Internet security
The internet offers us good things and through it we can achieve a lot of things. Organizations are able to contract suppliers and distributers online. Online payments and ordering of products in one of the major benefit that internet has offered to business community. Initially, internet was reserved for the technological persons. The internet used to be a limitless source of information for few individuals. There has been rapid growth of internet connectivity not only in businesses but also in homesteads. Many users both in developed and developing world are able to access internet through the small devices such as mobile phones. The availability of internet enabled devices has increased the accessibility to the internet. The society is embracing changes but the changes have not been understood by many in the societies. The fact is that the technological improvement and transformation are real, coming faster and becoming relatively cheap. Innovation and inventions have been evident with the advent of internet where information sharing is key concept. Looking at the current trend in information technology the question is what will be the future with information systems. Aprt from the positive things that come with the internet there are concerns that must be addressed because not everyone on the internet has good intensions. There are risks that organizations or individuals can incur huge losses if internet connectivity is not monitored. Careful use of internet is encouraged to minimize the damage or negative impact of internet. This paper looks at the issues of internet security. Internet security does not only deal with the global internet wide area network but also the internal network of an organization. Intranets should also be secure and provide security to the employees. Internet security sometimes looks at the security of the operating system because its weakness can be exploited.
The main concept is to define internet security, how can internet security be compromised and how to ensure that the systems are secured. Threats to internet security include; technological weakness, security policy weakness and configuration. Internet security is a paradigm of computer science and it deals mainly with how to secure internet users against harmful acts while using the internet.
Technological weaknesses
Network and computer technologies have security weaknesses. The weakness may result from the TCP/IP protocol weaknesses, operating system weaknesses, and network equipment weaknesses. There are some weaknesses also in the operating system. All operating systems such as UNIX, Linux, Macintosh, Windows have security problems which should be addressed (Brinkley and Schell, 1995). TCP/IP protocol weakness HTTP, FTP and ICMP are intrinsically insecure. Simple Network Management Protocol (SNMP), Simple Mail Transfer Protocol (SMTP), and SYN floods are related to the essentially insecure structure upon which TCP was designed (Brinkley and Schell, 1995). Network equipment weakness is a vulnerability that is exhibited through the network components such as routers, firewalls and switches. The security weaknesses of this equipment include password protection, lack of authentication, routing protocols and firewall holes.
Configuration weaknesses
It is essential for network administrators to understand what the configurations vulnerable in a computer network are. This will help them correctly configure the systems and the components correctly. Below are some of the weaknesses that come can be exploited by malicious people if the network is not well configured (Brinkley and Schell, 1995).
Unsecured user accounts can be transmitted across the network in an insecure manner resulting into exposure of the s and passwords to intruders. System accounts with easily guessed passwords are also weaknesses in a network setup. There are systems that users are allowed to configure accounts with weak passwords (Farahmand, et. al., 2003).Such poorly selected and easily guessed user passwords present a security challenge.
Security policy weaknesses
The impact of security policy weakness is very large because it creates unforeseen security threats. If the network users do not follow security policies then the network is vey unsecure. We are going to look at some of the security policy weakness and how they are exploited.
Logical access controls not applied is another security policy weakness. If there is inadequate monitoring and auditing facilitates attacks and unauthorized use of organizational resources (Farahmand, et al., 2003). There must be an audit on the use of company resources by the employees, lack of audit reports makes it harder to enforce IT security policies
Shift in information technology is evident in many sectors for instance; geospatial technologies such as GIS, GPS, Digital Photogrammetric and Remote Sensing are going to shift how medical diagnosis and treatments are going to be carried out. Another major shift in information technology will be the virtual organization. Geospatial technologies include GIS, GPS and Remote Sensing which enable high resolution of satellite images and SmallSatNets in getting information about a given location for decision making. There will be widgets that will be designed to assist medics in the process of decision making process. Information systems will be designed, developed and embedded in medical equipments to optimize the work-flow process. Virtual organization is just a concept or an activity and not a building or a place. Handy (1995) defines virtual organization as conceptualization of an idea of an activity without a building. This paper will look at each area sectors where the future of technology is predicted to be a major shift.
Threat to internet security
Physical threats these are the threats that are aimed at destroying the physical information components.
Cyber threats these are the threats to make the communication devices unable to work by blocking, delaying, corrupting information flow.
Inner threats these are the intentional and unintentional actions executed by the employees. Intentionally damaging information systems and providing fake information knowledge.
Network Security Threats
Unstructured threat is a group of individuals who are not very experienced with hacking and they are just using hacking tools that are easily accessible such as password crackers. Although the main purpose of such threats to the system is for fun or testing level of hacking expertise, they can cause large damages to the network.
Structured threats this is a threat that come from individuals who are experienced in hacking and are technically competent. They are individuals who can create codes to exploit system weaknesses because they understand them perfectly.
External threats these are individuals or organization working from outside the company poses threats to the organization such threats do not have access to the computer system hence they gain access through the internet server. They can cause a large damage to the company such as loss of data confidentiality and integrity.
Internal threats these are individuals or organizations that have authorization to access the computer systems and the internet.
Internet Security of Cloud computing
Cloud computing which is being realized now is going to be another major IT innovation. These paradigms represent a case where users store, access, and utilize data remotely over the internet. This is the mapping of water and electricity services model into IT where software, hardware and services are commoditized.
The major components of cloud computing are; software-as-a-service (SaaS), where users access software services online, platform as a service (PaaS) which is computing platform and software stack of the internet. This component enable programmers to use resources over the internet where they can design and deploy their applications online without the need to care about hardware requires. Infrastructure as-a-Service (IaaS) is another service that cloud computing has to offer.
Cloud computing is the current big thing in IT field. There is an increasing need of data backups and disaster management plans which will see in future many companies storing their data in the ‘cloud’ instead of physical storage within the organization. However, a company storing all its virtual data in a ‘cloud’ is risk because if the hacker gains access, then all is lost.
Shift in information technology is evident in many sectors for instance; geospatial technologies such as GIS, GPS, Digital Photogrammetric and Remote Sensing are going to shift how medical diagnosis and treatments are going to be carried out. Another major threat to information is virtual organization. Geospatial technologies include GIS, GPS and Remote Sensing which enable high resolution of satellite images and SmallSatNets in getting information about a given location for decision making. Virtual organization is where people form a company without having a physical location and provide services and products to customers. It is easy for fraudulent people to use the truest people have in virtual organization to still from them.
Social engineering
Social engineering is an attack to the information system by obtaining access in a manipulation manner where the attacker uses tricks to get authorization details. There are several methods of social engineering such as website spoofing and phishing. Many organizations have realized the importance of information security. They have associated information security to business profits in an organization. Different measures such as testing for attacks from the hackers. Companies have failed to realize that disregard of security policy by employees can cost the company. Other employees just disregard the security policies to offend or ‘punish’ the employer. Other employees in the company do not see the need of securing the system.
Breach of information normally takes place in organizations. They are procedures and guidelines of recovering from such situations. The question is what an organization will do if the source of information breach was through social engineering. This means that the attacker manipulated an employee in the organization to get credential to the sophisticated information. Such problems can be fixed by having a comprehensive planning and implementation of information security policies.
There are different ways of ensuring that social engineering is minimized. Employee awareness and sensitization is the most acceptable method. Employees should be informed on the importance of securing information and how security threat can be compromised by sharing information. Hackers get access information through e-mail and fax communication. In such cases they know they will be far in the event that they are discovered.
Employee education alone is not enough to secure systems against system security. Classification of documents in a company is very import. This ensures that security system administrator can assign employees to files that they require. This will also minimize the or identification of the person who gave out credentials to access given files.
Internet security is a wider topic because it covers many aspects ranging from how internet users are at risk of being harmed to how to secure not only the network connectivity but the entire network components. The process of securing a computer network of an organization is complex because of the dynamic challenges they face. Computer threats evolve each day and the techniques used to secure the system in a given period may not be valid within a short time.
Reference
Avizienis, A. (2000), Design Diversity and the Immune System Paradigm: Cornerstones for Information System Survivability, UCLA Computer Science Department, University of California,
Brinkley, D. L., and Schell R. R. (1995), What is there to worry about? An Introduction to the Computer Security Problem, Information Security: An Integrated Collection of Essays, pp. 11-39.
Farahmand, F., Navathe, S. B. Sharp G. P., and Enslow P. H., (2003), Managing Vulnerabilities of Information Systems to Security Incidents, Proceedings of the ICEC 2003, Pittsburgh, PA ACM 1-58113-788-5/03/09
Onwubiko, C., & Lenaghan A. (2006), Spatio-Temporal Relationships in the Analysis of Threats for Security Monitoring Systems, Proceedings of the 2nd International Conference on Computer Science & Information Systems, (ICCSIS 2006), Athens, Greece, ISBN: 960-6672-07-7, June 12-14.