Security Risks on the Web: Problems and Solutions - Essay Example

Running Head: Risks on the Web Security Risks on the Web: Problems and Solutions Introduction One day you check your mail and receive a collections letter stating you have an outstanding balance for a company named ABC, which you have never heard of. Routinely every week, you have checked your bank account online and find you have several transactions which were carried out by some unknown websites. With these, these questions arise: How and when did these companies gather my information? Was it the website transaction where I ordered the discounted perfume as safe as it projects itself to be? These and many more questions are the everyday queries that consumers and companies face in the USA today. The so called World Wide Web, more commonly known as the web or www, is a system of interconnected hypertext documents which can be accessed through the internet (Gates, 1995). Using a Web browser, such as the Mozilla and the Internet Explorer, an individual can access and view Web pages that offer text, images, videos and other programs and can be navigated through hyperlinks (Gates, 1995). The World Wide Web Today In 1989, the World Wide Web was pioneered by Sir Tim Berners-Lee, an English physicist and is now serving as the director of the WWW consortium together with a Belgian computer scientist named Robert Cailliau (Marine, 1999). After a year, the two proposed building a web of nodes storing hypertext pages that can be accessed through browsers on a network and this was released in December of the same year (Marine, 1999). Other websites were created after all over the globe which added international standards for domain names and the HTML language (Marine, 1999). The creation of the World Wide Web made possible the spread of information over the internet through an easy to use and flexible format. The web played a significant role in making popular that use of the internet (Marine, 1999). According to Himma (2007), there is an increasing threat to private and public sectors all over the world brought about by several reasons. First, nearly every nation, industrial and developing, is becoming more and more reliant on new digital information technologies to perform legitimate commercial and government functions. Although these innovations are greatly helpful for the more efficient delivery of goods and services from these two sectors, there is still a big probability that some vital interests are exposed to possible intrusion or attack. An example given by Smith (2005) is that in identity theft, there are many conditions that these thieves got the information of their victims from online databases used by credit card companies. Although these companies took necessary steps to ensure information safety, they still have exposed their clients to a certain extent to these attackers. Second, Himma (2007) also enumerated the fact that the frequency of digital attacks and intrusions directed at private commercial interests have been gradually increasing over the years as the number of people with the appropriate motivations and technical skills continues to grow. One of the reasons that this is the case as argued by (Klein, 2002) is that there is a significant access of such tools which one can simply ‘Google’ in the internet. The same reason why there is an increase in victims is the same reason why there is an increase in attackers. Lastly, there are more countries that lack laws that address cyber crimes (Himma, 2007; Klein, 2002; Cheswick 2000). Hackers consider that, at the very least, non-malicious intrusions are ethically allowable and have offered a number of arguments purporting to justify such intrusions (Hollinger, 1996). Some hackers believe, for example, that these intrusions are defensible by consequentialist considerations because they result in an increase in humanity’s stock of knowledge about relevant technologies (Hafner, 1995). This, therefore promotes the development of technologies, which will ultimately help make the Internet more secure. Some hackers believe that any barriers to information are morally illegitimate and hence deserve no respect, including barriers that separate the information on an individual’s computer from another individual’s computer (Hollinger, 1996). Many individuals have come to believe that private persons and firms have a right to protect themselves against hacker attacks because such attacks are, contrary to the arguments of the hackers, unjustified and that law enforcement is currently unable to protect them (Hollinger, 1996). Somewhat varying issues arise in connection with the proliferation of a large number of “e-organisms”, such as viruses and Internet worms (Hafner, 1995). Whereas a person need not to perform any affirmative acts to be victimized by a hacker attack, he or she must perform some sort of act, such as opening an email attachment, to be victimized by a virus or worm. Some people have suggested that such acts amount to a form of implied consent that immunizes the writer of the virus or worm from moral and legal culpability (Hafner, 1995). There are of course, other important web risks that arise directly from unwanted computer intrusions. These intrusions, for example, are becoming increasingly common in the growing world on online gaming, which poses a host of security risks-some more important than others (Hafner, 1995). Other concerns are also related to computer intrusions such as the growing number of websites all over the world that are developed at discussing code contrived efforts to facilitate the commission of such intrusions. Indeed, some of these websites will publish code that can be used or abused to commit these very intrusions (Hafner, 1995). Risks on the Web Identity Theft The Web can now be used for registering ones bank account, special offers and even updating medical records to what allergies one might have. Identity theft through the Web can happen to anyone anytime. Someone can experience answering a phone call from a collection agency demanding that one pay past-due bills for products which were never ordered. Or maybe one’s favorite supermarket now refuses checks because one is said to have a history of bouncing checks, even if it is not true and that her paid bills are always paid on time (Smith, 2005). What has happened? These are just some of the possible scenarios that may happen to someone who falls victim to identity thieves. Criminals are now using different methods; they steal social security numbers, driver licenses, credit card numbers, ATM cards, telephone calling cards, and other pieces of individuals’ identities such as date of birth (Smith , 2005). These information are used by these thieves to impersonate their victims, spending as much money as they can within a short period of time possibly before moving to the next victim (Smith, 2005). One way thieves can access personal information mentioned is by finding them on the Web and other internet sources via public records and fee-based information broker sites. Or they can do so on a new scam called “phishing”. This is the practice where someone pretends to be another person such as someone with authority in order to induce another individual to provide the personal information necessary (Smith, 2005). Some of the most common scams involve e-mails that really look like something that came from a financial institution, Internet Service Provider, or other trusted establishments or companies claiming that such person’s personal record has been lost. The email then provides a link to a website that imitates the legitimate business’ website and then asks the individual to enter a credit card number and other personal information so that the record can be restored. However, in fact, the imitated website is controlled by a third party who is attempting to extract information that will be used in identity theft or other crimes (Smith 2005). Hacking It is incredible to watch the phenomenal growth of the Internet. Loosely managed as it is, it is still the catalyst for the rapid development of new technologies and capabilities. It attracts practitioners of varying skill, degree of dedication, and understanding of the impact of their work. One consequence of this diversity is seen in the unsettling emphasis on issues like cyber stalking, cyber-rape, Internet pornography, and numerous other negative problems which risks one’s safety (Gates, 1995). Levy (1995) mentioned in his book that the earliest hackers were students at MIT in the late 1960s. These hackers specialized in putting together pieces of telephone circuitry and tracing the wiring and switching gear if the MIT network. Hacking as understood today began to emerge only with the development of time-shared systems. Hacking was an elite art practiced by small groups of extremely gifted individuals and above all, this early version of hacking was about intellectual challenge and not malicious damage (Levy, 1995). Not all hackers break into a system just for the fun of it. Some do it for profit and some of them are even legitimate. An article by Violino (1993) described a growing phenomenon: companies hiring former and sometimes convicted hackers to probe their security. The claim is that these people have a better understanding of how systems are really penetrated, and that more conventional tiger teams often do not practice social engineering (talking someone out of access information), dumpster diving (finding sensitive information in the trash),etc (Violino, 1993). Naturally, the concept of hiring a hacker is controversial. There are worries that these hackers are not really reformed, and that they cannot be trusted to keep a company or organization’s secrets. There are even charges that some of these groups are double agents, actually engaging in industrial espionage (Violino, 1993). Solutions and Precautions Protecting Passwords The easiest way into a computer, a system or to one’s financial accounts on the Web is usually through the front door, which is to say the login command. A high percentage of system penetration occurs because of the failure of the entire password system. This does not result strictly to the fact that many people chose bad passwords but password guessing is likely to succeed (Klein 2006). Password-guessing attacks take two basic forms. The first involves attempts to log in using known or assumed user names and likely guesses at passwords. This succeeds amazingly often; and pairs of passwords often came out system manuals (Klein, 2006). The solution to this problem is not as hard as one can originally imagine. Simply, users should not be allowed an infinite number of login attempts of bad passwords, failures should be notified on failed login attempts on their account, etc. (Cheswick, 2000). Another way hackers go after a password is by matching guesses against stolen password files. They may be stolen from a system that is already cracked, in this case, attackers will try the cracked passwords on other machines, or they may be obtained from a system not yet penetrated. These are called dictionary attacks, and they are very successful (Cheswick, 2000). For companies and other organizations, encryption is a valuable tool in the security wars, but if it is not used properly, it can hurt the real goals of the organization. Some aspects of improper use are obvious. One must pick a strong enough cryptosystem for the situation, or an enemy might crypt analyze it. Similarly, the key distribution center must be safeguarded, or all secrets will be exposed (Cheswick, 2000). Conclusion An individual Web user can do many things to strengthen the security of the Internet. Security is understood to include protection of the privacy of the information, protection of information against unauthorized modification, protection of systems against denial of service, and protection of systems against unauthorized access. It is the user’s responsibility to understand the security policies and procedures of his computer and network site. Users observing the following guidelines can help ensure the security of their own data, as well as to assist in the protection of their local network site. It is best if users install a firewall on the home computer to put a stop to hackers from getting hold of personal identifying and financial data from your hard drive. This is above all significant if you connect to the Internet by DSL or cable modem. Install and update virus protection software to avoid a worm or virus from making your computer to send out files or other stored information (Cheswick, 2000). Moreover, users are responsible for all resources assigned to them, so sharing of any Web-related and computer-related accounts or access to resources assigned to the user is strongly discouraged. The user should also follow site security procedures for password protection. If one’s system relies on the password protection system, she should be sure to carefully select the password and that it should be changed often. This also applies to all online accounts which can be used for online shopping and the like (Cheswick, 2000). One should be aware that file-sharing and –swapping programs have the tendency to expose your computer to illegal access by hackers and fraudsters (Cheswick 2000). Since it is inevitable to use such programs, one should ensure to comply with the law and know what one is doing, and should install and update regularly and strong firewall and virus protection. Also, adults should check on their youngsters since they may download many file-sharing programs. It is not advisable to use an unmodified word from any language in choosing a password; this includes words spelled backwards. A simple modification involves prefixing a word with one or several numerals (Hollinger 1996). Furthermore, a user should change her password every 6 months at the minimum and do not right it down on a piece of paper, or record it in a file stored on a computer disk, floppy disk, PC or magnetic tape (Klein, 2006). User education on how to use a good password is vital. Sadly, although almost 20 years have passed since Morris and Thompson’s paper (Morris and Thompson, 1979) on the subject, user habits have not improved much. When it comes to “phishing”, users should never respond to phishing email messages. They may appear in the form of an email coming from the user’s bank, eBay, or PayPal. When doing an online shopping, might as well do it with companies that provide transaction security protection and that have strong privacy and security policies. Certain actions basically should not be taken devoid of strong authentication. One has to know who is making certain requests. The authentication needs not to be formal, of course. It should be the case that the user is knowledgeable on the protection mechanism used by the computer, and guarantee that all files are set up with appropriate protection codes, and lastly, and probably the simplest, thou shall not leave the terminal logged in or unattended. Word Count 2454 References Cheswick, W. (2000). An evening with Beferd, in which a cracker is lured, endured and studied. Winter USENIX Conference. Gates, B. (1995). The Road Ahead. New York: Penguin Books. Hafner, K. (1995). Cyberpunk: Outlaws and hackers on the web frontier. New York: Simon & Schuster Himma, K. (2007). Internet Security: Hacking, counter hacking, and society. Canada: Jones and Bartlett. Hollinger, R. (1996). Hackers: Computer Heroes Or Electronic Highwaymen? Computer and Society Journal, 21(1), 6-16. Klein, D. (2002). Foiling the cracker. A survey of and improvements to password security. Security Workshops USENIX, 5-14, Portland Levy, S. (1995). Hacker: Heroes of the computer revolution. New York: Doubleday Marine, A. 1999. Internet: Getting started. New Jersey: PTR Prentice Hall Morris, H., & Thompson, K. 1979. UNIX Password security. Communications of the ACM, 22 (11), 5-11 Smith, M. (2005). Identity Theft: The internet connection. CRS Report for Congress. Read More