Internet Security Issues - Term Paper Example

? Full Paper Contents 2 World Wide Web 5 3 Internet Security 9 4 Advantages Disadvantages Of Implementing Cryptographic Protocols 11 5 Internet Authentication Mechanism 12 6 Conclusion 13 7 References 14 Internet Security 1.1 A New Technology Creates New Ethical Dilemmas There are two primary reasons of adopting the field of compute professionals i.e. Interest and money (Adams, McCrindle 2008). Modern computer technologies are utilized for assembling, storing, and communicating information. Likewise, new technologies in the field of information technology (IT) are creating ethical dilemmas. The effectiveness and speediness related to the electronic information technology systems that consist of limited and international networks, databases and processing programs. These systems also force consumers to tackle new rights and responsibilities in order to use the data and re-evaluate principles of advent computers (Stahl 2011). 1.2 The Importance of Ethics Authority, source and control are the major resources of the information. In fact, the key to success is the right access towards the information. As a result, the social and political relationships are also involved in the development and growth of information systems (Hilton, Se-Hyung "David" Oh et al. 2006). It is more important and ethical that how this information is been utilized by the people. For instance, government levels, headquarters and homes include the electronic systems (Hilton, Se-Hyung "David" Oh et al. 2006). This involvement is increased so much that the people without access to these systems are exaggerated in a particular way. For this reason, new and modern techniques, innovative ethical and lawful decisions are needed in order to balance the requirements and privileges of every person (Stahl 2011). 1.3 Ethics Fill the Gap as Legal Decisions Lag Behind Technology The legal decision lags lies as in modern technological field behind technical development and growth. These gaps are filled through confronting on the issue and by discussing the facts on how to use the electronic information should be proceed (Baase 2008). Furthermore, the above observation delineates the ethical issues in a broad way. On the contrary, the deciding laws include some characteristics related to the issues. These legal issues should be resolved in Electronic Information Systems. 1.4 Ethical Issues In relation to the entire community, the ethics consists of moral options choose by the individuals or users. These include standards of acceptable behavior and rules governing members of an occupation. Moreover, these extend to the Electronic Networks, Electronic Databases and significantly to a Geographic Information Systems. The problems that are present particularly in the three areas require a little different type of ethical decisions. In general, the Electronic Systems, Geographic Information Systems and Networks are being described individually in the later section of this study. 2 World Wide Web 2.1 A Network Defined Starting from a fundamental definition of computer networks, a network is defined as a set of computers or workstations that are capable to communicate with one another. Likewise, in other words a group of similar objects connected together. Some of the networks are present within the institutions or organizations allowing people to communicate electronically within the organization. In fact, some of these small systems are inked or connected with the other organization’s workstations. Thus, thousands of such networks connecting together collectively form an Internet. However, several issues related to the Internet may be applied to smaller network as, well as large network connections. 2.2 Network as Source of Power Initially, the Electronic Networks are recognized as a reliable means of connecting and communicating. Furthermore, it is also recognized as a mean for exchanging information efficiently but today it has become a much more than this. The new sources of power are represented by the large networks. The networks are now prepared in order to generate consistency and competency in communication, so that the movement of information could not rely on another person or could not be controlled by other person or computer. For this reason, the larger networks are now become as Anarchic. The assistance and facilitation of these resources enables an ordinary man or Internet user to communicate and share ideas, assist others with similar interest groups and take assistance from others as well via this medium. The information that is unpopular, uncommon or politically sensitive issues is also shared worldwide via Internet. Many people think that the networks can generate new exciting possibilities but on the other hand, this has become a new way of threatening, rebellious and subversive. 2.3 Network as Social Places In modern days, network has become a place to share ideas, thoughts and personal information. It is a social place where individuals can discover friendships, discuss on several issues, share some unusual interests, fight, form groups, show sympathy, proselytize and fall in love. With other traditional activities, these activities have also become a part of life. Ray Oldenburg an author delineates network as a new kind of “third Place” where people can communicate, share ideas and gather for hospitality a part from home and work which is the first and second place (Martin 2012). The hypothesis stated that, the networks can replace chances of social interaction that is been vanished in the modern world of fringes, express highways and shopping arenas. Moreover, other authors are more conscious regarding the social networking and communicating therefore they termed this as: virtual communities or virtual villages. There are some terms that remind the differences present in the types of interactions that took place over the computer networks of workstations. For example, this has a significant effect due to the lack of face to face interaction. In social networking the race, class, gender and physical appearance is hidden thus allowing the individuals to create a communication that is free from all the delicate issues that usually comes between human relations directly. On the contrary, the virtual interaction allows an individual to interact without any kind of commitments and obligations. The sense of responsibility particularly present in a real community does not exist in virtual networking on the Internet (Martin 2012). 2.4 New Funding Sources Mean New Ethical Issues It is evident that networks have gained popularity in loyal users who recognize the value that is reflecting in this new domain of human interaction that utilize information and communication technology in the current and future ages to come. Likewise, the information and communication technology is adopted more commonly, however, on the other side it is also changing under influence of users and organizations that are new to this domain. The nature of this domain is always evolving, as new and advanced technologies are replaced by the new ones. This rapid change influence new users who are not also thoroughly familiar with the old technology and have to cope with the new one containing more advance options and services. For instance, near field communication is now evolving in a new and completely different domain, where users can utilize their mobile phone instead of credit cards, debit cards etc. 2.5 Acceptable Behaviour on the Networks: New Standards of Conduct A community’s definitions of acceptable behavior rely on the cultural norms and values. A network is set in order to define online standards that are based on the cultural norms and traditional values. However, these traditional values are sometime challenged by the humans due to the increased interaction between the network and society. These networks are widespread among different societies and communities that possess different values and traditions. The modern computers are now allowing people to interact and do things that are previously considered beyond imaginations. The networks as present nowadays possess their new identity, social history and benefits that differ slightly from our present traditions and values. Some people, who are able to developed virtual community, are now spreading individual values, freedom of expression, and free exchange of information, anarchy and uniqueness in other groups. There is a slight difference among the people who possess acceptable behavior on the networks. However, these behaviors tend to change as more and more people are joining networks consisting different backgrounds and different moral values. Fresh users of the Internet and of diverse minor networks should be aware that they are entering an unconventional and alternative social community. The acceptable behavior issues in the network includes simple values of civility to question of rights and responsibilities in sharing out the information that have not been claimed as true or clarified in law. 2.6 How to Behave on the Networks: Remember Where You Are The term Netiquette describes a matter of common sense that is present in every individual to remember how to behave on the social networking sites. However, the Internet believes on freedom of expression for example, some context might be considered as rude or unethical elsewhere but can be tolerated on various other networks. In order to guard the principles of individual expressions, people must remember where they are (Aranda, 2007). Every discussion that is unlawful and believable can be discussed in groups. On some parts of the internet, the field of pornography is flourishing, which is considered to be unethical. Verbal harassment is another issues raised by some people on the Internet. While censoring the individual identify on the Internet, system administrators have now managed to control or negotiate particular situations of conflict. However, some of the activities that are considered unethical and should be questionable off the network must be demolished or controlled via proper judgment. 3 Internet Security 3.1 Session Key Protocols attacks and Defense The most commonly used protocol for creating session keys on the network is Kerberos. It is an access control system which was developed by the Massachusetts Institute of Technology (MIT). Kerberos has three components i.e. 1) Authentication Server, 2) Ticket Granting Server, and 3) File Server and has two versions, version 4 and version 5. The Kerberos security architecture passes cryptographic keys protected tickets between participants. The hashes of the password are not stored anywhere and cannot be used for any sort of security breaches. Kerberos version 4 frameworks possess a centralized authentication service. Kerberos 4 works on a distributed environment where users can access the distributed services located on different servers within the network. The server providing these services first authenticate the users the request of service authentication. This technique is not totally dependent on workstation verification. Kerberos version 4 supports only Data encryption Algorithm as compared to version 5 which support every encryption algorithm available. Version 4 supports only Internet protocol dependence as compared to version 5 which support any Internet protocol. In the process of delegation between servers and accounts when operating in an active directory environment, loop holes can breach security in unpredicted ways. The user having permissions can be hacked to set the permissions which will then be accepted on the network for authentication purposes. The data sources will also be vulnerable to the hacker via the hacked user account. This issue can be countered by limiting the process of delegating the authentication with trusted delegates and replacing it with “Constrained delegation” The secure socket layer (SSL), which was introduced by Netscape in 1995, it has been considered to be a successful E commerce transmission protocol (SANS InfoSec reading room - Threats/Vulnerabilities). The SSL which has become Internet standard called as Transport Layer Protocol (TLS). SSL framework operates on SSL handshake protocol, SSL change Cipher Spec protocol, SSL Alert Protocol, SSL Record Protocol, HTTP, TCP and Internet Protocol. The SSL encryption session of the web authenticate the client by using PKI x 509 certificates. The server is not been authenticated enabling the SSL protocol for web transactions vulnerable to man-in-the-middle (MITM) attack. The MITM attacks are dependent on spoofing address resolution protocol (ARP) and domain name services (DNS). Static ARP tables are recommended to eliminate these attacks when possible. A network should be equipped with intrusion detection device with a rapid response methodology. 3.2 SDSI (Simple Distributed Security Infrastructure) SDSI infrastructure is centered by public keys called as “Key-Centric”, it means that the private and public keys can be viewed as a substitute for individuals who will control the public and private keys. The public and private keys are represented by a data structure. These keys may also include an associated name space, servers, databases etc. 3.3 SDSI (Group Memberships & Certificates) Identity certificates attempts to assert a binding between an individual and the public key associated with it. Judgment of identity certificates is a difficult procedure. The unique identification of names and other attributes is difficult. The solution of this problem is the involvement of human intelligence for judging the identity certificates. The identification can be improved by including a picture or description which will help in identifying the certificate which is establishing a binding between a public key and an individual. The SDSI group consists of set of principles. Each group consists of a name and set of members. For authorizing the access of data and to perform operations, authorized principles of the group are defined and then included in the access control list. This procedure provides reliability and manageability when same group is authorized to different ACL’s. One more approach is adopted to create groups for each role. The group owner decides role assignment to each individual. SDSI is a commonly used trust management system which classifies a formal language of stating authorization and access control policies. For granting request SDSI relies on an algorithm to grant permission of a specific request. Due to its semantics supporting every principle having public and private key pair, SDSI overcomes the disadvantage of using Kerberos only for local authentication. 4 Advantages / Disadvantages Of Implementing Cryptographic Protocols The cryptographic software installed on the application level is more administrative due to monitoring interfaces. The generic advantage of operating with SSL and TLS, they establish a secure channel for transmission of data. They share the application layer and the TCP layer for providing this feature. As these protocols are accepted widely both as freeware and commercial, they are designed as network API’s. While operating in E commerce environment, these cryptographic protocols have several disadvantages. The transmission of credit card number is done successfully, but it cannot be verified. The protocols cannot communicate and request authorization regarding the transactions. The credit card number is stored on the server in the form of a text file. It means that if the security of the server is compromised, the credit card numbers can be retrieved easily as they are stored in the form of text files. 5 Internet Authentication Mechanism If a particular resource needs to be protected, using elementary authentication mechanism, Apache server sends a header including “401 authentications” in repose to the request. As the user enter credentials, consisting of username and password, for the resource to be returned as requested. Moreover, as soon as 401 response headers receive by the web browser, it asks the user to specify username and password in order to authenticate the user. Similarly, the server will check the credentials in the safe list, if they are available; the resource is made available to the user. 5.1 Securing the Contents For any individual resource on a web server, the methodology for securing contents includes actions in terms of step to configure elementary authentication procedures. The first step would be to create a password file. The second step is to determine the configuration in order to obtain the file containing passwords i.e. the password file. Moreover, the first step is to determine valid user credentials, consisting of username and password. Likewise, the credentials provided by the user are matched successfully to a valid username and password lists. The password file is created on the server to validate legitimate user authentication mechanism. However, the password file is a delicate and confidential piece of information and must be stored outside of the document directory in order to eliminate any potential threats from hackers or viruses. 5.2 Database Authentication There are various modules bundled with apache for user authentication on a variety of databases. These two module known as ‘mod_auth_db ’ and ‘mod_auth_dbm’ are integrated within the Apache web server. The elementary authentication mechanism and the digest authentication both lack stability in terms of data organization. For instance, these both mechanisms store passwords on a coherent text files, with no indexes, bookmarks or traceability. In comparison to the databases, that is optimized to extract any particular piece of information rapidly in a large data sets, ‘mod_auth_db ’ and ‘mod_auth_dbm’ enables web administrators to save password files in a ‘.db’ or ‘.dbm’ file formats. 6 Conclusion As we have selected Internet security, we have discussed ethical issues of information systems connected on the Internet. Secondly, we have discussed Internet security issues and their operations on the Internet. Topics that were involved incorporates Session Key Protocols attacks and Defense, SDSI (Simple Distributed Security Infrastructure), SDSI (Group Memberships & Certificates), and Advantages / Disadvantages Of Implementing Cryptographic Protocols. Thirdly, we have recommended solutions for securing the Internet. Moreover, we have also covered the semantics on websites hosted on the Internet and the databases associated with them. Likewise, an authentication mechanism for both websites and databases is discussed in detail. 7 References Aranda, J. (2007). Netiquette and online communication. Journal of Instruction Delivery Systems, 21(4), 11-14. Adams, A.A. and MCCRINDLE, R. (2008). Pandora's Box: Social and Professional Issues of the Information Age. John Wiley & Sons. Baase, S. (2008). A Gift of Fire: Social, Legal, and Ethical Issues for Computing and the Internet. Pearson Prentice Hall. Hilton, T., SE-HYUNG "DAVID" OH and AL-LAWATI, H., 2006. Information Systems Ethics in the Triad. Journal of Computer Information Systems, 46(4), pp. 78-102. Martin, S. (2012). Professional Ethics. TechTrends: Linking Research & Practice to Improve Learning, 56(5), pp. 10-12. Stahl, B.C. (2011). Teaching Ethical Reflexivity in Information Systems: How to Equip Students to Deal With Moral and Ethical Issues of Emerging Information and Communication Technologies. Journal of Information Systems Education, 22(3), pp. 253-260. Read More