The concept of Internet security involves a variety of aspects relating to the protection of devices and information on the Internet. It is a part of the Information Technology field, which encompass many different technological areas.
- 1 Technical meaning
- 2 Dangers
- 3 Solutions
- 3.1 Network layer security
- 3.2 Firewalls
- 3.3 Encryption
- 3.4 Security tokens
- 3.5 Software diversity
- 3.6 Anti-malware software
- 3.7 Spam and phish filtering
- 3.8 Proxy DoS protection
- 3.9 Proxies
- 3.10 Password managers
- 4 Politics
- 5 References
- 6 External links
To an Information Technology expert, Internet security involves the prevention of access and modification of information on the Internet at all seven layers of the Internet. For the layman, it is simply protection for personal devices, servers (including root servers, and all Internet hubs and distribution points), networked machines and equipment, and the connections in between. Efforts in Internet security can range from the development of a better firewall, to the development of a safer way to transfer packets.
A wide variety of dangers and risk exist, which Internet security efforts must try to avoid or resolve. The following are some (but not all) of these dangers.
One serious risk to Internet security is that of vulnerabilities in the systems already in use. Once found, these vulnerabilities must be fixed (typically using software patches), but with so many different parts of so many different systems in play today, there is almost guaranteed to be a problem somewhere that can be exploited if anyone finds it. These "zero-day" vulnerabilities are an ongoing problem, since by definition they are yet unknown. However, another problem is that once such an issue is discovered, not everyone installs the patch or update required to resolve the issue. Once the patch is released, malicious users can examine the fix and immediately go to work trying to find unpatched systems which can be attacked using this new method.
The denial-of-service attack is unlike most others in that it does not require any infiltration of the target. Anyone with enough computers (or a botnet) can perpetrate this attack. While systems have evolved to resist "the ping of death," they can still be overloaded or disconnected by their Internet Service Provider (ISP). In this attack, a target is usually flooded with "head" requests, which come at a rate greater than the server can respond. Eventually, the server will either overload and crash, or as usually intended by the attacker, the ISP will deny service to the target because the flood of traffic is slowing down their network. Servers and computer systems can be designed to resist these attacks, but the flood of requests alone can result in a service denial.
Malicious software (Malware)
Viruses, Worms, Trojans, and Spyware are only some of the varieties of malicious software that threaten security today. Some will simply try to destroy systems or equipment, other will open vulnerabilities for unauthorized remote access (hacking), while yet more will collect protected information. Some are more devious, and have functions that fall into multiple categories, such as Stuxnet and Flame.
Although this risk is rare, hardware can actually be installed which also poses a risk to Internet security. This hardware can be designed to perform any number of tasks, depending on the purpose. Such hardware is often attached in-line with a normal cable, such as the keyboard or network cable. However, chips of this nature can also be embedded in a device, whether build right into the motherboard, or soldered on after manufacture.
Phishing is a kind of attack in which the user is made to provide private information voluntarily. The kind of collected information varies, from personal information (which can be used for identity theft) to security details such as passwords (which can be used for gaining unauthorized access). Some deception is always involved in phishing, whether it be telling the user they have won something, telling them that a certain task must be completed, or threatening them with legal or other repercussions if they do not comply.
Communication interception or disruption
Sometimes, Internet security threats do not come from the workstation, user, or server. Instead, communications are sometimes intercepted. When this takes place, the data can just be collected for analysis (login information may be retrievable, or perhaps other private data), changed so that some unwanted action takes place, or completely intercepted and blocked, so the communication takes place only one-way. The latter is not an exceptionally useful method, but skimming or changing communicated information can be priceless. Additionally, a destination server can be spoofed, so that a client's computer thinks it is connected to a specific host (for example, online banking), but it is actually connected to a fake website, designed solely to collect information or deceive the user in other ways.
To resolve the wide variety of security risks, a wide variety of security solutions have been created. No single solution has yet proven flawless, but using the "Defense in Depth" strategy, systems and networks can usually be kept safe. Quite simply, Defense in Depth refers to using multiple methods of security at once, so that if one or more fail, another will succeed. Here are some of the solutions used:
Network layer security
A variety of protocols have been created to secure TCP/IP communication. These include Secure Sockets Layer (SSL) and the newer Transport Layer Security (TLS) for Wold Wide Web traffic, as well as Pretty Good Privacy (PGP) for email, as well as IPsec for securing the network layer.
Firewalls are systems which restrict access to a network and the devices on it. Most modern private firewalls watch for communications which are expressly prohibited for security reasons, watch for suspicious contents, and deny connection coming in from devices which were not first contacted from within the secured network. Commercial firewalls often cannot use the latter method, since unrequested connections are expected on public websites and portals. This means that they must be more effective in differentiating hostile connection from friendly ones.
Stateless packet filtering
The first firewalls decided whether to allow a packet or not based on that single packet alone. This was effective for a time, but it soon became clear that this was not enough. These firewalls could be tricked by sending malicious content in pieces, dispersed among several packets.
The solution to the dispersion method used to trick packet filtering was stateful filtering. In this process, packets are collected by the firewall until it is certain they are safe. Only then are these packets allowed to continue into the secure network.
Application layer filtering
Although more effective, even stateful filtering is not enough. Because of where it is in the OSI model, it does not see the end product of communication. Although a stateful firewall is important, it can still be deceived. For this reason, software firewalls not exist as well, which can see network activity differently than the hardware firewalls. Software firewalls recognize and understand applications and protocols as they should appear on the computer. It is therefore able to detect many stealthy attacks which a hardware firewall is unable to detect.
Another method used to protect Internet security is encryption. Information can be transferred win encrypted form when both parties already know the decrypting algorithm and key. However, when this is not the case, an ingenious solution was been devised which used both a public and private encryption key. Using this method, a client's data is encrypted using the public key which a server freely provides. It is then sent to the host, in its encrypted form. When the host receives this information, it uses its private key, which only it knows, to decrypt the information. This method is used in HTTPS (Hyper Text Transfer Protocol Secure) communication, which is implemented by online backing, E-mail and many other websites today. Without a quantum computer, it would take so long to break this communication that by the time it were complete, the information would be useless. Only if the server's private key has been compromised does this system become practically vulnerable.
This helps prevent any harm from communication interception, since the data in transit is useless without the private key. It does not solve the problem of interception, and date could still be destroyed, but it uses the concept, "you can get it, but you can't use it."
Rather than storing and exchanging login information, security tokens were introduced to temporarily show a user as verified. This token can be freely exchanged, since it contains nothing confidential, and is unique to one device. These tokens are often also set to expire frequently (as frequently as 30 seconds) so that replacements must be issued by the host regularly. This ensures that a connection has not been spoofed, while keeping the actual login information secure.
If everyone uses the same software, everyone shares the same vulnerabilities. However, when people use a variety of software, they reduce the risk of being successfully attacked. For example, Windows XP users were put at risk by Conficker, but Mac OS users were safe, since they did not have the same vulnerability in port 445 as Windows XP. This is also true for web browsers. For example, a malicious banner advertizement may exploit a vulnerability in Internet Explorer, but people using Mozilla Firefox are probably safe, because the gecko engine does not have the same flaw.
Since many security threats require a change to the target system (using malware), anti-virus and other anti-malware programs are often helpful. These should be able to detect and stop most infection which would otherwise open security holes or collect private information.
Spam and phish filtering
Since many attacks begin with an e-mail, improved basic spam and phish filtering helps prevent some attacks. Good filters will look at the content, as well as the header information, and compare this information to a list of known harmful or deceptive content and sources. They will often use information from "honeypots" as well, such as Project Honeypot.
Proxy DoS protection
Another security method sometimes used is routing all communication through a proxy or VPN. This connection is usually encrypted, so even unsecured communication is protected until it reaches the proxy server. The proxy will then redirect each packet to the host, and redirect the host's responses through a secure "tunnel" back to the client. Although the connection is unsecured for part of its journey, it becomes anonymous, so any personal information cannot be traced back to the specific user very easily.
Almost everyone has seen warnings when they created online accounts to never use the same password as they have on any other website. They put that message there for a reason. One could either say it is there because they want to keep the user safe, or that it is in place so they do not get sued when people do just this, and have someone break into their account later. Either way, the fact remains that using the same password over and over puts people very much at risk. If any one of those websites is compromised, every other account such people hold can also be taken over. It is often for this reason that a few people occasionally lose their entire digital lives.
Although a password manager is a convenience item, it can be a very important one. Most people cannot remember more than five passwords, so they simply reuse the one or ones over and over. A password manager is an easy way for people to make unique passwords for each website, and still only need to remember one—the master password for the password manager. Some managers even include a random code generator, which can be used to create a strong password that no human needs to remember. Such passwords are not only unique, but also impervious to "dictionary attacks" and very strong against "brute-force" attacks.
Internet security is not free of politics. Former President Obama has been able to curry favor with a number of people by speaking repeatedly on cybersecurity. However, this political aspect is in no way the greatest issue. One of the greatest political risks within Internet security is that of freedom being surrendered in the name of security. Given enough time and a stable economy, commercial enterprises are able to ensure the Internet is a safe place, or at least that people are safe from the Internet while using it. However, governments have a tendency to take freedom in exchange for offering security; an offering which may or may not be forthcoming. In the name of security, things like "the great firewall of China" can be created, which censors available content. This will certainly reduce the security risks from the outside, but the risk of tyrannical dictatorship from inside is too great for this to be allowed by the people. Likewise, the push for "back-doors" in encryption is supposedly intended to protect individuals from attackers, while allowing governments and other companies to easily decrypt all data at will, for "security" reasons. Not only is this impractical, as "Back doors" always weaken security over-all (and it is only a matter of time before attackers gain access through the the back door as well), but it also gives any number of agencies full access to private information.