Internet
Security
Cliff
Changchun Zou, Dec. 2nd, 2002
When
you log on your email server to check your email, with surprise you find that
you have received many emails from others who angrily accused you sending them
garbage advertisements or virus emails, which you didn’t do by yourself for
sure.
You bought a bargain online using your credit card some days earlier. Then you
receive your credit card bill and find that there are several unaccounted large
charges of online shopping besides the one that you really bought.
You are enjoying your newly installed high-speed cable-modem at home to surf the
Internet. Then one day you can’t connect to Internet and you call the cable
company. The technical guys tell you that your computer has been compromised and
is used by a hacker to attack others. So they have to block your connection
temporary until you reinstall your computer.
The scenarios above are only several out of thousands security cases that you
might face in the current digital world. “Internet security” is the security
issue related to computers that are connected together by the Internet. The more
formal definition, according to the International Engineering Consortium,
“Internet security is the practice of protecting and preserving private
resources and information on the Internet” (International Engineering
Consortium). It relates to many aspects of the virutal world of the Internet.
For example, how can we protect our private information, like our health
information, from being exposed? How can we use the online banking without
worrying about leaking our bank information or account passwords to others? How
can the online media or stores provide reliable customer service without
interrupted by some bad guys? How can we communicate with our friends without
thinking that the communication is monitored by others?
“The past few years have seen an explosion in the number of machines using the Internet. […] One out of three Americans now lives in a home that has a computer with a modem” (Ogata, Ogata and Shirley). Internet has become closer to our everyday lives than any other time. Now we can use Internet to check news and weather, shop or buy airplane tickets, manage bank account and pay bill, write emails or even chat with our friends who are on the other side of the world. As our lives depend more on the Internet, Internet security becomes more important to everyone of us. Internet brings us convenience and colorful life. However, without good security and orderly running conditions, Internet could bring us more troubles than benefits.
According to Samuel Chanson, Internet attacks can be classified to three types:
denial of service, intrusion, and information theft (Chanson). Denial of service
attack “disrupts or completely denies service to legitimate users, networks,
systems, or other resources” (McClure, Scambray and Kurtz 340). Denial of
service attacks can cost some online media or businesses millions of dollars
related to “system downtime, lost revenues, and the physical labor involved in
identifying and reacting to such attacks” (McClure, Scambray and Kurtz 340).
The most famous denial of service attack happened on February 6th, 2000. Some
hackers launched the attack on several well-known online businesses:
Yahoo, eBay, Amazon.com, CNN, and E-trade. The hackers successfully shut down
their services to legitimate users for several hours (Sager et. al.).
Denial of
service attack is popular among hackers because it is simple to implement and
hard to defense. An online business, like Yahoo, can only provide service to a
certain amount of users because of the web server’s capacity and its limited
Internet bandwidth. A hacker, on the other hand, is able to send thousands of
garbage web requests per second to the web provider consistently for hours or
even days (Garfinkel and Spafford 760). Among hacking communities, there are
some software tools that provide hackers the weapons to make such intensive
automatic attacks. In this way the hacker can occupy and resume most of the
resources that the server can provide. Thus most legitimate users will have to
wait for a long time or even will be dropped by the server.
“Intrusion” means that an attacker intrudes some other computers where they
have no privilege to use. They can use these computers freely after the
intrusion. For example, when you use “telnet” to log in your email server,
your user name and password pass the network in plain text. Hackers can
intercept them easily by installing a “sniffer” program on any computer
connected to the same network. Then they can freely use your email account to
send some offensive letters to others, or completely erase all your precious
emails. In addition, hackers can also use some hacking tools to compromise your
computer by exploiting some security holes in it. They can then use your
computer to attack others or as a step-stone to scan the Internet to gather
other computers vulnerabilities. For example, on July 19th 2001, a computer worm
called “Code Red” appeared and quickly spread on the Internet. It exploited
a security hole in Windows 2000 web server. In less than one day it compromised
more than 350,000 Windows computers and then used them to launch denial of
service attack to Whitehouse web server (Moore).
“Information theft” means that an attacker can get some protected
information from other computers on the Internet, such as a company’s
confidential documents, another person’s credit card information, etc. For
example, current Instant Messenger software does not encrypt the communication
session data (Dalton and Kannengeisser 36). If two employees use Instant
Messenger to discuss some confidential information about their company, a hacker
can sniff and intercept all the information and sell it to the opponent of this
company. Another aspect of information theft is about invading users’ privacy.
For example, the infamous “Carnivore” system developed by FBI can
“covertly search for e-mails and other computer messages” (Figueroa), which
is considered an invasion to privacy by many people.
How can we defend against these Internet attacks? First of all, educating every
computer user to have some basic knowledge on security is the most important
step in security defense. Currently, most of Internet security problems are due
to the lack of security knowledge among ordinary computer users. For example,
there are many programs that can replace “telnet” when you want to remote
log in your email server. These programs have built-in encryption that can
protect your account passwords. The only issue here is to educate everyone to
use those programs. In addition, we should also educate ordinary email users to
open email attachments with caution. In this way, many malicious email viruses
would not spread out.
Companies or universities should invest more on security area: implementing a
strong security policy among all legitimate users; putting up firewalls and
intrusion detection systems to protect the internal network from outside
hackers; using virtual private network (VPN) equipments or other encryption
software to secure the communications with employees around the world; setting
up a security response team and procedure to deal with future security incidents
more effectively, etc.
“Firewall” is a specialized computer that protects a company’s internal network from the dangerous outside Internet world. It is the joint of internal network and outside Internet. It behaves as a gate guard: checking all incoming and outgoing network traffic and decide what kind of traffic should be allowed to go through (Garfinkel, Spafford, 639). For example, a company’s firewall can block “Instant Messenger” traffic since it is dangerous to the security of the company and it consumes too much working time of employees (Dalton and Kannengeisser 40). “Intrusion detection” system is software that behaves like burglar alarms and surveillance cameras. It is placed in the internal network or on some critical computers. Once a hacker intrudes and comes in, the intrusion detection system can give an alarm to the system administrator or the user. It also gives some relevant intrusion information and some advice on how to deal with it (Amoroso 20). In order to protect network communication from sniffed by hackers, computer users should only use some secure programs that encrypt all network communication traffic, such as secure telnet, secure ftp, email client program that has secure connection, etc. Some highly secure companies can buy special products, such as password tokens, or virtual private network equipments to enforce the security of their companies.
Internet is a free world that no one and no country can regulate or constraint.
It’s the essential reason why Internet can be developed in such an incredible
speed. On the other hand, Internet security means that we should enforce some
rules to try to regulate Internet users’ activities. How should we strengthen
security and at the same time preserve the free world of Internet? How should we
be able to catch computer criminals by using network surveillances and at the
same time protect users’ privacy? These are the open questions that we will
face all the time as we fight the war with Internet hackers.
Work cited:
International
Engineering Consortium. Internet Security.
http://www.iec.org/online/tutorials/int_sec/
Chanson,
Samuel. Internet Security Handbook.
http://www.cyber.ust.hk/handbook/TOC.html
Ogata,
Jefferson, Eric Ogata, and Joseph Shirley. An Overview of Internet Security.
http://www.antibozo.net/ogata/security/overview/
Garfinkel, Simson, and Gene Spafford. Practical Unix & Internet Security, Second Edition.
Sebastopol:
O’Reilly, 1996.
Mcclure, Stuart, Joel Scambray, and George Kurtz. Hacking Exposed: Network Security Secrets and
Solutions.
Berkeley: McGraw-Hill, 1999.
Amoroso, Edward. Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back,
Traps, and
Response. Sparta: Intrusion.Net,
1999.
Sager, Ira, Steve Hamm, Neil Gross, John Carey, and Robert Hof. Cyber Crime: First Yahoo! Then eBay. The Net's
vulnerability threatens e-commerce and you. Business Magazine. Feb. 21st, 2000.
Dalton, Curtis, and William Kannengeisser. Instant Headache: The rapidly expanding use of instant messaging
is
introducing new security challenges to enterprise networks. Information Security
Magazine, August 2002. 32-41.
Moore,
David. The Spread of the Code-Red Worm (CRv2).
http://www.caida.org/analysis/security/code-red/coderedv2_analysis.xml
Figueroa,
Mario. Carnivore – Diagnostic Tool or Invasion of privacy?
http://rr.sans.org/legal/carnivore.php