INTERNET SECURITY
Internet security is a branch of computer security
specifically related to the Internet, often involving browser security but also
network security on a more general level as it applies to other applications or
operating systems on a whole. Its objective is to establish rules and measures
to use against attacks over the Internet. The Internet represents an insecure
channel for exchanging information leading to a high risk of intrusion or
fraud, such as phishing. Different methods have been used to protect the
transfer of data, including encryption and from-the-ground-up engneering.
Threats
Malicious software
A computer user can be tricked or forced into downloading
software onto a computer that is of malicious intent. Such software comes in
many forms, such as viruses, Trojan horses, spyware, and worms.
Malware, short for malicious software, is any software used
to disrupt computer operation, gather sensitive information, or gain access to
private computer systems. Malware is defined by its malicious intent, acting
against the requirements of the computer user, and does not include software
that causes unintentional harm due to some deficiency. The term badware is
sometimes used, and applied to both true (malicious) malware and
unintentionally harmful software.
A botnet is a network of zombie computers that have been
taken over by a robot or bot that performs large-scale malicious acts for the
creator of the botnet.
Computer Viruses are programs that can replicate their
structures or effects by infecting other files or structures on a computer. The
common use of a virus is to take over a computer to steal data.
Computer worms are programs that can replicate themselves
throughout a computer network, performing malicious tasks throughout.
Ransomware is a type of malware which restricts access to
the computer system that it infects, and demands a ransom paid to the
creator(s) of the malware in order for the restriction to be removed.
Scareware is scam software with malicious payloads, usually
of limited or no benefit, that are sold to consumers via certain unethical
marketing practices. The selling approach uses social engineering to cause
shock, anxiety, or the perception of a threat, generally directed at an
unsuspecting user.
Spyware refers to programs that surreptitiously monitor
activity on a computer system and report that information to others without the
user's consent.
A Trojan horse, commonly known as a Trojan, is a general
term for malicious software that pretends to be harmless, so that a user
willingly allows it to be downloaded onto the computer.
Denial-of-service attacks
A denial-of-service attack (DoS attack) or distributed
denial-of-service attack (DDoS attack) is an attempt to make a computer
resource unavailable to its intended users. Although the means to carry out,
motives for, and targets of a DoS attack may vary, it generally consists of the
concerted efforts to prevent an Internet site or service from functioning
efficiently or at all, temporarily or indefinitely. According to businesses who
participated in an international business security survey, 25% of respondents
experienced a DoS attack in 2007 and 16.8% experienced one in 2010.
Phishing
Phishing occurs when the attacker pretends to be a
trustworthy entity, either via email or web page. Victims are directed to fake
web pages, which are dressed to look legitimate, via spoof emails, instant
messenger/social media or other avenues. Often tactics such as email spoofing
are used to make emails appear to be from legitimate senders, or long complex
subdomains hide the real website host. Insurance group RSA said that phishing
accounted for worldwide losses of $1.5 Billion in 2012.
Application vulnerabilities
Applications used to access Internet resources may contain
security vulnerabilities such as memory safety bugs or flawed authentication
checks. The most severe of these bugs can give network attackers full control
over the computer. Most security applications and suites are incapable of
adequate defense against these kinds of attacks.
Remedies
Network layer security
TCP/IP protocols may be secured with cryptographic methods
and security protocols. These protocols include Secure Sockets Layer (SSL),
succeeded by Transport Layer Security (TLS) for web traffic, Pretty Good
Privacy (PGP) for email, and IPsec for the network layer security.
Internet Protocol Security (IPsec)
IPsec is designed to protect TCP/IP communication in a
secure manner. It is a set of security extensions developed by the Internet
Task Force (IETF). It provides security and authentication at the IP layer by
transforming data using encryption. Two main types of transformation that form
the basis of IPsec: the Authentication Header (AH) and ESP. These two protocols
provide data integrity, data origin authentication, and anti-replay service.
These protocols can be used alone or in combination to provide the desired set
of security services for the Internet Protocol (IP) layer.
The basic components of the IPsec security architecture are
described in terms of the following functionalities:
Security protocols for AH and ESP
Security association for policy management and traffic
processing
Manual and automatic key management for the
Internet key
exchange (IKE)
Algorithms for authentication and encryption
The set of security services provided at the IP layer
includes access control, data origin integrity, protection against replays, and
confidentiality. The algorithm allows these sets to work independently without
affecting other parts of the implementation. The IPsec implementation is
operated in a host or security gateway environment giving protection to IP
traffic.
Security token
Some online sites offer customers the ability to use a
six-digit code which randomly changes every 30–60 seconds on a security token.
The keys on the security token have built in mathematical computations and
manipulate numbers based on the current time built into the device. This means
that every thirty seconds there is only a certain array of numbers possible
which would be correct to validate access to the online account. The website
that the user is logging into would be made aware of that devices' serial
number and would know the computation and correct time built into the device to
verify that the number given is indeed one of the handful of six-digit numbers
that works in that given 30-60 second cycle. After 30–60 seconds the device
will present a new random six-digit number which can log into the website.
Electronic mail security
Email messages are composed, delivered, and stored in a
multiple step process, which starts with the message's composition. When the
user finishes composing the message and sends it, the message is transformed
into a standard format: an RFC 2822 formatted message. Afterwards, the message
can be transmitted. Using a network connection, the mail client, referred to as
a mail user agent (MUA), connects to a mail transfer agent (MTA) operating on
the mail server. The mail client then provides the sender’s identity to the
server. Next, using the mail server commands, the client sends the recipient
list to the mail server. The client then supplies the message. Once the mail
server receives and processes the message, several events occur: recipient
server identification, connection establishment, and message transmission.
Using Domain Name System (DNS) services, the sender’s mail server determines
the mail server(s) for the recipient(s). Then, the server opens up a
connection(s) to the recipient mail server(s) and sends the message employing a
process similar to that used by the originating client, delivering the message
to the recipient(s).
Pretty Good Privacy (PGP)
Pretty Good Privacy provides confidentiality by encrypting messages
to be transmitted or data files to be stored using an encryption algorithm such
as Triple DES or CAST-128. Email messages can be protected by using
cryptography in various ways, such as the following:
Signing an email message to ensure its integrity and confirm
the identity of its sender.
Encrypting the body of an email message to ensure its
confidentiality.
Encrypting the communications between mail servers to
protect the confidentiality of both message body and message header.
The first two methods, message signing and message body
encryption, are often used together; however, encrypting the transmissions
between mail servers is typically used only when two organizations want to
protect emails regularly sent between each other. For example, the organizations
could establish a virtual private network (VPN) to encrypt the communications
between their mail servers over the Internet. Unlike methods that can only
encrypt a message body, a VPN can encrypt entire messages, including email
header information such as senders, recipients, and subjects. In some cases,
organizations may need to protect header information. However, a VPN solution
alone cannot provide a message signing mechanism, nor can it provide protection
for email messages along the entire route from sender to recipient.
Multipurpose Internet Mail Extensions (MIME)
MIME transforms non-ASCII data at the sender's site to
Network Virtual Terminal (NVT) ASCII data and delivers it to client's Simple
Mail Transfer Protocol (SMTP) to be sent through the Internet. The server SMTP
at the receiver's side receives the NVT ASCII data and delivers it to MIME to
be transformed back to the original non-ASCII data.
Message Authentication Code
A Message authentication code (MAC) is a cryptography method
that uses a secret key to encrypt a message. This method outputs a MAC value
that can be decrypted by the receiver, using the same secret key used by the
sender. The Message Authentication Code protects both a message's data
integrity as well as its authenticity.
Firewalls
A computer firewall controls access between networks. It
generally consists of gateways and filters which vary from one firewall to
another. Firewalls also screen network traffic and are able to block traffic
that is dangerous. Firewalls act as the intermediate server between SMTP and
Hypertext Transfer Protocol (HTTP) connections.
Role of firewalls in web security
Firewalls impose restrictions on incoming and outgoing
Network packets to and from private networks. Incoming or outgoing traffic must
pass through the firewall; only authorized traffic is allowed to pass through
it. Firewalls create checkpoints between an internal private network and the
public Internet, also known as choke points (borrowed from the identical
military term of a combat limiting geographical feature). Firewalls can create
choke points based on IP source and TCP port number. They can also serve as the
platform for IPsec. Using tunnel mode capability, firewall can be used to
implement VPNs. Firewalls can also limit network exposure by hiding the
internal network system and information from the public Internet.
Types of firewall
Packet filter
A packet filter is a first generation firewall that
processes network traffic on a packet-by-packet basis. Its main job is to
filter traffic from a remote IP host, so a router is needed to connect the
internal network to the Internet. The router is known as a screening router,
which screens packets leaving and entering the network.
Stateful packet inspection
In a stateful firewall the circuit-level gateway is a proxy
server that operates at the network level of an Open Systems Interconnection
(OSI) model and statically defines what traffic will be allowed. Circuit
proxies will forward Network packets (formatted unit of data ) containing a
given port number, if the port is permitted by the algorithm. The main
advantage of a proxy server is its ability to provide Network Address
Translation (NAT), which can hide the user's IP address from the Internet,
effectively protecting all internal information from the Internet.
Application-level gateway
An application-level firewall is a third generation firewall
where a proxy server operates at the very top of the OSI model, the IP suite
application level. A network packet is forwarded only if a connection is
established using a known protocol. Application-level gateways are notable for
analyzing entire messages rather than individual packets of data when the data
are being sent or received.
Browser choice
Web browser statistics tend to affect the amount a Web
browser is exploited. For example, Internet Explorer 6, which used to own a
majority of the Web browser market share, is considered extremely insecure
because vulnerabilities were exploited due to its former popularity. Since
browser choice is more evenly distributed (Internet Explorer at 28.5%, Firefox
at 18.4%, Google Chrome at 40.8%, and so on) and vulnerabilities are exploited
in many different browsers.
Internet security products
Antivirus
Antivirus software and Internet security programs can
protect a programmable device from attack by detecting and eliminating viruses;
Antivirus software was mainly shareware in the early years of the Internet,[when?]
but there are now[when?] several free security applications on the Internet to
choose from for all platforms.
Password managers
A password manager is a software application that helps a
user store and organize passwords. Password managers usually store passwords
encrypted, requiring the user to create a master password; a single, ideally
very strong password which grants the user access to their entire password
database.
Security suites
So called security suites were first offered for sale in
2003 (McAfee) and contain a suite of firewalls, anti-virus, anti-spyware and
more. They may now offer theft protection, portable storage device safety
check, private Internet browsing, cloud anti-spam, a file shredder or make
security-related decisions (answering popup windows) and several were free of
charge[ as of at least 2012.
0 comments: