Saturday, September 21, 2019
Security And Confidentiality On The Internet Information Technology Essay
Security And Confidentiality On The Internet Information Technology Essay On 9th of November 2009 The Internet teacher requested 3000 word report related to the FETAC Internet module. This report was to be submitted by 14th of January2010. The topic of the report is Security and Confidentiality on the Internet with reference to cookies, viruses, encryption, digital signatures, firewalls, filtering software and personal privacy. Recommendations were requested. 2. Method of Procedure I found most of the information on the internet. In order to obtain the relevant information, I used Google Search Engine with keywords in English: Internet Security, Privacy on the Internet, Malware, Computer Viruses, Cookies, Firewalls, Filtering Software, Encryption, Digital Signatures, Computer Protection, Threats on the Internet. Keywords in Lithuanian: Privatumas Internete, Saugumas Intenete, Kompiuteriniai Virusai, UgniasienÃâ-s, Filtravimo PrgraminÃâ- Ãâà ®ranga, Ãâ¦Ã ifravimas, Skaitmeninis ParaÃâ¦Ã ¡as, Pavojai Internete. Also, some printed sources of information such as books and a periodical press in English and Lithaunian were adopted. Several pages for each topic were checked to confirm that the information was correct and fully understud. That hepled me to make conclusions and to give recommendations. 3. Findings 3.1 Importance of Subject With the progress of affordable technology more of us store more and more of our life in bits and bytes. By the end of 2009 there was more than 1,5 billion Internet users in 260 countries on every continent. The Internet is not a single network, but a vast array of connected networks situated all over the world, easily accessible by personal computers, notebooks, netbooks, smartphones, PDAs, game consoles, advanced TVs, same photo cameras or even kitchen appliances as hi-tech fridges and microwaves in a variety of ways. Today, the Internet uses gateways, routers, broadband connections, Wi-Fi spots and Internet service providers (ISPs) to make itself available at all times. Individuals and organizations worldwide can reach almost any point on the network without regard to national or geographic boundaries or time of day, there is some exceptions regarding to Internet censorship. Nowadays, it become hard to find the business without any connection to the Internet, because of its excellent source of marketing, convenience, high speed, low cost, and almost unlimited possibilities. Institutions of education, hospitals, banks, institutions of public service, providers of mobile service and internet, utility companies and of course our government has our personal information on their computers and they are connected to the Internet. With the birth of Social Networking Sites such as Bebo, Facebook, MySace, Twitter ect., we sharing our pictures, personal details, our thoughts and lives with friends and if we are not careful with everybody on the Internet. Just Facebook on its own has more than 400 million users. Even more, with new generation of Internet- Cloud Computing, individuals and business users are storing less data on their hard drives and more in the cloud- remote servers, operated by giants like Google and Amazon. However, while using the Internet, along with the convenience and speed of access to information come new risks. Among them are the risks that valuable information will be lost, stolen, corrupted, or misused and that the computer systems will be corrupted. If information is recorded electronically and is available on networked computers, it is more vulnerable than if the same information is printed on paper and locked in a file cabinet. Intruders do not need to enter an office or home, and may not even be in the same country. They can steal or tamper with information without touching a piece of paper or a photocopier. They can create new electronic files, run their own programs, and even hide all evidence of their unauthorized activity. So if we are closing and locking the door in our house to prevent criminals gain access to our valuables, we must take care of our house and life in the digital world and use all possible security and privacy on the Internet measures against the threats. WORLD INTERNET USAGE AND POPULATION STATISTICS World Regions Population ( 2009 Est.) Internet Users Dec.31,2000 Internet Users Latest Data Penetration (%Population) Growth 2000-2009 Users %of Table Africa 991,002,342 4,514,400 67,371,700 6.8 % 1,392.4% 3.9 % Asia 3,808,070,503 114,304,000 738,257,230 19.4 % 545.9 % 42.6 % Europe 803,850,858 105,096,093 418,029,796 52.0 % 297.8 % 24.1 % Middle East 202,687,005 3,284,800 57,425,046 28.3 % 1,648.2% 3.3 % North America 340,831,831 108,096,800 252,908,000 74.2 % 134.0 % 14.6 % Latin America/Caribbean 586,662,468 18,068,919 179,031,479 30.5 % 890.8 % 10.3 % Oceania / Australia 34,700,201 7,620,480 20,970,490 60.4 % 175.2 % 1.2 % WORLD TOTAL 6,767,805,208 360,985,492 1,733,993,741 25.6 % 380.3 % 100.0 % Copyright à © 2001 2009, Miniwatts Marketing Group 3.2 Personal Privacy Total privacy does not exist on the Internet, but it is possible to minimize the risks. Most security breaches are not done by technology, but by social engineering. In security, people is the most risky factor of all, yet its the one thing thats often forgotten. A company may setup firewalls, security software, locks and fingerprint scanners, but if they forget to establish and enforce a well designed security policy, they have forgotten the most important part. The easiest way to get a password from someone is just to ask! In more likely situations, an attacker may simply call random people and pretend they are a tech support person trying to fix a problem, and ask for confidential information as part of the diagnostic. Pretexting Pretexting is the way of stealing information by providing just a little bit of known information, and pretending to be someone youre not. Thats how identity thieves can call banks and, after a few tries, by simply providing basic information about the target, get all the data they want. Phishing Phishing is when you receive an email that looks like its from your bank, Paypal, online shop or another secure site you use, and asking you to login to confirm your information. It works in this way: the criminals sets up a website which looks like the genuine one and then sends phishing email to thousands of people, until they find somebody. Then when the person tries to login, his login information is intercepted by the bad guys and used to steal valuable information. Malware Malicious programs, especially Key loggers can record what keys on the keyboard you are pressing when login to secure websites, to obtain your username and password. Often Key loggers are incorporated together with Trojan Viruses, programs which pretends to be useful software i.e. antivirus or computer maintenance programs, to send stolen information to the criminals. Privacy threats on Social Networking Sites Internet users have to be very careful with the private information that they share on the web. Internet is becoming very popular way to communicate with people. Most people who give too much of private information about themselves arent aware about the risks they taking. There are people who can pretend to be your friends, gain information and use this information against you for blackmailing, psychological terror or for access to secure private pages. Conclusions and Recommendations The offenders are always inventing new methods to steal private information. We have to be aware about that, constantly refresh our knowledge about security and existing scam schemes and take all possible security measures by using trusted up to date security software. Never click a link in an email from unknown sender, never download from an untrusted source, and always type in the address of your financial sites to access them. Need to avoid to disclose sensitive information online especially to the people we dont know very well. Also we have to remember that these attacks also can be done offline. Most identity thefts are done by people simply going through rubbish bins and getting confidential data that was thrown out, like a bank statements, invoices, payslips ect. We cant do much to secure our personal data collected and stored by businesses and institutions which can also be stolen or misused, just hope that they will take same good care as we do. 3.3 Cookies What are Cookies? Cookies are a piece of text that a web server sends to web browser and are stored on a users hard disk. Main purpose of cookies is to help prepare customized web pages with our settings, interests, browsing habits. It works in similar way to loyalty cards i.e. if we bought a book in Amazon internet shop, next time when we come back to Amazon first it will offer similar books to our purchase. Cookies do not act maliciously on computer systems. They are text files that can be deleted at any time. Cookies cant be used to spread viruses. But because any personal information that we gave to a web site will be stored in a cookie some people can accept it as a threat to privacy and anonymity. To prevent misuse of information in the cookie if its stolen, information in the cookie is encrypted. How do They Work? When we visit a site that uses cookies, it can ask the browser to place one or more cookies on the visitors hard drive. It will contain our name and password, fill in form i.e. delivery addresses and basically what we do in the page. Next time, when we come back to the site the web browser sends back the cookies that belong to the site and then we will see personalized Web page with our details. Generally cookies help us to save a little bit of time. And we always have possibility to switch it off, however internet shopping web pages requires cookies to accesses them. How Could I Prevent/Manage Cookies? If we want to delete cookies we have to follow these steps: Internet Explorer: Tools /Internet options/Security /Set security level to high or custom level/Cookies/Disable. Mozilla Firefox: Tools/Options/Privacy/Cookies/Uncheck/Allow sites to set cookies Other options are to use designated Cookie Managing software or to use advanced Antivirus programs which also have the option to control cookies, to block cookies that we dont want and save only the cookies that we want. Conclusions and Recommendations I think that cookies are useful because we can get personalized information to read, do not spend time on security questions where it is necessary to enter a password, we dont have to spend time filling up same forms. Cookies do not collect information saved in the computer, it can contain only private data that we give to a website on our own free will. And if we dont want some cookies we are able to remove them from computer when we want. Some websites such as internet banking, e-shops and similar are impossible to use properly without allowing the cookies. 3.4 Viruses What is a Virus? Computer viruses are small malicious program codes, which are designed by using various techniques to hide themselves inside the executable files. Their aim is to replicate, spread between the computers using removable media or network and to interfere with computer operation: slowing down computer, damaging or deleting data, disturbing users and wasting time by showing annoying massages. Virus can be classified by several characteristic: depend on the origin, on the way how they infect computer, on the place where they hide, on the damage that they can cause However, the computer virus is only one type of the malicious software or malware, but majority of computer users referring to all malicious programs (Trojan horses, worms, rootkits, spyware etc.) as the viruses. Type of Virus Different viruses can have many common characteristics and constantly appearing viruses with new specifications or combinations. Resident Virus. Loads the replication module into RAM memory when is executed, after this virus can infect all files that are accessed by user or operating system. If the antivirus program fails to spot the virus in the RAM it can infect all scanned files. FAT Virus. The File Allocation Table is a fundamental element in the system it works like an index, keeping information where is the files stores on the hard disk drive (HDD), which sectors are empty etc. If this vital index is destroyed by virus, it makes impossible for computer to locate files. It also can overwrite the files or entire directories corrupting them permanently. Sometimes the only solution to fix the computer affected by FAT virus is to format hard disk drive. Huge downside of this is that all information on HDD will be permanently erased. Virus of Direct-Action. Sometimes referred as Non-Resident Virus, they are unlike to resident virus, not loading in to RAM memory. They try to infect the programs and cause damage at the moment of execution of infected file. Most of viruses are Resident. Overwriting Virus. Most destructible type of virus, it overwrites the information in the infected files corrupting them permanently. If you dont have the back-up copy of your files its a bad news because the only way to get rid of this type of virus is to delete infected files. Boot Virus. Also known as System Virus. These viruses infect critical section with boot code on hard disk or another bootable media storage that helps to start computer. When the computer starts up and the boot virus is launched, it can take complete control over infected computer and does everything it wants (steal private information, delete system files etc.) Clean bootable antivirus software required to disinfect the system. However depend on the virus this solution is not enough to clean bootable sector. Macro Virus. Macros are micro-programs associated with a file that serve to automate joint complexes of operation. Macro virus expand from applications which use macro, word document (file with extension .doc),Excel (file with extension .xls) data of Access (file with extension .mdb), Power point (file with extension .pps). When we open a file containing a virus of this type of macros are automatically loaded causing the infection. Most applications that use macros have, but many macro viruses easily circumvent this protection. Multipartite Virus.Very advanced type of virus that can perform multiple infections combining different techniques. These viruses are considered very dangerous, for its ability to combine many techniques of infection and harmful effects of their actions. File Virus. Infect programs or executable files (files with extension .ex and .com) when run the infected program, the virus becomes active, producing different effects. The majority of exiting viruses are of this type. Logic Bombs.Neither virus is considered strictly as they do not reproduce. They are not separate programs, but hides in an unmarked segment within another program.They aim to destroy the data on a computer or cause other significant damage on it when certain conditions are met. While this does not happen, no one notices the presence of the logic bomb. Its action can be extremely destructive. Trojan Virus.Trojan arent considered virus, because they dont replicate themselves. Trojans are commonly hidden in the programs that appliers to be useful, but instead opens unauthorized access to users computer. Trojans also can be installed thorough web pages with executable content (ActiveX control), email attachements. The effects of the Trojan can be very dangerous, allowing remote control from other computer (downloading, uploading, modifying or deleting files), installing key loggers and other malware, connecting computer to botnet (sending SPAM messages, perform network DDos attacks). How can computers become infected and what damage can cause? Viruses can infect computers through: Internet (email attachments, infected web pages, downloading infected files) Computer networks Removable Media Drives Virus Symptoms: The computer runs very slow Reduces the available memory The computer shuts down or freeze frequently There are programs which do not work or malfunction There is less free space on your hard disk Computer files disappear Strange messages appear on the screen. Some file are renamed or extended Conclusions and Recommendations Not everything that affects the normal functioning of a computer is a virus. Is very important to have means to detect and disinfect viruses use an antivirus program and update daily (use default settings). Scan all removable disks before use it and scan computer periodically at least once a week. 3.5 Firewall A firewall is a system that protects a computer or computer networks blocking unauthorized network access while permitting authorized communications. Firewall can be implemented in software, hardware or combination of both. Firewall is placed between protected and unprotected networks and acts as a gate to protect network or single computer, by inspecting network traffic, applying rules and allowing or denying connection. Firewall can use different techniques to do so: Packet filter (inspects every information packet passing through the network) Application gateway (applies rules to specific applications such as FTP, Telnet servers.) Circuit-level gateway(applies rules to TCP or UDP connections, when are made there is no further inspection.) Proxy Server (checks all network activity passing through network.) Conclusions and Recommendations Everyone should use a firewall against network intruders to protect computer and private information. Most of the antivirus programs and operating systems have integrated firewall software. Minor disadvantage of firewall, it can slow down Internet traffic and can be tricky for not advanced users to set-up it properly (not blocking traffic for useful programs). 3.6 Filtering Software The filtering software is designed to control what contents are allowed to be accessed on Internet. Often its installed on the computers of educational, government organizations, private companies. Filtering software is commonly used by parents to prevent their children from having access to certain web places unsuitable for minors. It also can be used as the mean of censorship in some countries. How does it work? Nowadays on the market there are many options of filtering software with various techniques and content filtering to prevent from harmful online material. The filtering programs works like that: Address blocking websites containing such content Controlling access times Accepting default address list Possible to establish your own list of addresses Assigning different profiles or different days and times(work, leisure, etc.) Controlling which services can be used at any time and for each user (mail, chat, etc.) Advantages and disadvantages of Filtering Software. Advantage of filtering software is that does not allow minor to access pages of violence, pornography, racism. In a work place it prevents employees of wasting their time and resources for personal proposes (chatting online, social network pages, etc.). Main disadvantage is over-zealous filtering. Par example, in some filters attempts to block the word sex would block words such as Essex and Sussex and etc. Internet censorship in some countries limits freedom of speech for different reasons and that is not a good thing. Some Filtering Software examples. Netnanny, Mobicop, DansGuard, CleanFeed,Web Sence 3.7 Encryption Its a method to convert the characters of a text that can not be understood unless it is read with the corresponding key. Used to protect the integrity of secret information if it is intercepted. Encryption is also used when data is sent via secure intranet (VSPN). Encryption is used for electronic commerce to protect credit card information. How does it work? The keys are the heart of the encryption. The keys are complex mathematical formulas (algorithms) used to encrypt and decrypt information. If someone encrypts a message, only one with the appropriate key can decrypt the message. Algorithms are used to perform a hash function. This process produces a unique MD5 for this message. The MD5 is encrypted with the senders private key resulting in a fingerprint. Conclusions and Recommendations Everyone who has and important or secret information (banks, hospitals, government, universities, e-commerce sites) they have to keep this information in secret from fraudsters. In recent years, it was few cases when portable computers of government organizations with secret information were lost or stolen. Laptops (portable computers) became more and more popular and most of us have some kind of personal information on our computers. So it is very important to have that information encrypted, in case of losing it. 3.8 Digital Signatures A set of data in electronic form attached to or associated with others which are used to identify the signatory, which allows you to check the provenance, authenticity and integrity of messages exchanged over the Internet. There are two types of electronic signatures: basic and advanced. The basic does not guarantee the identity of the signer, neither the veracity of information received since the sending does not ensure that the issuer has made it known to us, while the advanced signature identifies the signer and detect any subsequent change of data that could occur. The digital signature is a specific techology signature and created by the so-called System Asymmetric key cryptography and it works like that : The holder has two keys : public key and private key ,private key is only known to the issuer and is associated to the information you send .while the person who received only know their public key . Two keys are needed and complement each other to get the encrypted message appears as the original . When we want sent private information the information is encrypted by system which use mathematical operations so the information becames encripted ( strange numbers and letters) so the message only can be deciphered by the people who know the instruction and have a public key Conclusions and Recommendations It should be used by the organitations which have an important or secret information as banks, universities, hospitals, etc., these organitations should use digital signatures in order to avoid the risk of fraud .they have to be sure about the authenticy of the sender.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.