some of these pop-up windows contain spyware programs that will self install when a user clicks on a link Lee & Turban, 2001.

Spyware also comes in the form of emails. A spyware would be coded in the email message, when a user opens the email the program would initiate a malicious script that would install the spyware to the user's computer Koskosas, 2008.

It is recommended that users make use of spyware removal tools, or the user can manually attempt to remove the spyware program from their system.

Sniffing

Packet sniffing involves capturing of packets that contain a user's plain text password. Sniffing has been identified to be a trend that is on the rise in recent times Anderson & Moore, 2009.

A user has little that they can do to prevent hackers from capturing packets that contain clear text passwords. Sniffing has been made easier as there are tools that hackers can use for scanning internet sessions. The tools search for open sessions or ports in order to enter a users system. Systems that make use of clear text passwords victimize the users easily. The main reason that sniffers have continuously had access to passwords is because of the weak protocols used for authentication by operating systems like Windows. Making use of onetime password technologies will assist users in securing their passwords Zviran & Haga, 1999.

The technologies will store the user's passwords safely, which will prevent sniffing from happening. They can also device tokens and pins that will prevent decryption.

Phishing

Phishing is related to information and identity theft. This is an attack where the attacker will create web pages identical to the genuine website. The user will not be able to differentiate the two websites and any information they enter on the duplicate website would be intercepted and used by the attacker Needham, 2003.

The attackers who use phishing will send a link to the fake website via email to a user. When the user clicks the link they are taken to the fake website and the website will request they enter personal information and credit card number Lee & Turban, 2001.

The email sent by the attacker will be identical to the original email including the graphics and messages. To determine the authenticity of an email the user should type the address of the company instead of clicking links in the email. Checking and confirming the address of the website will prevent phishing.

Information and Identity theft

Users across the globe are falling victim to identity theft. The latest trend involves the theft of information online via the internet. Using the internet, the attackers are able to scan personal information like credit card and social security numbers. The attackers will use the information for their own gain, or they can sell it to other people. AOL users received email messages requesting them to update their credit card information. The email claimed to be from the billing department of AOL. Many users were unaware of the scam email, and they proceeded to provide their credit card information. The users ended up losing money to the scammers. In order to counteract identity theft, companies have changed their privacy policies to secure their sites, and to inform their customer their legal responsibilities and rights in protecting credit card information Koskosas, 2008()

As more and more companies are adopting online services in enhancing their businesses, the attackers are having easier time stealing information. It has been noted that as more trade investments, products, and banks are embracing online services that require user authentication for personal information, the risks associated with identity theft increase Lim, Leung, Choon Ling, & Lee, 2004.

Authentication for personal information exposes the users to online fraud and disrupts the websites stability. The attackers are motivated by ego, monetary gain, political causes, entertainment, and greed. These are the factors that motivate the attackers to attack corporate and individual users by stealing their information Zviran & Haga, 1999()

Virus, Trojans, and worms

Trojan horses are the most malicious computer programs that can infect any computer. There are many tools that a user can use to remove a Trojan horse, but finding the correct program can be time consuming. By the time, a user has found the correct program it might be too late as the program could have infected files in the whole computer. Trojans target online users mostly as the internet makes it easy to spread the Trojan. Malware programs can also have devastating effects Nath, Schrick, & Parzinger, 2001.

Some of the malware programs are designed to shut down the computer. This would make it difficult to remove the malware as no antivirus software would be able to work when the computer is shut down. Malwares are designed to infect specific operating systems with Windows been the most vulnerable. Malware programs are spread through the internet Needham, 2003.

Users are sent emails that contain the infected files. Once the email is opened the program would be initiated. Users on the same network are also likely to be infected by the same malware.

Preventing internet security breaches

Data encryption

The internet runs through host servers that run proxy servers. The proxy servers service other application services which allow other protocols like SMTP. FTP, Telnet, and HTTP for the transfer of information. The host servers use these services, but they are not directly connected to the servers. A client will connect from the proxy server, which will initiate connection to the external servers. Proxy servers require authentication, and this makes it hard for attackers to attack users. This authentication system prevents unauthorized access of the networks. Encryption software will assist in encrypting the information before it is sent over the internet Needham, 2003.

The information would not be decrypted when intercepted by an attacker and this increases the security of information. Users are encouraged to use harder to predict passwords. This way an attacker will not be able to predict the passwords used by users. Combining upper and lower case letters and numbers is recommended for passwords.

Encryption allows for plain messages to be scrambled in order to prevent the information from been understood. Scrambling information ensures that any information that is transmitted is not understood by the hacker. Encryption rearranges the letters and numbers using a public key Miyazaki & Fernandez, 2000.

The length of the key is determined in bits and the longer the key the more effective the encryption. Only a user who has a private encryption key can decipher the information. Using encryption data can be protected and its security guaranteed. This is because any person who intercepts the information will not understand the information.

The only time a user can be able to intercept the information and decrypt it is if they have the correct private and public key. Decryption software is sold by third parties, and this makes it easy for hackers to purchase. Anyone who purchases the encryption key will have the capability to intercept and decrypt the information. Businesses, hospitals, communication companies, and utilities make use of encryption systems in order to protect the sensitive information they submit over the internet. Customer information is secured using encryption and this ensures that any unauthorized access is futile. The hacker will need to have the correct decryption keys in order to decipher the information. Encrypting information will also guarantee the patients privacy.

Antivirus software

Antivirus software will protect a computer system from malicious viruses and bugs. The antivirus program should be updated often. This will ensure that the databases are up-to-date. Updating the databases also ensure that the computer system will be protected against any new viruses. The most affected systems are the once that are running on Windows. The Windows operating system is vulnerable to attacks as the perpetrators have identified loopholes in the operating system. Outlook has been identified to be vulnerable especially as it handles emails. Attackers will send an email that outlook will open and initiate the virus. Deleting the email would not assist in preventing the virus from been installed Miyazaki & Fernandez, 2000.

It is vital that users have a powerful antivirus system that will scan all email and their attachments. Using other applications for accessing emails will also assist in reducing email virus attack.

Digital signatures

The internet does not provide for the secure transmission of digital communication. Hackers have been able to sniff open online session and steal passwords. The hackers have used these open sessions to access corporate email accounts. To prevent this issue, digital signatures can be created through the Public Key Infrastructure (PKI) Joshi, Finin, Kagal, Parker, & Anand, 2008.

PKI relies on encryption that comprises of keys that would protect digital information. Using digital signatures the confidentiality and integrity of the information can be ensured as only the intended receiver will access the information. The digital signature will enable the information to be identified and accepted as genuine by the receiver. The information transmitted has no guarantee that it cannot be intercepted, but the signature makes it harder for the hacker to access the information Joshi et al., 2008.

Digital signatures are appended on the information been sent, which makes it easy to identify where the information originated from and where it is headed. Using digital signatures computer systems can be able to identify information and have proof that the information is genuine.

Firewalls

Firewalls are the common methods for protecting information on the internet. Firewalls provide protection to the organizations hardware. Firewalls might not implement the network level security protocol, but they have capabilities that would prevent access to a computer system. Firewalls are not complex to install, which makes them readily available and easy to configure. The firewall will operate on multiple security levels. First it will erect a wall that stands between the internet and the private network. It will monitor all the traffic and access its characteristics to determine if it meets the allowed criterion. Once the traffic has been approved it will passed to the gateway to the user's machine. Any information that does not meet the criteria set on the firewall will be denied access Anderson & Moore, 2009.

This way the firewall is able to block any unwanted traffic and programs from accessing the computers on the network. It is essential to have firewalls that are created to protect a network. This way all the machines that are behind the firewall will be protected against any unauthorized access Zviran & Haga, 1999.

There should be routers, host computers, and network segments that are configured in order to build an effective firewall. Using different components limits the scope of the administrator when defining the firewall for a network.

Security tools

There are other tools that users can use to prevent, control, and block their activity online. These products are ready made and have been vouched for by the experts. The products are simple, save time, and effective as the user does not have to hassle in configuring the tools. The security tools will assist a user to protect their online activity and information. The technical prowess of the user will not be questioned as any user could apply the tools. Configuring the tools is easy and that is why they are effective. The tools have the capabilities to block unwanted or undesirable websites. Once the site has been blocked the user is informed and a log created in regards to the incident. These tools come with annual subscriptions that allow for internet privacy at the higher level. The privacy the tools provide does not compromise the confidentiality, and integrity of its users Miyazaki & Fernandez, 2000()

Anonymous surfing

Users can surf anonymously, and this would assist in avoid attackers from gaining their information. There are browsers that are more prone to attacks, and users should be aware of the browsers. Using browsers that have incorporated security in the protocols will shield users from attackers Juul & Jorgensen, 2003.

Surfing anonymously will also ensure that the browser does not capture any personal identifiable information. This ensures that web trackers cannot be used to identify the user's behavior patterns when browsing. Software that logs all the keystrokes a user makes can be blocked if they surf anonymously. The key logger will not determine the websites visited, and the information would not be useful to the attacker. Anonymous surfing will prevent any information from been stored regarding the browsing session of the user. Deleting and clearing the browsing information will ensure that no information regarding the user could be retrieved from the browsers cache. It is vital to clear the history as an attacker will not find any information in case they gain access to the computer or browser. Clearing the cookies will prevent any information a user enters from been retrieved afterwards Miyazaki & Fernandez, 2000.