Internet of Things and Internet Security - Case Study Example

PROJECT INTERNET SECURITY SUBMITTED BY: EXECUTIVE SUMMARY Internet, the most publicized as well as the largest communication network in the world, isnot owned or centrally controlled by any organization or government. Despite the numerous advantages offered by the internet, there are growing concerns regarding the security issues posed by the same. Although it is an open platform providing various benefits, there is much exploitation in the technological and application level of Internet. As mentioned earlier, Internet has no central control, however the physical infrastructures such Internet Backbone networks, DNS Servers, Top level domain names (TLD) servers, and consumer’s end networks are implemented by various public and private organizations as well as governments to enable communication through the world wide web. Protocols and technology relating to the internet are standardized by W3 Consortium, an independent organization founded at MIT in 1994. In this era one faces different kinds of threats from malwares, hackers, organized cyber attacks from organization and spying by foreign governments etc. Since most of the national assets are connected through internet, foreign forces are always trying to get access to them by hijacking the internet communication network. This paper aims at covering various levels of concern regarding the security of Internet. A brief history, present status of the internet technology as well as its potential future applications is also discussed here. Furthermore, the paper talks about recent technological advances in the Internet and its security in brief, with respect to the growing threats in the present scenario. SWOT ANALYSIS Strengths: Examining the strength area of a networking, the analysis of SWOT should look at the benefits the present network gives to its customers. The useful feature is the major advantages provided by the IT network, which includes: Computerization and more efficient job processes The collection of mass amounts of data in a cohesive database The manufacture of real-time numerical reports on utilization and information management. Weaknesses: The weaknesses of an IT network tend to be associated with its inability to deal with internal decision-making needs. Generally, there are mainly three types of weaknesses in any IT network. They are technology weaknesses, configuration weaknesses and policy weaknesses. “Technology weaknesses create a challenge for IT people because most hardware and software used in a company were already installed when they started their job” (Lammle & Timm, 2003, p.4). Configuration weaknesses mainly includes unsecured used accounts, guessed passwords etc and the policy weaknesses involves troubles with the corporate security policy, for example, lack of a written safety policy, organizational policy etc. An analysis of SWOT should recognize in which areas the different types of weaknesses occur in business methods, especially those that rely on the network to function. Examples of these types of circumstances would include deciding which data information should be obtainable from the network, which traffic in the network takes priority over others, when maximum ability is reached etc. These are problems that influence an organization or business utilizing the network, and, therefore, some kind of necessary actions need to be taken in order to minimize as well as eliminate the same.  Threats: IT network threats can be identified as follows: The threats mainly include hackers, viruses, trojans and other kinds of electronic attacks that affect the integrity of network. Slighter threats also include the problems of organization, for example, changes in software platforms by the providers of the product, changes in technology specifically used by the network, and changes in rigid policies by government for how the networks can work. The analysis of SWOT should assess and look at every factor and how much they influence a detailed network. Critical elements should be highlighted so that an effective strategy that addresses them at the earliest can be developed. Opportunities: Opportunities given by an IT network are not for all time so clear, for the reason that most individuals assume advantages and benefits should already be planned into a working network. On the other hand, when networks start to be used to control industry’s information automatically, they emphasize areas where earlier processes were grossly incompetent in comparison. This may guide to further recognition of similar troubles, and, as a result, recognize areas where savings can be attained. These opportunities must be emphasized in the analysis of a SWOT and credited to the network for recognizing them or making these opportunities for development visible. THE INTERNET & INTERNET SECURITY Since internet is an open platform and spreads across all the continents, the number of its users has crossed over billions. Internet is considered as a day to day need rather than a communication network. The Internet was derived from its forerunner ARPANET by U.S. Defense Advanced Research Projects Agency and the World Wide Web was introduced by Tim Berners Lee. Internet originally described a network of computers that made possible the decentralized transmission of information. Now, the term serves as a superset for innumerable technologies, devices, capacities, uses, and social spaces. Therefore, every discussion based upon internet security must differentiate between its technological entity and its domain of vast applications. The misuse of internet should also be seen as stated above. Internet is exploited at its technological level as well in the application level. Since a big fraction of the planet’s population is connected to this network, all security issues have their own impact in ethical and legal domains. It is in this context, the Internet security is becoming a hot topic of interest. Internet Security relates with concepts and methods for protecting sensitive data and resources in a TCP/IP Network. Internet security starts from the policies that regulate access to protected data and resources. With proper knowledge of threats and counter security measures individuals can protect themselves from exploitation. ETHICAL CONCERN Personal Intrusion An internet connected personal computer/device enables one to connect with the rest of the world who are already connected to the same. At the same time this makes persons vulnerable to the threats arising from its far reaching capability. Through various malicious programs hackers can obtain personal details such as private documents, passwords, recently visited web pages, cookies etc. This when misused entails in both personal and monetary loses for the victims. From the view of Internet security, these types of intrusions can be reduced by turning the firewalls on and installing a good anti -virus program in the device being used. Privacy Privacy in a connected world is one of the growing concerns in this area. Most of the data traffic passing through internet is highly open to the attackers. Individual hackers, illegal organizations and even the government agencies spy on Internet users. Moreover a culture is growing in Internet users to store their personal information such as personal photos in cyberspaces ranging from Social-Networking websites to Cloud storage services. There are many incidents where the securities of many leading social networking websites were compromised and users were exposed to privacy risks. Morality As mentioned early in the privacy section, there are greater chances in exploitation of one’s personal information which is made available online. This information and data can be used for immoral activities such as faking identities, misusing of the data, digitally modifying personal photos for other uses etc. Another category of immoral activities is spreading false news about persons or organizations and spreading harmful programs. These harmful programs include viruses, Trojan horses and root kits. Security Security is an achievable quality in Internet, but most of the users ignore its importance and get vulnerable to attacks. It is thus important to look into major issue raising questions about security ignorance of service providers and users. In 2012, an unknown hacker (intended for research purpose) successfully deployed his Botnet program into 420,000 embedded devices which were not protected with any or default passwords in order to port scan entire IPV4 terminals all over the world, within 2.6 hours. The operation was called Internet census 2012/ Carna Botnet incidence. There were millions of compromised devices related with this study as revealed by AusCERT. “Botnets opportunistically scan the Internet to find and infect computer systems that are poorly configured, or lack current software security patches. Compromised computers are taken over to become slaves in a “botnet”, which can include thousands of compromised computers that are remotely controlled to collect sensitive information from each victim’s PC, or to collectively attack as a swarm against other targeted computers” (Wilson, 2008, p.24). Access Access to private resources can be achieved by deploying malicious software and network spoofing. Hackers try to intercept user identities and password to access a protected resource or data. Once access is achieved they can turn down the entire security of the system as well as fulfill their selfish interests. “Strong logical access control includes sound security policies, clearly defined security models, well-designed system architecture, proper implementation of security mechanisms such as passwords, encryption, and access control lists, and firewalls” (Hau, 2003, p.8). Intellectual Property Uploading of intellectual resources on internet often violates the creator’s rights. Many of the misuses related to intellectual properties include copyright violations, duplications, piracy etc. These types of threats are often faced by software industry, programmers, digital artists, photographers, music and movie related industries etc. Even though there are a vast set of digital licensing methodologies, the modes of violation are also increasing beyond the limit. Militarization of Internet Most of civilian internet traffic is also monitored by domestic and foreign agencies from the end of cold-war. This is often termed as ‘for sake of national security ‘by almost every nation. Countries worldwide are trying to militarize the internet which affects its openness and privacy. “Despite the increasing attention cyber security is getting in security politics, computer network vulnerabilities are mainly a business and espionage problem. Further militarizing cyberspace based on the fear of other states’ cyber capabilities is pointless” (Czosseck, et al., 2012, p.151). LEGAL CONCERN Even though internet is not owned by any organization or government, the use of internet and internet services are regulated through various laws in each country. In United States of America certain laws are formulated to prevent the misuse of Internet as well as for regulating the online business. Such laws ensures protection against identity theft, online frauds, copyright and trade mark protection, unauthorized access of protected devices, security frauds etc. These laws also enable law enforcement agencies to intercept the electronic communication which is believed to be by criminal / terrorist activities (The USA Patriot Act) The following are legal concerns related to internet and internet security. AMBIGUITY IN JURISDICTION Internet practically erased the physical boundaries of countries all around the world. However, there is always ambiguity in jurisdictions regarding internet services hosted outside a country and a complainer in the home country. Laws regarding the committed ‘crime’ may be different or entirely in contrast with each other in countries of service provider and user. Most Internet MNCs are willing to cooperate with the government agencies of their areas of service, however, others may not be. ONLINE GAMBLING Online gambling operations are in business to make huge profits. They take in more money than they pay out. Due to online gambling businesses may not be located in judicial cover of a country, therefore, users do not have legal protection to get their money back. Many countries including U.S.A have their own laws to prevent unlawful gambling in order to prevent mass loss of citizen’s money. U.S. Congress passed legislation in 2006 that bans the use of credit cards for online gambling.  However, some people in the U.S. are still accessing online gambling sites. Similar websites still process credit cards and are into betting practices illegally in many parts of the world. MISLEADING DIGITAL CONTENT OVER INTERNET Various measures have been taken by governments to prevent the propagation of misleading domain names, words and images over internet. The term ‘misleading’ is defined by the laws of concerned country. Nations, such as People’s Republic of China, have censored the Internet to a vast level to prevent ‘misleading’ contents as defined by their law. In United States laws have been made for prevention of misleading domain names that deceive minors and relate to obscenity. POLICY MAKING REGARDING E-COMMERCE Market has been mostly shifted to online now a days. E-commerce has its own advantages and convenience over conventional markets. “In the online marketplace, consumers can transact business without the constraints of time or distance. One can log on to the Internet day or night and purchase almost anything one desires, and advances in mobile technology allow advertisers to reach consumers nearly anywhere they go” (How To Make Effective Disclosures In Digital Advertising, 2013, p. i). However, if proper policies are not formulated, it would upturn the economy of the country. Thus, every country maintains a code of conduct for online business. ONLINE FINANCIAL FRAUDS “Financial fraud often starts with the diversion of personal information. A trash or recycling bin, a telephone conversation, or a poorly protected computer can be the starting point for fraud. Businesses are often vulnerable as well” ( Paget, 2009, p.18) Online financial frauds are very hard to tackle even if the source is identified. The state may not complete the legal process easily if fraudulent website or person belongs to another nation. Most financial frauds are hosted in countries with less or no cyber laws. LEGAL CONCERNS SURROUNDING SECURITY ISSUES OF INTERNET In most democratic countries, the government is bound to secure the life, livings and belongings of its citizens by their constitution. Whatever threatens the normal life of a citizen should be avoided by law making governments. Internet is not merely a communication network. It is an umbrella term referring to millions of day to day services. So, just because of the growing threats one cannot simply avoid internet and step back to a non-internet world, as it is simply impossible. It is also the duty of the state to protect their citizens from harmful applications of internet. The security issues should be addressed in personal domain, social domain and in financial level. The hackers try to obtain data of sensitive value in order to benefit from it. That benefit may affect the victim socially, financially or personally. Various types of targeted attacks may include phishing, key stroke phishing, network data snooping, identity theft etc. Since most of these security breaches can be created from outside the ‘territory of jurisdiction’ of a nation, there arises a need for international co-operation in investigation and in standardization of cyber laws. Agreements should be made between countries in order to exchange the cyber criminals or to take legal action against illegal organizations in their homeland. Strong laws should be formulated and governments must make its citizens aware of security threats and proper counter measures. Apart from protecting victims, the law should prevent its own citizens from initiating a cyber attack against a foreign or domestic target. On the infrastructure level, more effort should be brought to secure physical cables and networking components from both software and hardware threats. RECENT DEVELOPMENT IN INTERNET/INTERNET SECURITY Since the last two years, there can be observed a shift in the trends of client devices of internet. PCs have paved way for Smartphone and hand held computers. With the introduction of latest Android OS, many corporations competed each other in building the next generation smartphone due to low cost of software development. This had considerably changed the trends and smart phones were made available even to the middle class consumer. Most of the users shifted to small screens and websites were compelled to fit into little inches of displays. This created a revolution in next generation content formatting in World Wide Web, as responsive and minimalist approaches came into existence. Internet usage from much more personal devices such as mobile phone also could be further customized. Even the banks gave priority to go mobile through their own applications or technology partners. When sensitive data was transferred through mobiles which had much lesser security, attention came towards improvements in wireless technologies. The modern world has also witnessed a trend of network/cloud storage and release of mobile security software enormously in past two years. Internet is changing as its clients, client devices and client comforts are also changing. As number of connected devices were increasing at a higher pace, the migration from IPV4 to IPV6 also took place. “A study conducted by RTI International for the National Institute of Standards and Technology (NIST) and the National Telecommunications and Information Administration (NTIA) finds that IPv6 is expected to return $10 for each dollar invested. Study participants identify several major categories of IPv6 applications that, in total, they estimate would deliver benefits in excess of $10 billion per year” (Taping The Benefits Of IPv6 2008, p. 3). The capacities of user-agents like web browsers should rise further, enough to handle the application and security challenges in the future. FUTURE ROLE OF THE INTERNET/INTERNET SECURITY In the coming years, internet will be used independently by Intelligent Home appliances in order to communicate with others than human users of internet. Wearable technology could someday be more common as Smartphone. Gadgets are becoming smart and powerful today and connectivity is no longer a problem. It can be termed as an ‘Internet of things.’ In the near future, the cost of internet will be cut down and individuals will not be concerned as most of the gadgets may connect to the internet on their own. Internet will give more personalized and intelligent services on its own while this ‘internet of thing’ being the part of the actual Internet. The concept of a blood sugar tester that instantly passes one’s blood sugar level to a physician or stores the historic data in an online database can prove to be very useful. Mostly every automobile will be connected to the future internet for utilizing internet and GPS assisted driving without using hardware level GPS Maps. With introduction of IPV6 around Sextillion’s of devices can be connected to internet. So there is a chance that every vehicle may obtain a MAC address to connect to the Internet. Certainly the future internet can bring pretty much comfort into the human life through its intelligence and speed. “The future network underlying the Internet will not only need to have the bandwidth to handle the sheer scale of content being transferred, but also the technology and infrastructure to handle that transfer as efficiently and securely as possible” (Simperl et al., n.d., p.12). DIAGRAM SHOWING ARCHITECTURE OF INTERNET [This diagram was created using Dia, an opensource alternative for Visio] References Lammle, T. & Timm, C. 2003. Introduction to Network Secirity. Alameda: Sybex Inc., pp.1-412. Retrieved January 28, 2014, from Wilson, C. 2008. Why Cyber Attacks Are Successful. Congressional Research Service, pp. 1-40. Retrieved January 28, 2014, from < http://www.fas.org/sgp/crs/terror/RL32114.pdf > Hau, D. 2003. Threats Risks And Control.SANS Institute, pp. 1-10. Retrieved January 28, 2014, from Czosseck, C., Ottis, R. & Ziolkowski, K. 2012. The Militarisation of Cyberspace: Why Less May Be Better. Tallinn: NATO CCD COE Publications, pp.141-153. Retrieved January 28, 2014, from 2013. How To Make Effective Disclosures In Digital Advertising. Federal Trade Commission, pp.i-26. Retrieved January 28, 2014, from Paget, F. 2009. Financial Fraud And Internet Banking: Threats And Countermeasures. California: McAfee Inc., pp. 1-26. Retrieved January 28, 2014, from 2008. Taping The Benefits Of IPv6. U.S.: NTT Communications, pp.1-15. Retrieved January 28, 2014, from < http://www.us.ntt.net/downloads/papers/NTT_IPv6_Final_Website.pdf> Simperl, E., Toma, I., Domingue, J., Hench, G., Lambert, D., Nixon, L. J. B., Cimpian, E., Dietze, S. & Filipowska, A. (n.d.) Future Internet Roadmap. Service Web, pp. 1-34. Retrieved January 28, 2014, from Read More