Thursday, October 3, 2019
Internet Threats and Security for Protection
Internet Threats and Security for Protection Introduction Technology is still under development in Saudi Arabia and has not reached the advance level as its reached in UK and USA. Therefore Internet Security is still a main as well as a major issues to most businesses and organisations in Saudi Arabia. Media hype surrounding the topic of Internet security can scare the general public, as the novice users. The continual talk of the latest virus alerts, which have corrupted thousands and stories of teenagers hacking into networks and stealing numerous informations such as personal details, credit card details other details which relates to different institution, is enough to put anyone off the idea using their personal details over the Net. All this media hype needs to be addressed to see if it is just that, or is there a ground for all this sensationalism. The chances to actually undergo extensive research and establish leads and ideas that I have not come across before about Internet Security, it is a major challenge for me and I feel that by conducting this research it will broaden my knowledge about Internet Security and also make people understand the aspects of Internet Security which they havent come across before. Abstract This dissertation looks at the question: ââ¬ËIs The Internet Secure?. Where secure is defined as ââ¬Ësecure enough to trade or pass information via the Internet. With the constant media hype of Internet Security, it felt that this title to be one of interest and appealed. Therefore, research include, determining what types of organisations are present on the net, and categorising them into several groups. Studying past literature to determine all possible threats on the Internet and then to discuss possible solutions to these threats. As society is in the information revolution, in which the Internet is the main channel for distribution, this area of research is related to each and every one of us. Internet trading is a common practice amongst the new age. However, this is a subject that needs to be addressed to see whether all this ââ¬ËMedia Hype is just that, or is their just grounds for concern. With the number of users on the Internet growing daily, and businesses becoming completely dependant on technology, serious issues of vulnerability need to be looked at. To ensure that no gaps appear in the security aspects of Internet, which will in turn trap the new users. Conclusions where made by in viewed and researched based companies. This research aims to provide the reader with a deeper understanding of Internet Security. The Internet is a medium that will be a part of future generations, and it is paramount that it is managed correctly and to ensure it does not have devastating consequences for those involved in its operation. The research carried out draws the conclusion, that the Internet is not a secure for trading, and that a regulatory body is required or a more structured policing. Therefore more actions from organisations are needed as well as from the government. Future research can concentrate on data recovery methods, application methods and interviewing in more depth and on a longer scale. Acknowledgement Chapter Outline Chapter1: The introductory of this chapter starts with the definition of I.T security. It follows on with what the aims and objectives are and the methodology followed during the fact finding exercise. The chapter outlines the scope and the limitations of the project. Chapter 2: This chapter describes how the internet was formed and how it has developed. Finally it highlights the key developments of the internet throughout its early life cycle, and the growth of its user base. Chapter 3: Defines the types of businesses that trade on the net categorising them into several divisions, which are further explained in the appendix. This chapter also talks about on-line banking and how to purchase over the Internet. Chapter 4: Starts by discussing the potential threats of viruses, how they work and how they spread. It also discusses what different authors believe to be the main threats of the Internet. It also talks about all the potential threats and briefly defines each one. Chapter 5: Discusses the potential answers to the security issues, broadly discussing all of the security applications available. The chapter introduces computer security as well as the different application. Chapter 6: The fact finding stage highlights the responses gained from the organisations, which were interviewed. The findings were incorporated into graphs to illustrate the answer. Chapter 7: To conclude this study, the author discusses what the project aims were, how the findings were achieved and why came to this conclusion. A SWOT analysis was also carried out to assist the conclusion. Appendix: Any information that did not fit in the thesis, which the author felt important, is included in the appendices. There are also other documents and information, which has been referenced in the dissertation in the appendices. I.T security as defined in this dissertation is the practices, procedures, applications and services which ensure a security breach or loss of use of a computer system does not occur. Security provides protection for IT system resources from human action. The security products, services and procedures used will aim to protect any hardware or data in the system. 1 Introduction Media hype surrounding the topic of Internet security can scare the general public, as the novice users. The continual talk of the latest virus alerts, which have corrupted thousands and stories of teenagers hacking into networks and stealing numerous informations such as personal details, credit card details other details which relates to different institution, is enough to put anyone off the idea using their personal details over the Net. All this media hype needs to be addressed to see if it is just that, or is there a ground for all this sensationalism. 1.1Human Action Human-inspired security breaches are defined as accidental or deliberate, passive or active attacks, which result in the loss or damage of I.T system hardware, software or data. This can come in many guises, as the following shows: Viruses where a program is placed on a system with the intention of corrupting its processing. The theft of data. Hacking deliberately gaining unauthorised access to a computer system. The invasion of privacy, through the unauthorised disclosure of data and breaches of data protection legislation. Sabotage interfering with the processing of a system, such as the placing of a ââ¬Ëclone machine. 1.2The Key areas of I.T Security I.T security involves a number of key areas. The most important of these are introduced under the following headings. 1.2.1 E-Commerce E-Commerce (Electronic Commerce) enables measures to secure web merchants sites from external hacking and intrusion, with the aim to develop secure online transactions. E-Commerce requires the means to engage in electronic transactions without the fear that credit card details and bank details could get into the wrong hands. These involve, for example, the use of secure payment servers and secure software servers. 1.2.2 Network Security The aim of network security is to create a secure environment in which the users can send classified information and business applications solely to those people that they wish to receive them, preventing others from accessing the data. This is an issue of increasing concern, given the growing importance of networks to companies. This aspect of security tends to resolve around using network management and security software tools, and developing network security policies. 1.2.3 Virus Protection To prevent computer viruses from infecting I.T systems, companies use anti-virus software and alert systems. The requirements for information security as well as the type of products and services used to have undergone a major transformation since 1995. The need for security has widened, where traditionally it was confined mainly to governments, protecting classified data, financial institutions and protecting messages with monetary value, today most medium-sized to large organisations require information security. The growth of computer networks, group working and mobile working, and the subsequent need to communicate with contacts outside the organisation, has made I.T systems more open to external forces and more vulnerable to internal action. Today, security is demanded to handle communications through the internet, intranet, extranet and Virtual Private Networks (VPNs). All of these technologies use common, standardised networking protocols and such networks are exposed to greater security threats than before. In a modern computer network, employees share information with each other, and companies share information with their suppliers, partners and customers. This calls for a more sophisticated security system, which is more comprehensive and flexible than the products and services used in the past, and which can be deployed to a large number of users in a consistent, manageable and secure fashion. 1.3 Aims and Objectives Introduce and provide an overview of the development of the Internet. How it was started and how it works. Identify the diverse nature of businesses that trade on the Internet, their roles and their functions. Identify and disseminate the literature available on threats inherent in the use of the Internet including viruses and secure transmission of data. Identify and discuss the appropriate solutions for any potential threats for internet security. Evaluate and conclude the arguments, to discuss potential ways of enforcing a suitable security policy for web-based companies. 1.4 Methodology Information for this study was gathered from journals, books, Internet sources and certain company documentation pertaining to Internet security. The best form of methodology for this type of research would be to use Quantitative and Qualitative analysis as well as the use of secondary sources, as mentioned. Quantitative research was used to gain rich information, basically finding out the ââ¬Ëexperts opinions from the relevant areas of expertise, for the research. The qualitative research consisted of a questionnaire with open ended and some closed questions. The main aim of this questionnaire was to elaborate on the authors literature review, basically agreeing or disagreeing with the literature presented on this study. For the quantitative aspect of the research a short structured questionnaire was designed, this consisted of closed questions, which would give a statistical look to the fact-findings chapter. This questionnaire was distributed in Preston and Jeddah (Kingdom of Saudi Arabia). Closed question questionnaires were used to obtain the awareness of the issues presented, to gain views, beliefs and attitude to these. The questionnaires were designed to ensure easy reading, therefore overcoming any confusion on the respondents behalf. Questions were explained to ensure comple te reliability in their responses 1.5Limitations and scope of Dissertation As Internet Security is a very large topic, this author has limited his research to the following: Types of businesses on the web, categorising them in several areas. Discussing threats that past authors identified. Discussing possible solutions to these threats that past authors identified. Carrying out a first hand fact-finding excersing to either agree with the literature or disagree. Setting out the key differences. Summarising the thesis and presenting the findings. 2What is the Internet and how it started The revolution in computer networking has made it possible for personal computers able to communicate with each other. This chapter is about the Internet and basically a history of its beginning. It provides a comprehensive view of literature regarding factors that promote e-commerce and aid the new era of online banking. The scale of the Internet is awesome and therefore more and more people are connecting to the net. Statistics continues to grow on a daily basis at an alarming rate. People from all walks of life, not just the scientist, teachers and computer experts use the Internet. 2.1Origins of the Internet The Internet has its roots in a network set up by the United States Department of defence in the early 1970s (Ellsworth 1994). This network (ARPANET) was a collection of four computers. By 1996 the Internet was a collection of over 50,000 networks. The methods they slowly developed included a ââ¬ËProtocol (which is a computer language) allowing dissimilar computer systems to communicate, and a method that routed data through multiple communication paths using groups of data with their own destination addresses built in packets. Prior to this technology, even with machines that were compatible, the used had physically carry magnetic tapes and insert them into another machine in order to transfer data from one computer to another. With the new technology, a computer simply has to put its data into envelope called an Internet Protocol (IP) packet, and ââ¬Ëaddress the packet correctly to send a message on the network. The philosophy was that every computer on the network could talk to any other computer. 2.2NSF Developments In the late 1980s the National Science Foundation (NSF), started expanding its own NSFNET using the technology developed by ARPANET.â⬠(Krol 192). Five supercomputer centres at major universities were created, and connections were used for e-mail, and for transferring data and information between sites. This created a communications problem, they needed a way to connect their centres together and to allow the clients of these access. ââ¬Å"In response, the NSF built its own network based on ARPANET Internet Protocol (IP) technology. ââ¬Å"(Eraase 1994) it connected these centres with telephone lines. Since the telephone lines were paid for the mile, it was obvious that each university could not be connected to a supercomputing centre, due to financial constraints. They instead created regional chains of networks, with each university being connected to its neighbours, at the top of this chain there was a connection to the super computer. Eventually any computer was able to communicate with any other computer by forwarding the conversation through its neighbours. 2.3Internet Created The NSF agreed to commercial exploitation and on-line service sprang up. ââ¬Å"CompuServe, the first of these, started in 1970 and fifteen years later claimed 3.2 million users in 20 countries. It was part owned by commercial relationships with the German group Bertelsmann and the French group Hachetteâ⬠(Winston 1998). Prodigy belonged to IBM and Sears claimed 1.4 million users. His ââ¬ËWorld Wide Web was open for business in 1992. Meanwhile a commercial Internet Exchange had been established in 1991. Large multinational corporations have been on the Internet for years, although their access has been limited to research and engineering departments. In 1992, many of the restrictions on commercial use began to change. In fact, there are already more commercial sites on the Internet than educational and research sites combined, according to statistic, commercial addresses now comprise of 51% of the network domains. The Internet is made up of over 25,000 networks that can transfer data via many routes. However, it is near enough impossible to pin down any exact numbers concerning its size due to the fact its growth is unparalleled by any other industry. Ghosh 1998 states that the Internet has been adopted faster than any other technological development. 2.4The use of the Internet Between 1993 and 1998, more than 100 million users of the Internet were estimated, and the number of sites of the WWW has grown from 130 to 4.3 million sites. As of June 1999, the Internet users population has been placed at around 170 million people. It has been forecasted that the number users will reach 350 million by 2005 worldwide. In simple terms, the Internet allows millions of people all over the world to communicate and to share. ââ¬Å"The Internet is the first global forum and the first global libraryâ⬠(Hahn and Stout 1994). Commercial businesses are the fastest growing segment of the Internet, you can gather information communicate and actually transact business on the Internet. Here are a few reasons why businesses are using the internet: E-mail is a low cost method for maintaining communication at all levels. Messages can be exchanged in minutes. E-mail is a domain for sharing information and is said to be one of the most important productivity packages around. The Internet allows businesses to be in touch with different branches and work teams at other locations. This creating a virtual community in which people are able to communicate on a daily basis. Using the Internet many organisations are able to bring a global edge to home grown businesses. For many companies, the use of the Internet creates a level playing field; smaller businesses can create an image on the network to compete with larger businesses. ââ¬Å"Many corporations use the Internet to keep a check on the rate of emerging and new technologies, and the market response to these technologiesâ⬠(Ellsworth 1994). The public information and discussion groups available on the Internet provide insight and feedback that is hard to get in any other manner. Here people from all levels of industry, exchange information on marketing research and technological developments. Having the most up-to-date information about your markets and your products allows you to keep or increase your competitive edge. In a business where the concept of getting closer to the customer prime, the internet is becoming increasingly important as well. Internet sales, where customers are sought and served on-line through Gophers and variety of virtual storefronts, are also becoming more popular. Customers can be and are sought before the sale and supported after sale. Companies are able to do actual product sales transactions on the Internet. In addition, in some cases it is possible to deliver the product via the Internet, as with software and information. Many companies have been using the Internet for the transmission of data. The major financial institutions in the world use the Internet extensively for exchanging information and files. Corporate users are now responsible for the transfer of the largest portion of data. 2.5The World Wide Web ââ¬Å"The WWW is the newest information resources to the Internetâ⬠(Krol 1992). It is based on technology called Hypertext Mark-up Language (HTML). Hypertext is a method of presenting information where selected words in the text can be expanded at any time to provide other information about the word. These words are actually links to other documents, which may be text, picture or sound format. The presentation of information on the web is much friendlier that traditional methods and the interface provides for a user -friendly environment. ââ¬Å"The combined with the ability to use any of the Internets tools within the web has been a catalyst for the rush to get on the Internetâ⬠(Ellsworth 1994). The WWW can be defined as a global, interactive, dynamic, cross platform, distributed, graphical, hypertext information system that runs over the Internet and is available globally (Lemay 2000 Online). In the early 1990s the advent of the World Wide Web on the Internet represented the tuning point for electronic ecommerce by providing an easy to use technology solution to the problem of information publishing and dissemination. The web made electronic commerce a cheaper way of conducting business and enable more diverse business activities. The WWW infrastructure is built around the following:- Web sites: A web site is a collection of web pages maintained by a college, university, government, agency, company or individual. Web age: A web page is document on the web. Web pages can include text, pictures, sound and videos. Web server: A web server is a computer connected to the Internet that makes web pages available to the world. The Wold Wide Web is a dynamic structure, and due to the popularity of this new phenomenon it is expanding rapidly. The reason for it being so popular is the fact that information can be made available to anyone anywhere in the world in a matter of minutes (Kalakota, Whinston. 1997 p.145). What types of businesses are trading on the web Business is changing. The way we do business is changing. The electronic commerce revolution is upon us, and perhaps represents the greatest single change to the way in which business operates. Companies of all sizes are now working together to establish their position and create opportunities in this world. The Internet phenomenon has result in a major shift in the way organisations do business, and how they intend to proceed in the future. Many organisations now realise that without an e-commerce strategy they will not survive. This realisation has affected, and will continue to affect business relationship of all sizes. E-Commerce E-Commerce (Electronic Commerce) is the buying and selling of goods and services on the Internet, especially the World Wide Web. In practice, this term and a newer term, e-business are often used interchangeably. For online retail selling, the term e tailing is sometimes used. E-Commerce can be divided into: E-tailing or ââ¬Å"Virtual Storefrontsâ⬠on web sites with online catalogues, sometimes gathered into a ââ¬Å"Virtual mallâ⬠. The gathering and use of demographic data through web contacts. Electronic Data Interchange (EDI), the business to -business exchange of data. E-mail and fax and their use as media for reaching prospects and establish customers (for example, with newsletters). Business-to-Business buying and selling. The security of business transactions. Electronic messaging technologies streamline business processes by reducing paperwork and increasing automation. (Kalakota, Whinston. 1997 p.54). E-Commerce today, is a very wide area of study due to its phenomenon growth and thus, can be described as an umbrella concept, which will continue to grow. Therefore incorporating a variety of disciplines and can be described as following path of a hierarchical structure. Recent technology has increased the capacity of e-commerce transactions, resulting in noticeable paradigms in a number of daily transactions. There are unforeseen benefits not only to businesses, but also consumers, the government and even on a global trade level. The technology that is responsible for taking e-commerce to a global stage is the Internet. There are also other factors that have affected the growth of e-commerce, for example, the availability of hardware at affordable costs, as well as the increased power and ease of use of operating systems and software. With the prices of computer hardware and network equipment falling, e-commerce is seen as one of the strategic investments in line with marketing goals of most business, to stay competitive, improve productivity and to deliver quality services. Commonly, e-commerce is associated with the buying a selling of information, products and services via computer networks. It is also known as the paperless exchange of electronic information, whether it is by electronic data interchange (EDI), electronic funds transfer or other similar technologies methods. Overview of E-Commerce E-Commerce, evolved as early as the days of Alexandra Bell, followed by the launch of terrestrial television and radio communications. However recent developments in technology have increased the efficiency in commerce and have placed e-commerce under the spotlight. During the mid 20th century, the channels through e-commerce took place were telephone networks, the television and the radio. In their infancy they impressed businesses and consumers, so did EDI in the early 1970s and now at present the Internet has bought back the same feelings. Below is an illustration of a generic framework for electronic commerce (Kalakota, Whinston.1997) The figure 1 below is an illustration of the e-commerce overview. Electronic Commerce B2A B2C C2A B2B The Internet Telephone Fax The Internet Telephone Fax Cable Satellite, and Digital TV Telephone Fax The Internet including EDI, marketing, purchasing and e-mail Collaborative Work Groups EDI via Internet Telecomm uniting Electronic Funds Transfer E-Mail Video Conferencing Telephone Fax Figure 1 Types of E-commerce E-commerce covers five main categories that are listed below: Business to Business (B2B) Business within Business (BWB) Business to Administration (B2A) Consumer to Administration (C2A) Business to Consumer (B2C) These are discussed in detail in Appendix 3 titled Types of Web Traders. The introduction of e-commerce has facilitated consumer to business transactions, customers learn about products through electronic purchasing. From a consumer perspective electronic commerce facilitates for the following: Social Interaction. Electronic Commerce enables consumers to communicate with each other through electronic mail, video conferencing and news groups. Personal Finance Agreement. Use electronic means to manage personal finance and management using the online banking tools Purchasing Products and Information. Allows consumer to find online information about exiting and new products and services. (Kalakota, Whinston. 1997 p.139) The explosion in Internet traffic has created other problems. Mostly worryingly, there are continuing fears that many companies offering financial services online are not providing a secure environment to clients and customers. Purchasing on the Web The Internet and the World Wide Web have dramatically changed the way consumers seek and use information online. Whether they are shopping for Information or shopping for goods and services on-line, todays consumers must learn how to manage the resources (Kelley, B Weibke, J. 2003). Most attention on e-commerce has focused on business-to-business transactions and analysts say the surging electronic business-to-business market is about to explode. On-line purchasing systems promise to streamline operations, save time and cut the costs of businesses drowning in order processing. Most buying over the Internet focuses on indirect materials, also known as non-production goods or maintenance, repair and operations. Typically, such applications let any employee order through managed access rights, non-production supplies and service from an on-line catalogue using on a web server. They simplify the process of buying day-to-day items such as office equipments, PCs and other electrical goods to run the company. According to a recent study carried out by Forrester Research (2000) has suggested that the on-line commerce will raise form à £657 billion in 2002 and reach the figure of à £6.8 trillion in 2004. The statistics suggested that more customers are shopping day by day and revenue is increasing for on-line shoppers. The view is supported by Swazey (1999) who believes that the on-line shoppers spend more time on-line shopping than normal high streets shoppers and the amount of money spent rises with the amount of time spent on-line. The view point of Swazey (1999) is similar to Ghosh (1998) as he states that the ââ¬Å"On-line shoppers tend to get carried away within the comfort of their own h omeâ⬠. However the above viewpoint have contrast in bearing to an article (Computer Fraud Security, Sept 2000, p.2) that seemed to suggest that although it may seems like everyone is on-line, but its not true. Internet Banking Internet Banking is no longer a novelty. Banks have long ceased being worried about trading via the web, and instead have embraced the newest delivery channel with enthusiasm. All clearing banks, including the connected building societies, now offer Internet based banking services and all will have an online current account in place. Some, including Barclays, Woolwich, Abbey National and HSBC have developed other channels of delivery including digital TV and mobile phone banking service. All e-banks promise busy current account users speed and convenience. There are no counter queues in cyberspace and e-banks are open 24 hours a day, seven days a week. On-line banking customers can check their balances, view recent transactions, transfers funds, set-up standing orders and direct debits and also option to pay bills on line. In the past, the banking industry was chiefly concerned with asset quality and capitalisation, if the bank was performing well along these dimensions than the banks would be profitable. Today performing well on asset quality and capitalisation is not enough. (Kalakota, Whinston.1997 p.30) The Internet is a medium that provides a new dimension and introduces much opportunity especially for banks; the main advantages are outlined as follows: Enable innovation Cost savings Increased customer base Enable mass customisation Marketing and communication Developments of non core business In a report issued by the BE Agency (2000), it states that the experts believe that the slump in high street banking due to deregulation can be revived by this new medium e-commerce, offering the potential of reviving or at least halting the decline, by raising customer service standards, increasing the choice of retail financial products, reducing the charges and giving customers a more convenient way to manage their money. It is agreed with Patterson (2000) that the banks will have to go online, his reasons being as to why banks have to adopt this new medium is ââ¬Å"in short answer to win over new customersâ⬠it is easier to leave it at that, but also the factors he has also said that it will also promote this new medium are lower cost of account servicing, cross selling opportunities, customer relations and because they have to. Customers can now deal with their accounts personally at any time from anywhere in the word for any reason. Customers can also have the same facility to compare and contrast the products and services of a multitude of banks and choose one that meets their requirements. Knowing how safe is it to use the website an
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.