InfoSecurity -- A comprehensive magazine on IT Security (a Security magazine)

InfoSecurity November 2008

Back to Contents

Cover Story

Internet Security: Everyone is under Threat

—By: Tanu Srivastava, 'InfoSecurity' Bureau.

Internet security poses tougher challenges as the world is always looking to be connected with it. This article explains few methods to be safe from internet attack.

If you are a net savvy and if you have not experienced any virus or cyber attack, there will be enormous doubt on your internet experience. There is ‘NO ONE’ in this world who use internet but never has faced the ugly truth (Internet attack). Even company like Microsoft has been hit by this ugly truth several times.

The Internet has brought huge changes to the cable industry in the areas of new services and applications, and has created enormous opportunities. But the Internet has also created challenges in the areas of security and copy protection. Because of the Internet, the audio recording industry has lost control of its products, and now the video production industry is running hard to keep from being caught in the same maelstrom. Meanwhile, theft of cable service is expected to decrease as cable systems convert to digital transmission and encryption, but I believe there are ways that pirates can use the Internet to feed real-time encryption keys to pirate set-top boxes.

As technology advances, the challenges of internet security increase. New types of viruses can now pass from computers to mobile devices, making this an ever increasing threat. Also with more and more people using their computers for online shopping and online banking, there is an even greater threat of personal information being compromised.

Protecting Your Computer

The three pillars of information security are at stake for all systems with connectivity to the Internet. The challenge is in the implementation of the necessary security controls to achieve those three pillars.

Confidentiality: Confidentiality pertains to protecting sensitive information. Sensitive information can be anything from private user information to classified defense data. Many organizations live and die by the protection of proprietary information from competitors. During wartime, the armed services literally LIVE or DIE based on how well certain sensitive information is guarded. In the US Department of Defense is called Operational Security. Since the Internet is a critical part of the DoD (and defense organizations around the world) the confidentiality is a HUGE challenge for their Information systems exposed to the Internet. Some of the threats to there systems include: social engineering, leaks of information and accidental release of sensitive data. All of these threats can be enabled via the Internet.

Integrity: Data integrity is very important to all systems passing data on the Internet. Integrity has to do with whether or not the message on the other end of your connection is the same one you actually sent. Whether its your passwords being passed to your bank or the DoD passing data over the Internet, the integrity of the data is imperative. Its often taken for granted until, we are sending an email and the receiver says they got the email but the message can’t be read. Sometimes if the messages integrity is garbled or malformed it simply won’t reach its destination. If the integrity of a message can not be protected in some way or verified and checked, it is possible for someone to intercept your message, alter it, and send it on its way. Integrity is especially critical in banking and financial transactions which is why encryption and authentication take on such an important role for sensitive transactions such as ATM withdrawals, and online banking. The challenge to maintaining Internet integrity is to ensure that link is encrypted when necessary.

Availability: If there is no availability there is no mission, no business, no functionality. One of the major challenges of Internet security has been Denial of Services attacks. A Denial of Service attack is when your system on the Internet (or within a network) is flooded with useless traffic such that no one else (not even you) can use it. With a mis-configuration, a denial of service can happen by accident. It’s important to test the availability of an online system. It’s also a good practice to see what kind of availability and access you are giving. After all, too much availability can compromise the security of your system.

Conclusion

The very nature of the Internet is to constantly change and evolve with the time. The constant change of threats to those three aspects (confidentiality, integrity and availability) of security is perhaps the biggest over arching challenge.