Internet Guide Logo

Security on the Internet

Introduction

Security on the Internet, while related to "general" computer security, differs, due to it's focus upon Internet technologies. The Internet is a global system which is comprised of interconnected computer networks that use the Internet protocol suite (tcp/ip). Therefore, Internet security is related to vulnerability within the Internet protocol suite and the applications and services that use it.

Individuals who engage in finding security vulnerability - be it on the Internet or other computer systems - are referred to as hackers (sometimes as crackers or script kiddies). Hacking most likely evolved out of phreaking; the 'hacking' of telephone networks. Hackers are categorised as 'blackhat' and 'whitehat', and a 'hack' that is motivated by political ends is referred to as hacktivism.

Computer Security: Intrusion Methods

Threats against computer systems can be classified in three intrusion methods:

1. Internal Intrusions - Usually the most harmful security threat: this is where an employee of a company - or friend or family member - physically accesses a company network or personal computer to cause damage. This can only be stopped by physical measures and not by computer software. Little can be done to protect against this threat, apart from ensuring that only people who are trusted can physically access a computer.

2. External Intrusions - This is where someone tries to remotely attack and access computers across a computer network. This is the easiest form of attack to defend against, and we will examine 'external intrusions' attempted on the Internet. External intrusions are the most common Internet security threat, because, the Internet, by nature, is a system of remotely connected computer networks.

3. Social Intrusions - This is where hackers pose as system administrators etc, and ask for a username or a password. No computer software can stop a hacker armed with accurate information that has been stolen. Phishing is an example of a social intrusion threat on the Internet. Phishing is where an individual will send an email, or another electronic message, purporting to be from an official source and will ask for username and password details.

Internet Security: External Threats

Internet security threats generally come in the "form" of external intrusions - luckily this is the easiest type of intrusion to protect against. The problem with the Internet is that the original designers didn't consider user privacy and data. The typical home computer now contains sensitive data, like: credit card numbers, bank account numbers, business contacts, and other confidential information. Therefore, it is essential that a home computer is protected against external access by malicious individuals.

As already stated, the Internet is a computer system that is comprised of interconnected computer networks that use the Internet protocol suite. The Internet uses packet switching to transit data (with the TCP and UDP protocols) from one location (computer) to another. Data is transmitted in packets (blocks of data). Each computer connected to the Internet is assigned an IP address. Each computer connected to the Internet may have multiple applications that send and receive packets.

Therefore, ports are used by each of these applications/processes (if an IP address is a house, then a port would be a room within that house). Packets are sent to an IP address (address of a home computer on the Internet) and then routed to the port (address of the application/process). An IP address+port number is required for communication transmissions to be completed. IANA (Internet Assigned Numbers Authority) assign's and maintain ports for Internet applications/processes. The following Internet protocols have been assigned to the following ports:

  1. FTP - 21
  2. SSH - 22
  3. Telnet - 23
  4. SMTP - 25
  5. HTTP (Web) - 80
  6. Pop 3 - 110
  7. IMAP - 143

A computer connected to the Internet becomes vulnerable when a port is left open and intrusion from an external source is possible. The remedy to this issue is a firewall; a firewall analyses all incoming and outcoming traffic through these ports. If the firewall suspects incoming or outgoing traffic (through a port) is unauthorized: it will block it. This is why, when a firewall is first installed, it will ask whether an application attempting to open a port is authorised or not.

Intercepted Data

Through the use of packet sniffers and other security tools, there is always the possibility that an individual can intercept and read data packets sent by computers communicating on the Internet. While the Internet protocol suite was not strictly designed with the idea of user privacy and data security, it does feature some protocols that deal with security:

  1. Secure Sockets Layer (SSL) - encrypts packets, ideal for financial transactions.
  2. Transport Layer Security (TLS) - encrypts packets, ideal for websites.
  3. Pretty Good Privacy (PGP) - encrypts email messages.
  4. IPsec - protects data at the network layer (Internet is a four layer model) security.

The purpose of the above protocols, are therefore, to encrypt data: so that, even if the data packets are intercepted by someone, the person can not read them. The majority of the protocols listed above are installed in Web browsers, email clients, and other online applications.

Internet Security: Applications

The Internet is a global system that provides a range of services, chief amongst them being: electronic mail, file downloads, and the World Wide Web. The majority of these services are based upon a client-server model: a user will install a client program (browser for example) which will use application layer protocols (http, ftp, smtp, dns) of the Internet protocol suite to download data (transmitted in packets) from Internet servers (computer which stores data). The security threat posed in this model is client programs which have been designed with inherent security flaws.

Browsers

The most popular service on the Internet is the World Wide Web. The World Wide Web is accessed by browsers: which is a client program that downloads webpages from web servers and renders them for a user to read. Security threats to a browser are two-fold.

The first is the content of webpages: activeX, javascript and flash can be embedded into webpages and can pose a multi-tude of security issues. Users tend to need a security program - installed internally in the browser or externally - which will scan every webpage before it is accessed to warn the user of any security threat.

The next security threat posed by browsers is security holes within the client program. For example, Internet Explorer version 6 is noted for having over 20 unpatched vulnerabilities: most notable ActiveX and DHTML document object model vulnerability. Plugins - like toolbars - which are installed into browsers can also compromise Internet security. Therefore, users should always install the latest version of a browser, and only install plugins from trusted software vendors.

Finally, there is the manipulation of the host file in an operating system: this results in a spoofed version of a official website being loaded - for example a spoofed version of a banking website - and the spoofed website will record login details etc. This type of browser exploit is referred to as pharming.

Email

Email has possible been the cause of the majority of Internet threats to home users. Email, by standard, is simple a text based messaging service, and text emails pose no security threat. It was when emails began to support HTML code and attachments that security issues with the technology became a serious problem. Spam email messages often includes harmful HTML code and attachments are often installed with viruses and other malicious software. Older webmail systems did not include features to scan emails to warn users of any potential threat. Present day, 2014, webmail and email clients are far more secure, and usually scan every email before a user accesses it.

Another security issue posed by email is phishing and scamming emails. This is where an email will purport to be from an official source - such as a bank, building society, network administor - and will ask for personal details. These emails can look genuine: due to the email address being spoofed; the content of the email using the correct logo of the business; and the "tone" of the message conveying fear if the user does not comply with the request. Of course, if a user does comply with the request, then the ramifications can expand, and the overall threat posed to the user and the services he/she uses on the Internet is great.

Another security threat posed to email is that messages are transferred via mail servers: during this process of transporting a email message from one user to another, the message can potentially be intercepted. If the data packets of the email message are successfully intercepted, then the contents of the email message can be read. The solution to this issue is to encrypt the email message.

Downloads (FTP)

There are many client programs - file sharing programs like Napster or instant messaging programs like ICQ - which allow users to download files from servers located on the Internet or to exchange files between one another. These client programs tend to use the file transfer protocol (FTP) to facilitate the download and upload of files via the client program. FTP does not pose a threat to the security of the user, but the files downloaded do. The following category on this page will examine malicious downloaded software.

Internet Security: Malicious Software

As was shown above, the majority of services provided on the Internet are based upon a client-server model. In this model, client programs download data from servers connected to the Internet. A security threat is created when data is downloaded that includes, or, is classified as: malicious software. Some types of malicious software include: adware, viruses, malware, trojan horses and worms. The level of threat posed by these programs varies from minimal to great.

Malicious software can be downloaded by mistake from: email attachments, download sites, hidden in genuine looking software, and from compromised websites. Some malicious software can remotely control a computer (referred to as a zombie machine) and can be used to engage in denial of service attacks (denial of service attacks are used to make Internet services inaccessible).

Other viruses record keystrokes, sometimes targeting login details: so as to engage in identity theft. Anti-virus software is the only way to remove malicious software already residing on a computer system. Anti-virus programs may not be able to remove serious security threats, and the computer may need to be reset to it's factory settings. Anti-virus programs should scan the majority of files downloaded from the Internet: this should ensure that the computer avoids becoming infected.

The threat posed by malicious software is largely dependent upon the behaviour Internet users. The user can mitigate the threat of this software by installing the correct and up-to-date software: anti-virus programs, anti-malware programs, firewall, and web protection. Likewise, the behaviour of the user can mitigate the threat: the more a user downloads, the higher the risk, and, if the user downloads data from unknown sources, the higher the risk.