|
Internet Security Program
Three basic concepts in Internet security program are confidentiality, integrity and availability. When an unauthorized person reads or copies information, it results in a loss of confidentiality. When the information is modified in an irregular manner, it results in loss of integrity. When the information is erased or becomes inaccessible, it results in loss of availability.
Authentication and authorization are the processes of Internet security system by which organizations make information available to those who need it and who can be trusted with it. When the means of authentication cannot be refuted later, it is called nonrepudiation.
The History of Internet Security
A network/internet security incident is any network-related activity that has negative security implications. The original goal of the ARPANET was to create a network that would function even if some major section(s) of the network failed or was attacked. Thus the Internet was designed to be robust against denial of service attacks. The ARPANET protocols were designed for openness and flexibility. The usefulness of the network grew as more sites joined the ARPANET. The applications on the ARPANET were quite simple: e-mail, newsgroups and remote connection. ARPANET users were a small group who knew and trusted each other. They played pranks on each other using the network - jokes and annoying messages, and small security breaches. Cliff Stoll in the Lawrence Berkeley National Laboratory in northern California identified the first international security incident in 1986. An international effort was using the network to connect to the systems in the US and copy information. This was due to a simple accounting error in the computer records of the ARPANET systems. The first automated security incident, the Morris worm was reported in 1988.
Types of Network/Internet Security Incidents
Probe : Unusual attempts to gain access or discover something about system.
Scan : Many probes done using an automated tool.
Account Compromise : Unauthorized use of a computer account by someone other than the account owner.
Root Compromise : Similar to an account compromise, except that the account that has been compromised has special privileges on the system.
Packet Sniffer : A program that captures data from information packets as they travel over the network.
Denial of Service : The goal of denial-of-service attacks is to prevent legitimate users of a service from using it.
Exploitation of Trust : Computers on networks often have trust relationships with one another. For example, before executing some commands, the computer checks a set of files that specify which other computers on the network are permitted to use those commands. If attackers can forge their identity, appearing to be using the trusted computer, they may be able to gain unauthorized access to other computers.
Malicious Code : Programs like viruses, worms and Trojan horses.
Internet Infrastructure Attacks : Rare attacks on network name servers, network access providers, and large archive sites.
How can you protect your computer against the above-mentioned Internet security incidents? There are a number of free Internet security programs available online that you can use for this purpose. Given below is a checklist of few simple things you do:
- Assess your risk/risk potential
- Use good antivirus software. There are a number of free Internet security solutions that you can download for this purpose.
- Keep all your software up-to-date (download and apply updates and patches regularly)
- Check your security settings
- Use a firewall (hardware/software)
- Create tough-to-crack passwords (ideally 13 characters long, that includes numbers)
- Conduct regular security maintenance
We thank you for visiting our directory, and wish you well in whatever endeavor brought you here. We are constantly adding new information and resources to our site, both general and state specific in nature, so check back often. |
