StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security Risks on the Web: Problems and Solutions - Essay Example

Cite this document
Summary
The paper "Security Risks on the Web: Problems and Solutions" discusses that user education on how to use a good password is vital. Sadly, although almost 20 years have passed since Morris and Thompson’s paper (Morris and Thompson, 1979) on the subject, user habits have not improved much…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.7% of users find it useful
Security Risks on the Web: Problems and Solutions
Read Text Preview

Extract of sample "Security Risks on the Web: Problems and Solutions"

Running Head: Risks on the Web Security Risks on the Web: Problems and Solutions Introduction One day you check your mail and receive a collections letter stating you have an outstanding balance for a company named ABC, which you have never heard of. Routinely every week, you have checked your bank account online and find you have several transactions which were carried out by some unknown websites. With these, these questions arise: How and when did these companies gather my information? Was it the website transaction where I ordered the discounted perfume as safe as it projects itself to be? These and many more questions are the everyday queries that consumers and companies face in the USA today. The so called World Wide Web, more commonly known as the web or www, is a system of interconnected hypertext documents which can be accessed through the internet (Gates, 1995). Using a Web browser, such as the Mozilla and the Internet Explorer, an individual can access and view Web pages that offer text, images, videos and other programs and can be navigated through hyperlinks (Gates, 1995). The World Wide Web Today In 1989, the World Wide Web was pioneered by Sir Tim Berners-Lee, an English physicist and is now serving as the director of the WWW consortium together with a Belgian computer scientist named Robert Cailliau (Marine, 1999). After a year, the two proposed building a web of nodes storing hypertext pages that can be accessed through browsers on a network and this was released in December of the same year (Marine, 1999). Other websites were created after all over the globe which added international standards for domain names and the HTML language (Marine, 1999). The creation of the World Wide Web made possible the spread of information over the internet through an easy to use and flexible format. The web played a significant role in making popular that use of the internet (Marine, 1999). According to Himma (2007), there is an increasing threat to private and public sectors all over the world brought about by several reasons. First, nearly every nation, industrial and developing, is becoming more and more reliant on new digital information technologies to perform legitimate commercial and government functions. Although these innovations are greatly helpful for the more efficient delivery of goods and services from these two sectors, there is still a big probability that some vital interests are exposed to possible intrusion or attack. An example given by Smith (2005) is that in identity theft, there are many conditions that these thieves got the information of their victims from online databases used by credit card companies. Although these companies took necessary steps to ensure information safety, they still have exposed their clients to a certain extent to these attackers. Second, Himma (2007) also enumerated the fact that the frequency of digital attacks and intrusions directed at private commercial interests have been gradually increasing over the years as the number of people with the appropriate motivations and technical skills continues to grow. One of the reasons that this is the case as argued by (Klein, 2002) is that there is a significant access of such tools which one can simply ‘Google’ in the internet. The same reason why there is an increase in victims is the same reason why there is an increase in attackers. Lastly, there are more countries that lack laws that address cyber crimes (Himma, 2007; Klein, 2002; Cheswick 2000). Hackers consider that, at the very least, non-malicious intrusions are ethically allowable and have offered a number of arguments purporting to justify such intrusions (Hollinger, 1996). Some hackers believe, for example, that these intrusions are defensible by consequentialist considerations because they result in an increase in humanity’s stock of knowledge about relevant technologies (Hafner, 1995). This, therefore promotes the development of technologies, which will ultimately help make the Internet more secure. Some hackers believe that any barriers to information are morally illegitimate and hence deserve no respect, including barriers that separate the information on an individual’s computer from another individual’s computer (Hollinger, 1996). Many individuals have come to believe that private persons and firms have a right to protect themselves against hacker attacks because such attacks are, contrary to the arguments of the hackers, unjustified and that law enforcement is currently unable to protect them (Hollinger, 1996). Somewhat varying issues arise in connection with the proliferation of a large number of “e-organisms”, such as viruses and Internet worms (Hafner, 1995). Whereas a person need not to perform any affirmative acts to be victimized by a hacker attack, he or she must perform some sort of act, such as opening an email attachment, to be victimized by a virus or worm. Some people have suggested that such acts amount to a form of implied consent that immunizes the writer of the virus or worm from moral and legal culpability (Hafner, 1995). There are of course, other important web risks that arise directly from unwanted computer intrusions. These intrusions, for example, are becoming increasingly common in the growing world on online gaming, which poses a host of security risks-some more important than others (Hafner, 1995). Other concerns are also related to computer intrusions such as the growing number of websites all over the world that are developed at discussing code contrived efforts to facilitate the commission of such intrusions. Indeed, some of these websites will publish code that can be used or abused to commit these very intrusions (Hafner, 1995). Risks on the Web Identity Theft The Web can now be used for registering ones bank account, special offers and even updating medical records to what allergies one might have. Identity theft through the Web can happen to anyone anytime. Someone can experience answering a phone call from a collection agency demanding that one pay past-due bills for products which were never ordered. Or maybe one’s favorite supermarket now refuses checks because one is said to have a history of bouncing checks, even if it is not true and that her paid bills are always paid on time (Smith, 2005). What has happened? These are just some of the possible scenarios that may happen to someone who falls victim to identity thieves. Criminals are now using different methods; they steal social security numbers, driver licenses, credit card numbers, ATM cards, telephone calling cards, and other pieces of individuals’ identities such as date of birth (Smith , 2005). These information are used by these thieves to impersonate their victims, spending as much money as they can within a short period of time possibly before moving to the next victim (Smith, 2005). One way thieves can access personal information mentioned is by finding them on the Web and other internet sources via public records and fee-based information broker sites. Or they can do so on a new scam called “phishing”. This is the practice where someone pretends to be another person such as someone with authority in order to induce another individual to provide the personal information necessary (Smith, 2005). Some of the most common scams involve e-mails that really look like something that came from a financial institution, Internet Service Provider, or other trusted establishments or companies claiming that such person’s personal record has been lost. The email then provides a link to a website that imitates the legitimate business’ website and then asks the individual to enter a credit card number and other personal information so that the record can be restored. However, in fact, the imitated website is controlled by a third party who is attempting to extract information that will be used in identity theft or other crimes (Smith 2005). Hacking It is incredible to watch the phenomenal growth of the Internet. Loosely managed as it is, it is still the catalyst for the rapid development of new technologies and capabilities. It attracts practitioners of varying skill, degree of dedication, and understanding of the impact of their work. One consequence of this diversity is seen in the unsettling emphasis on issues like cyber stalking, cyber-rape, Internet pornography, and numerous other negative problems which risks one’s safety (Gates, 1995). Levy (1995) mentioned in his book that the earliest hackers were students at MIT in the late 1960s. These hackers specialized in putting together pieces of telephone circuitry and tracing the wiring and switching gear if the MIT network. Hacking as understood today began to emerge only with the development of time-shared systems. Hacking was an elite art practiced by small groups of extremely gifted individuals and above all, this early version of hacking was about intellectual challenge and not malicious damage (Levy, 1995). Not all hackers break into a system just for the fun of it. Some do it for profit and some of them are even legitimate. An article by Violino (1993) described a growing phenomenon: companies hiring former and sometimes convicted hackers to probe their security. The claim is that these people have a better understanding of how systems are really penetrated, and that more conventional tiger teams often do not practice social engineering (talking someone out of access information), dumpster diving (finding sensitive information in the trash),etc (Violino, 1993). Naturally, the concept of hiring a hacker is controversial. There are worries that these hackers are not really reformed, and that they cannot be trusted to keep a company or organization’s secrets. There are even charges that some of these groups are double agents, actually engaging in industrial espionage (Violino, 1993). Solutions and Precautions Protecting Passwords The easiest way into a computer, a system or to one’s financial accounts on the Web is usually through the front door, which is to say the login command. A high percentage of system penetration occurs because of the failure of the entire password system. This does not result strictly to the fact that many people chose bad passwords but password guessing is likely to succeed (Klein 2006). Password-guessing attacks take two basic forms. The first involves attempts to log in using known or assumed user names and likely guesses at passwords. This succeeds amazingly often; and pairs of passwords often came out system manuals (Klein, 2006). The solution to this problem is not as hard as one can originally imagine. Simply, users should not be allowed an infinite number of login attempts of bad passwords, failures should be notified on failed login attempts on their account, etc. (Cheswick, 2000). Another way hackers go after a password is by matching guesses against stolen password files. They may be stolen from a system that is already cracked, in this case, attackers will try the cracked passwords on other machines, or they may be obtained from a system not yet penetrated. These are called dictionary attacks, and they are very successful (Cheswick, 2000). For companies and other organizations, encryption is a valuable tool in the security wars, but if it is not used properly, it can hurt the real goals of the organization. Some aspects of improper use are obvious. One must pick a strong enough cryptosystem for the situation, or an enemy might crypt analyze it. Similarly, the key distribution center must be safeguarded, or all secrets will be exposed (Cheswick, 2000). Conclusion An individual Web user can do many things to strengthen the security of the Internet. Security is understood to include protection of the privacy of the information, protection of information against unauthorized modification, protection of systems against denial of service, and protection of systems against unauthorized access. It is the user’s responsibility to understand the security policies and procedures of his computer and network site. Users observing the following guidelines can help ensure the security of their own data, as well as to assist in the protection of their local network site. It is best if users install a firewall on the home computer to put a stop to hackers from getting hold of personal identifying and financial data from your hard drive. This is above all significant if you connect to the Internet by DSL or cable modem. Install and update virus protection software to avoid a worm or virus from making your computer to send out files or other stored information (Cheswick, 2000). Moreover, users are responsible for all resources assigned to them, so sharing of any Web-related and computer-related accounts or access to resources assigned to the user is strongly discouraged. The user should also follow site security procedures for password protection. If one’s system relies on the password protection system, she should be sure to carefully select the password and that it should be changed often. This also applies to all online accounts which can be used for online shopping and the like (Cheswick, 2000). One should be aware that file-sharing and –swapping programs have the tendency to expose your computer to illegal access by hackers and fraudsters (Cheswick 2000). Since it is inevitable to use such programs, one should ensure to comply with the law and know what one is doing, and should install and update regularly and strong firewall and virus protection. Also, adults should check on their youngsters since they may download many file-sharing programs. It is not advisable to use an unmodified word from any language in choosing a password; this includes words spelled backwards. A simple modification involves prefixing a word with one or several numerals (Hollinger 1996). Furthermore, a user should change her password every 6 months at the minimum and do not right it down on a piece of paper, or record it in a file stored on a computer disk, floppy disk, PC or magnetic tape (Klein, 2006). User education on how to use a good password is vital. Sadly, although almost 20 years have passed since Morris and Thompson’s paper (Morris and Thompson, 1979) on the subject, user habits have not improved much. When it comes to “phishing”, users should never respond to phishing email messages. They may appear in the form of an email coming from the user’s bank, eBay, or PayPal. When doing an online shopping, might as well do it with companies that provide transaction security protection and that have strong privacy and security policies. Certain actions basically should not be taken devoid of strong authentication. One has to know who is making certain requests. The authentication needs not to be formal, of course. It should be the case that the user is knowledgeable on the protection mechanism used by the computer, and guarantee that all files are set up with appropriate protection codes, and lastly, and probably the simplest, thou shall not leave the terminal logged in or unattended. Word Count 2454 References Cheswick, W. (2000). An evening with Beferd, in which a cracker is lured, endured and studied. Winter USENIX Conference. Gates, B. (1995). The Road Ahead. New York: Penguin Books. Hafner, K. (1995). Cyberpunk: Outlaws and hackers on the web frontier. New York: Simon & Schuster Himma, K. (2007). Internet Security: Hacking, counter hacking, and society. Canada: Jones and Bartlett. Hollinger, R. (1996). Hackers: Computer Heroes Or Electronic Highwaymen? Computer and Society Journal, 21(1), 6-16. Klein, D. (2002). Foiling the cracker. A survey of and improvements to password security. Security Workshops USENIX, 5-14, Portland Levy, S. (1995). Hacker: Heroes of the computer revolution. New York: Doubleday Marine, A. 1999. Internet: Getting started. New Jersey: PTR Prentice Hall Morris, H., & Thompson, K. 1979. UNIX Password security. Communications of the ACM, 22 (11), 5-11 Smith, M. (2005). Identity Theft: The internet connection. CRS Report for Congress. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Security risks on the Web: problems and solutions Essay”, n.d.)
Retrieved from https://studentshare.org/miscellaneous/1555796-security-risks-on-the-web-problems-and-solutions
(Security Risks on the Web: Problems and Solutions Essay)
https://studentshare.org/miscellaneous/1555796-security-risks-on-the-web-problems-and-solutions.
“Security Risks on the Web: Problems and Solutions Essay”, n.d. https://studentshare.org/miscellaneous/1555796-security-risks-on-the-web-problems-and-solutions.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security Risks on the Web: Problems and Solutions

Computer Security or Ethical Issue

n this scenario, if a business has a system linked to the web-based technology just to send communication messages, so the business system can definitely be the target.... This paper outlines various security issues along with their solutions.... Furthermore, web-based technology and digital companies make it simple to collect, incorporate, and share business information, offering new fears regarding the suitable usage of customer details, the safety of individual confidentiality, as well as the security of the intellectual property of the organization (Armor2net Software Ltd....
9 Pages (2250 words) Research Paper

Dental Office Network Systems

This paper will examine network solutions relevant to the dental practice entity provided in the case study, highlighting the requirements, network solutions, and risks associated with the proposed network solution.... Requirements and Network solutions Perhaps the greatest requirement for the dental practice is the provision of extra bandwidth to cater for both the stationary and mobile dentists visiting senior citizens homes and elementary schools....
6 Pages (1500 words) Case Study

Security Management

The firm thereafter decides on the most cost effective solutions to its security woes.... Following attacks of 9/11 and other series of attacks and threats of attacks, security features in buildings and sites have become important.... engineers endeavor to use the best skills that ensure optimum building and site security, Information Technology is the other area that IT experts spend a lot of time and resources trying to protect organization information....
17 Pages (4250 words) Research Paper

The Solution of VPN Connection

In this particular scenario, the frame relay network consists of a group of interconnected nodes (switches), which relay the frame relay data across the web.... In the realm of VPN, many security risks are associated with the T1 frame relay shown in the diagram.... In order to protect against this risk, a two-tier level of security should be enforced.... The two-level security prompts the user to enter two aspects of passphrases in case an intruder has one component, but lacks another component....
6 Pages (1500 words) Case Study

Proposing a Solution

At the helm of the escalating risks to the national security in the country, the cyber environment threats are equally evolving, as... Therefore, it is essential to establish workable approaches to maintaining the security of the communication and technological systems.... he advent of the security challenges created another aspect of terror, an establishment that many nations are yet to consider as a possible channel for terror attacks.... after the memorable 9/11 attack, the subject of security evolved into a critical matter that none of the congressional representatives or the general population would take lightly (Werner 16)....
6 Pages (1500 words) Essay

Computer Security

In this scenario, if a business has a system linked to the web-based technology just to send communication messages, so the business system can definitely be the target.... This paper outlines various security issues along with their solutions.... Furthermore, web-based technology and digital companies make it simple to collect, incorporate, and share business information, offering new fears regarding the suitable usage of customer details, the safety of individual confidentiality, as well as the security of intellectual property of the organization (Armor2net Software Ltd....
9 Pages (2250 words) Research Paper

Management Solutions in Practice

This paper, Management solutions in Practice, declares that the concept of cloud computing has been stated to be a computing pattern which unites a vast collection of systems in public as well as private networks.... Their solutions are considered to be unique and much more advantageous compared to those traditional way of providing solutions through software that were needed to be purchased and set up locally or manually on individual machines....
12 Pages (3000 words) Assignment

Security Risks on the Web

The paper "security risks on the web" presents that with rapid global development came the electronic revolution.... There is an increase in the number of security risks on the Internet.... his section looks into various Internet security problems that have disturbed the residents as well as the corporate and business world in the past.... With this huge boom in its usage came Internet security Threats.... People who specialize in various computer programs and hacking logics have mastered the skills to breach Internet security....
8 Pages (2000 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us