Monday, October 23, 2000		Article

Insecurity on the Internet

The Internet has brought about several advantages and utilities, which one would not have even dreamt of a couple of years ago. It has provided opportunity for education, business, scientific research, entertainment, and much more.

Persons from far off continents and countries are linked to each other as if they are next-door neighbours and are able to exchange information and views within seconds, leaving aside all geographical and time zone barriers. Virtually all types of e-business, popularly called e-commerce activities, can be performed just by a click of a mouse and companies, today have an opportunity for selling and advertising product on the Net.

But beware; there is the other side of the coin too. Web transactions have negative aspects also, which affects the e-business activity as a whole. The most dangerous threats that the Web users face today are hacking and virus, through the Internet, which not only damages the Web sites but corrupts and changes the data stored even in the hard disk, thereby, causing downtime running into several hours or weeks.

Hacking means an unauthorised surfer getting into a Web site to alter the data and information stored on it. Recently one had heard of a school student, in the USA, who broke the secret codes and got access to some classified NASA information. NASA had to shut down its operations for a few days to find out the extent of damage caused.

A few months ago, Yahoo, one of the largest portals, had to suffer losses to the tune of over $ 15 billion, due to shutting down its operations for a few days, after attack on its site by hackers.

Viruses enter into computer systems through several Internet sites or through e-mails, thus affecting the hard disks and data stored on it. They also spreads to other computers connected with the system and sometimes causes a complete breakdown of the network.

Another threat faced by a Web user is cookies. Though there may not be any damage to hardware or software in this case, but it has financial implications. Developed by Netscape, this otherwise useful software for market research is now been misused more, by several Web sites and portals. Cookies are software that gets stored automatically in a one’s computer, as soon as one surfs a particular site or home page of the ISP. Through this important data related to the location of user computer, his browser, name of computer, user name, ISP number and name gets known to those who plant cookies on the computer.

Some dummy e-commerce sites are specially created to attract consumers to buy product, online thereby storing relevant information about them, like age, address, credit card number, and telephone number. Also information related to the Web pages visited by a surfer is stored, so that a marketer gets to know about buying habits of a potential buyer. These user profiles are utilised for market research and advertisement by the unscrupulous Web site companies who also sell data to other marketing companies, without the consent of the surfer.

To protect the Web sites from hackers, firewalls systems are being installed, which allows access to only authorised or specific persons to rewrite files or the Web pages. A firewall is one or more programme that acts as an interface between computer networks or between a buyer and seller in e-transaction. A firewall controls access to the network from outside servers and also controls the transfer of information from the network to outside servers. It completely isolates a user computer from the Internet using a wall of code that inspects and verifies each individual data as it arrives at either side of the firewall to determine whether it should be allowed to pass or be blocked.

A TCP/IP port only opens on the computer if the arriving packet, which requests for connection, is answered by the computer. In case the arriving packet is simply ignored, that port of computer will effectively disappear from the Internet. It can filter the arriving packets based upon any combination of the originating machine’s IP address and port and the destination machine’s IP address and port.

To provide security and confidentiality to e-business transaction, another method employed is cryptography. In this data related to consumers or retailers are stored and whenever an access is made to respective sites, the identities are confirmed and authenticated. Services of other companies like Verisign are used to verify the digital signatures or provide certification related to identity of the user.

In encryption, coding and decoding of information is done at senders’ and receivers’ end, respectively. Algorithms are used to encrypt and decrypt messages, with the help of keys, by turning text or other data into digital codes and then by decoding it to its original form. The safest encryption combinations used have a key length of 128 bits or more.

Encryption software can also use keys in different ways. With single-key encryption, both the sender and receiver use the same key to encrypt and decrypt messages. But that means the sender has to get the key to the receiver, without it being intercepted. One of the most important advances in cryptography is the invention of public-key systems, which are algorithms that encrypt messages with one key (a public one) and permit decryption only by a different key (a private one).

Currently, the US government has restricted the export of strong encryption algorithms. Secured socket layer (SSL) and secure electronic transaction are being used to make the Internet transaction more safe and confidential, while sending credit card number, messages and reports.

It is also necessary to regularly monitor and update security of the Web site with the help of various security audit software, like those of Norton or E-safe. Microsoft Internet Explorer version 5.0 allows a user to browse www sites that he trusts and thus reduces the risk of harm from sites the user dosen’t know much about.

One can divide www sites into four security zones — local Intranet zone, trusted sites zone, Internet zone, or restricted sites zone, and then determine the level of security desired in each zone. Select from high, medium, or low security. Designate security settings, including downloadable software and cookies. It blocks the Web sites that contain offensive and objectionable text or one that a user considers inappropriate.

Microsoft Internet Explorer 5.0 informs a user when encryption is in use by displaying a padlock icon along the bottom of the Internet Explorer window. One can find out a Web page’s encryption level with the Internet Explorer by right clicking on the page, then on Properties, and finally on Certificates. In the fields box, select encryption type. Then, in the details box, information about the page’s encryption will appear. Click close, and then OK.

When a purchaser is hesitant in providing credit card number or other personal information on a company’s Web site, check for the site’s certificate. With Microsoft Internet Explorer 5.0, on the file menu, click Properties and then click Certificates. A Web site certificate is an online document that certifies the site’s identity and also confirms that information has gone to right place. With Microsoft Wallet, a user can save his credit card details on the system, and need not repeat those details for further transactions.

To protect a surfer from cookies, various software are available on the Net, which can be downloaded. Some of these are Webwasher, Cookie Cruncher and Adsubtract,. Also, sites like Anonymiser, Internet junkbuster, acts as an intermediary between computer and the Web, without revealing the personal identity of the surfer.

Though the USA is mostly affected in terms of numbers as well as money, India is also facing the pinch of these cyber crimes. Recently hackers in Pakistan took control of several important Indian Web sites and then placed anti-India propaganda on them.

In the absence of proper legislation, it is very difficult to punish the cyber criminals. As the number of Internet and e-business users increase, people might witness more unfair practices on the Web.

— Roli