ePremium.net is your Business Solution!
 
Home
Products
Download
Tutorials & Articles
Contact
Links
 

Forex news trading, forex news feed, forex news calendar, forex news rss, forex news feeds, forex news announcements, forex news live, forex news ticker, forex news groups, forex news radio
Home Contact Disclaimer Privacy Policy SiteMap
Internet Business Tutorial
Internet Business Tutorial

Section 7: Internet Security

Internet Security

The Internet has revolutionized how we communicate because of the power of millions of computers connected to a single worldwide network. The flip side of this strength, unfortunately, is that networks, including the Internet, are susceptible to unauthorized access by unscrupulous people.

Internet users of all types must be aware and knowledgeable about the dangers posed by computer viruses, identity theft, and the spyware and adware software employed by unethical businesspeople.

E-commerce entrepreneurs must also know the ins and outs of conducting secure financial transactions on the Internet-both to protect themselves as well as the financial and privacy concerns of their customers. A host of sensitive information, such as Social Security, bank account and credit-card numbers, is now exchanged over the Internet. Responsible businesses need to understand how to make this information safe and secure during its digital travels.

Encryption

The process of encryption is how communications over the Internet are made inaccessible to unauthorized interception. Encryption involves scrambling the data by processing it with a mathematical algorithm that converts the communication to an unreadable string of letters and numbers. If the communication is somehow intercepted, it's impossible for the eavesdropper to interpret it. After the communication reaches its intended recipient, a similar algorithm reverts it back to its original, unencrypted form.

Here's a description of the two basic types of encryption used to secure communications over the Internet. Both use the analogy of a "key" to lock and unlock communications.

Symmetric-key encryption. In symmetric-key communication, each computer involved in the communication uses a "private key," which is a type of code, to encrypt and decrypt communications. All the computers in the loop must have access to the code, and secure communication outside the network cannot take place.

For example, in symmetric-key encryption, Computer A uses its private key to encode and send a communication to Computer B, which has access to this same private key. Computer B then uses its private key to decrypt the message and, when applicable, encrypt a response that's sent back to Computer A. It's not much different than handing a written coded message to someone and then telling that person how to decipher it.

An example of symmetric-key encryption is Data Encryption Standard (DES) and its successor, Triple DES, which provides a much-greater degree of security than DES.

Public-key encryption. Public-key encryption (also called asymmetric encryption) is more commonly used than older symmetric-key encryption standards like DES because it provides for a greater level of security and encryption flexibility.

This type of encryption involves a combination of public and private keys. In this scenario, Computer A has a private key known only to itself and a public key it distributes to any other computer (Computer B), whether known to Computer A or not, that wants to communicate with it. Computer B then uses its own private key plus the public key provided by Computer A to decrypt and read the message.

The most-popular software offering public-key encryption is PGP (Pretty Good Privacy), which is a client that allows computers to encrypt and securely share e-mail messages or nearly any type of file. PGP is available from PGP Corp., and freeware and shareware versions with similar features are available elsewhere online.

Public-key encryption vs. private key. Public-key encryption is most commonly used in today's e-commerce websites because it provides a higher-degree of security for data-the chances of someone intercepting and decoding data secured with public-key encryption are amazingly miniscule. That's because today's public-key encryption products use 128-bit encryption, as opposed to the 40- and 56-bit encryption offered by public-key encryption like DES.

The higher the bit number, the greater the protection, because higher numbers mean more complex algorithms are being used. In fact, 128-bit encryption means only one of 2128 possible combinations will decipher the code. That's literally trillions of trillions of possible solutions but only one answer.

Authentication

Another aspect of secure communications is authentication, the verification that the encrypted communications has come from a reliable source. This requires processes beyond the encryption process.

Usernames and passwords. The most-common authentication involves the use of usernames and passwords, a process you see most every day while using the Internet. For example, while encryption lets you communicate with a secured website, often times, information only can be shared once the user enters the username and password. The computer system receiving the information, checks this information against its secured files, and grants or denies access based upon the username and password provided.

Digital signatures. A digital signature, which uses public-key encryption, is an authentication process in which an electronic signature is added to an encrypted communication to help the recipient determine if the sender is authentic. If the digital signature is altered in any way during transmission, it makes the signature invalid, and the recipient knows the sender is not authentic.

Digital certificates. A digital certificate, like a digital signature, is attached to an encrypted communication for verification purposes. The certificate verifies the sender's identity and gives the recipient the opportunity to send an encrypted reply.

Certificates are an important feature in e-commerce as they allow customers sending sensitive information over the Internet to know that the information has been encrypted. A certification authority, the organization responsible for ensuring the security of the delivered communications, must issue certificates.

The two largest certification authorities are VeriSign and GeoTrust. These private companies offer an array of products that enable e-commerce sites to conduct secure financial transactions and other communications over the Internet.

E-commerce websites offering secure transactions capabilities are authorized to display the certification authority's logo as a sign to customers that their transmitted information will be encrypted.

Another way for customers to determine if the they are on a secured website is when an "s" follows "http" in the Address Bar of their web browser. HTTPS (Hypertext Transfer Protocol Secure) is the Web's standard encryption mechanism. The protocol is ordinary Hypertext Transfer Protocol (HTTP) operating with Secure Sockets Layer (SSL), which we discuss in the next section of this tutorial.

A small, gold, "locked" padlock displayed on the bottom of a web browser's interface is another sign that a secured website is being displayed. Double-clicking the padlock provides information about the certificate and the certification authority. This can be useful for customers who want to learn more about the authenticity of the security features on a HTTPS-protected website.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Secure Sockets Layer (SSL) is a widespread use of public-key encryption. The S in HTTPS means SSL is in place to encrypt data transmitted through the website, and is the standard used by the VeriSign and GeoTrust certification authorities (see digital certificates).

While PGP (Pretty Good Privacy) works well for single computer-to-computer encrypted data exchanges, SSL is the industry standard for e-commerce because of its high level of encryption (128-bit, see Public-key encryption vs. private key). It's also scalable, allowing many users to send secure information to web servers.

More and more, you'll see SSL referred to as Transport Layer Security (TLS) or perhaps as SSL-TLS. TLS is the successor to SSL, is based upon SSL but, although having only slight differences, is not interchangeable with SSL. Only newer web browser versions support TLS.

Spyware & Adware

In 2003, the proliferation of "spyware" and "adware" (sometimes together, with viruses, called "malware") became the latest negative part of the lives of Internet users. These software programs are employed by hackers and dubious entrepreneurs to spy on Internet users computing activities for equally dubious activities.

duplicate

Spyware is unintentionally downloaded software that monitors an Internet user's computing activities. Spyware can be used by hackers to steal sensitive information, such as Social Security and credit card numbers, or it can be used by companies to gather information about customers. Although not as invasive as spyware, adware often goes beyond accepted e-commerce practices to gather information about Internet activities in order to target users with online advertising, such as spam and pop-up advertisement windows. Spyware and adware practices are considered unethical because, it addition to the obvious privacy concerns, it can cause software on infected computers to malfunction. Often, the web browsers themselves are the targets.

Adware can cause computer screens to be flooded with ad pop-up windows and other unexpected changes, such as home pages being deleted in favor of a questionable website and website listings mysteriously appearing on Favorites lists. Often, the user's e-mail account will see an unexplainable spike in spam messages and messages sent without the user's knowledge, meaning the account is being used to further spam proliferation.

Even more serious, infected computers, whether they are offline or online, can behave erratically or run slowly when infected with adware or spyware. Sometimes, software programs open and close slowly or randomly, or a computer's hard drive will be at work grinding away when the computer is idle. These may be signs of "keyboard loggers," malicious programs that allow hackers to monitor keystrokes and capture sensitive information, such as usernames and passwords.

How bad is the problem? Microsoft claims that half of all computers crashes reported by customers are related to adware and spyware.

The problem with spyware is that it is hard for an Internet user to detect it. However, spyware and adware prevention has become an important consideration, as many Internet service providers (ISPs) including America Online and EarthLink, among others, provide spyware and adware protection for free to their subscribers.

Third-party spyware and adware blocking software is also useful, with the most popular titles including Spybot, Ad-Aware and PestPatrol.

Spyware and adware programs try to infect users' computers without their knowledge. One tactic is to prey on users' ignorance by bundling their programs with free software that users download from the Internet. No one would intentionally download these programs, so the spyware or adware is bundled with a free, useful program. This practice is rife in file-sharing programs, the backbone of many music-swapping applications.

Here's how the scheme typically works. Free software is downloaded, and an End User License Agreement (EULA) appears in a dialog box. Often, this is lengthy and convoluted legalese that must be agreed to by clicking the dialog box's "Agree" button to begin the downloading process. Many, if not most, users will skip over the legal mumbo-jumbo and click the "Agree" button without fully reading the EULA.

Users should be aware of warning phases in EULAs that may signal the presence of spyware and adware, such as "we may make your information available to third parties" and "you agree to allow third-party software to be installed into your computer."

This EULA verbiage can give the company permission to include the spyware or adware along with the free program. This "permission tactic" lends legal legitimacy to the practice, but the reality is that few users will read or understand the ramifications of the EULA.

A more sinister technique includes sending spam with an executable file (a file with an .EXE extension) attached. When the user double-clicks it, adware or spyware is unleashed. Another alarming technique is when malicious software code is embedded into a user's web browser when he or she simply visits a website or clicks a pop-up ad window. Many hackers use these techniques to exploit security holes in older versions of the Microsoft Internet Explorer web browser.

As an Internet businessperson, you need to be aware of adware and spyware. Not only must you protect your own Internet activities from this malicious software, you should realize that its use is considered an unethical practice that can damage your company's reputation and expose your company to litigation risks.

Viruses

While many computer viruses are mere nuisances that cause a handful of minor problems, "successful" computer viruses often make news headlines worldwide because of the havoc some of them create on the world's computer networks. Many of the most damaging viruses are called "worms," such as 2001's "Code Red" as well as "Slammer," a particularly clever and ruthless worm that, for all practical purposes, crashed the entire Internet 15 minutes after it was launched on January 25, 2003.

As an Internet businessperson, you need to aware of what viruses are and how to protect them from infecting your personal computers and networks. A widespread virus can cause Internet business millions in lost revenues, computing downtime, destroyed data, and wasted manpower as employees can't use their computers to work and wages must be paid to computer security experts to clean up after the virus.

Here's a look at how viruses work and the most common ones you're likely to encounter.

Viruses. The word "computer virus" has become a kind of catchall term for any type of maliciously constructed computer code that can attack computers. But specifically, a virus is actually a small computer program, designed to intentionally cause some aspect of a computer to malfunction, which comes imbedded in a larger software program or within a single file.

This process involves inserting the virus code into the larger program's overall code. When a program such as a word processor or spreadsheet, for example, is launched, the virus code is deployed as well, carrying out instructions written by its author to replicate itself and possibly damage data.

A computer virus gets its name because it behaves like a biological virus: it replicates itself and infects other computers it comes into contact with. But unlike biological viruses, computer viruses are always man-made, never created by a malfunctioning computer or program.

Many basics viruses are shockingly simple to create, and do little more than replicate themselves across many computers on a network. It's unusual for simple viruses to cause serious damage to data, but they can quickly gobble up network resources, grinding a computer network to a halt until the viruses can be removed.

Early 1980's forms of viruses, such as boot sector viruses, are practically nonexistent today. These viruses were usually spread by exchanging diskettes, which have been replaced as a storage device by compact discs (CDs) and digital video discs (DVDs), which are highly secure.

Instead, the most-common viruses today are spread as attachments to e-mail messages, tricking the message recipient into double-clicking an executable file (which has an often-hidden .EXE extension). This launches the virus on the computer and then replicates by sending a copy of itself and the message to other e-mail addresses found in the address book of the recipient's e-mail client software.

Most viruses spread by e-mail cause little real damage, but there are exceptions. The so-called "Melissa" virus closed down the e-mail servers of many large companies, including Microsoft whose Microsoft Word the virus exploited to spread itself.

Melissa was included in a Word document uploaded to an Internet newsgroup. Newsgroup visitors, thinking the document was useful, double-clicked it to open it, launching the virus that was sent to the first 50 listings in their address book of their e-mail client. Recipients received an e-mail message, often with their first name in the subject line (gleaned from the address book), tricking them into opening it.

Worms. The term "worm" is usually lumped in with the viruses, although there are some important distinctions. A worm, just like a virus, attaches itself to a program or file. But unlike a virus, a worm is designed to travel across computer networks, using Internet protocols without any participation by computer users. The virus's intention is to replicate itself so quickly that it slows down a network or crashes it. Worms exploited security holes in networks, traveling around one or more networks until its code finds a way to penetrate security measures and reach computers.

The most-notorious worm is Slammer, which just three minutes after it was launched was doubling its numbers every 8.5 seconds as it clogged and shut down computer networks worldwide. Another recent worm, "Blaster," is design to infect computers so others can remotely control their operation.

Trojan horses. A Trojan house is like a virus in that it is hidden within a larger, useful software program. That's why it borrows its name from Greek history: You think you are getting something desirable until it opens and you find out something is trying to attack your computer. Unlike a virus or a worm, a Trojan horse cannot replicate itself. Its purpose is to attack a single computer at a time.

Trojan horses are often found on websites, disguised as a free software download for something useful or fun, like a utility or a game. One well-known Trojan horse, in the ultimate irony, masqueraded as a program for anti-virus protection.

Once downloaded, a Trojan horse can damage data, even erasing a hard drive. Some Trojans even create a way for user to gain control of individual computers.

Macro viruses. A macro virus exploits a feature in software programs, especially word processors and spreadsheets, called a macro. Macros enable users of these programs to record and save a set of keystrokes (usually tedious, often-repeated tasks) that are employed when an assigned shortcut is typed by the user.

When a file containing a macro virus is launched, the virus launches a macro programmed by the author. This usually causes the file to perform fairly harmless buy annoying tasks, such as inserting funny or obscene text when a certain key or key combination is typed.

Macro viruses, like the Melissa virus discussed earlier, are typically spread as attachments to e-mail messages.

Virus prevention. All the talk about viruses and their counterparts shutting down networks, allowing hackers to steal personal information and erasing hard drives can be scary stuff. And, sometimes, it is. But there are many ways you can guard yourself from the vast majority of viruses and their variants, ranging from some commonsense, defensive computing practices to installing software protection.

·         Be wary of file attachments. The easiest way to stop many viruses is simply to be careful with e-mail, Internet communications, and downloading files. Since many viruses are spread by e-mail, it's a good idea to never open file attachments from people or companies you don't know or aren't expecting.

Executable files (with an .EXE extension) and Visual Basic files (with a .VBS extension) are particularly suspect, as these are common platforms for delivering viruses, worms and macro viruses.

·         Safe downloads. Viruses and, especially, Trojan horses make their way unto computer systems when computer users download questionable software programs. To prevent these attacks, only download files from websites that you are confident are reliable. Also, if you install software from only CDs, the risk of virus infection is miniscule.

·         Antivirus software and firewalls. Installing antivirus software and firewalls on personal computers as well as computer networks has done an increasingly good job over the years at stopping virus attacks. Antivirus software blocks viruses, Trojan horses, macro viruses and other variants from attacking computers.

A firewall is a set of programs that protects a network from access outside the network, and the most-popular antivirus software and firewalls titles come from Symantec and McAfee.

McAfee's Internet Security Suite and Symantic's Norton Internet Security 2006 are both security suites with software for antivirus and firewall protection as well as protection from pop-ups, spyware and adware. Another popular option, if you use Windows XP, is Microsoft's Windows Firewall as part of its Service Pack 2 for the XP operating system (http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx).

by Robert H. Fraass on Friday, March 11, 2005

horizontal rule

Page 7 of 10

Previous Page      1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10      Next Page

 
 

 
 
Home | Catalogs | Download | Tutorials | Contact | Disclaimer |

Copyright © 2006 ePremium®, Iulian Gabriel - All rights reserved
No portion may be copied without the consent of author.