The damages inflicted by an "attack" can vary from loss of time in recovering from the problem, decrease in productivity, significant loss of money or staff hours and a devastating loss of credibility or market opportunity. Counter-measure available is e-security. Just like any physical body that can be given security, electronic data and e-transaction too can be provided with e-security. Levels of security Security can be provided at three levels —
Three basic security concepts important for the Internet to function are confidentiality, integrity and availability. Concepts relating to the persons who use that information are authentication, authorisation and non-repudiation. Loss of confidentiality This occurs when information is read or copied by someone not authorised to do so. This can occur with information where confidentiality is an important attribute like in research data, medical and insurance records, new product speculations and corporate investment strategies. It may also happen in credit cards like banks and financial institutions, agencies that collect taxes, etc. Integrity Information on an insecure network can be corrupted. Modification of information in unexpected ways is known as loss of integrity. This means that unauthorised changes are made to information, whether by human errors or intentional tampering. Integrity is particularly important for critical safety and financial data used for activities such as electronics funds transfers, air traffic control and financial accounting. Availability Information can be erased or made inaccessible resulting in loss of availability. This means that persons who are authorised to get information cannot get what they need thereby meaning that they are subjected to denial of service. Availability is often the most important attribute in service-oriented business that depends on information (e.g. airline schedule etc). Availability of the network itself is important to anyone whose business relies upon a network connection. When a user cannot get access to the network or specific services provided on the network, they experience a denial of service. Sources of incidents It is difficult to characterise persons who cause such incidents. An intruder may be an adolescent who is curious about what he can do on the Internet, a college student who just created new software tool, an individual seeking personal gain, or a paid spy seeking information for monetary considerations. The reasons can be many — entertainment, intellect challenge, sense of power, political attention, or financial gain. They are often called hackers. In the next issue we will deal with the
types of incidents and the vulnerability of the Internet |