Internet Security
...In particular, security was added as an afterthought (IBM). New capabilities were added ad hoc to satisfy the growing demand for features without carefully considering the impact on security. As a general-purpose scripts were introduced on both the client and the server sides, the dangers of accidental and malicious abuse grew. It did not take long for the Web to move from the scientific community to the commercial world. At this point, the security threats became much more serious. The incentive for malicious attackers to exploit vulnerabilities in the underlying technologies is at an all-time high. This is indeed frightening when we consider what attackers of computer systems have accomplished when their only incentive was fun and personal enjoyment while boosting their egos. When business and profit are at stake, we cannot assume anything less than the most dedicated and resourceful attackers typing their utmost to steal, cheat, and perform malice against users of the Web (How CP Work). When people use their computers to surf the Web, they have many expectations. They expect to find all sorts of interesting information, they expect to have opportunities to shop and they expect to be bombarded with all sorts of ads. Even people who do not use the Web are in jeopardy of being intimidated by the Web. There are simple and advanced methods for ensuring browser security and protecting user privacy. The more simple techniques are user certification schemes, which rely on digital IDs. Netscape Communicator Navigator and Internet Explorer allow users to obtain and use personal certificates. Currently, the only company offering such certificates is verisign, which offers digital Ids that consist of a certificate of a user's identity, sign Verisign. There are four classes of digital Ids,each represents a different level of assurance in the identification, and each comes at an increasingly higher cost. The assurance is determined by the effort that goes into identifying the person requesting the certificate (IBM). Class 1 Digital IDs intended for casual Web browsing, provided users with an unambiguous name and e-mail address within Verisign’s domain. A Class 1 ID provides assurance to the server that the client is using an identity issued by Verisign but with little guarantee about the actual person behind the ID. Class 2 Digital IDs require third party confirmation of name, address, and other personal information related to the user, and they are available only to residents of the United States and Canada. The information provided to Verisign is checked against a consumer database maintained by Equifax. To protect against insiders at Verisign issuing bogus Digital IDs, hardware device is used to generate the certificates. Class 3 Digital IDs are not available. The purpose is to bind an individual to an organization. Thus, a user in possession of such an ID could, theoretically, prove that he or she belongs to the organization that employs him or her. The idea behind Digital IDs is that they are entered into the browser and then are automatically sent when users connect to sites requiring personal certificates. Unfortunately, the only practical effect is to make impersonating users on the network only a little bit more difficult. Many Web sites require their users to register a name and a password. When users connect to these sites, their browser pops up an authentication window that asks for these two items. Usually, the browser then sends the name and password to the server allowing retrieval of the remaining pages at the site. The authentication information can be protected from eavesdropping and replay by using the SSL protocol (How CP Work). As the number of sites requiring simple authentication grows, so does the number of passwords that each user must maintain. In fact, users are often required to have several different passwords for systems in their workplace, for personal accounts, for special accounts relating to payroll and vacation, and so on. It is not uncommon for users to have more than six sites they visit that require passwords (Microsoft). In the early days of networking, firewalls were intended less as security devices than as a means of preventing broken networking software or hardware from crashing wide-area networks. In those days, malformed packets or bogus routes frequently crashed systems and disrupted servers. Desperate network managers installed screening systems to reduce the damage that could happen if a subnet’s routing tables got confused or if a system’s Ethernet card malfunctioned. When companies began connecting to what is now the Internet, firewalls acted as a means of isolating networks to provide security as well as enforce, otherwise known as an administrative boundary. Early hackers were not very sophisticated; neither were early firewalls (IBM). Today, firewalls are sold by many vendors and protect tens of thousands of sites. The products are a far cry from the first-generation firewalls, now including fancy graphical user interfaces, intrusion detection systems, and various forms of tamper-proof software. To operate, a firewall sits between the protected network and all external access points. To work effectively, firewalls have to guard all access points into the network’s perimeter; otherwise an attacker can simply go around the firewall and attack an undefended connection (IBM). The simple days of the firewalls ended when the Web exploded. Suddenly, instead of handling only a few simple services in an "us versus them manner", firewalls now must be connected with complex data and protocols. Today’s firewalls have to handle multimedia traffic, attached downloadable programs (applets) and a host of other protocols plugged into Web browsers. This development has produced a basis conflict: the firewall is in the way of the things users want to do. A second problem has arisen, as many sites want to host Web servers: Does the Web server go inside or outside of the firewall? Firewalls are both a blessing and a curse. Presumably, they help deflect attacks. they also complicate users’ lives, make a Web server administration job a bit harder, rob network performance, add an extra point of failure, cost money, and make networks more complex to manage. Firewall technologies, like all other Internet technologies, are rapidly changing. There are two main types of firewalls, plus many variations. The main types of firewalls are proxy and network-layer. The idea of a proxy firewall is simple: Rather than have users log into a gateway host and then access the Internet from there, give them a set of restricted programs running on the gateway host and let them talk to those programs, which act as proxies on behalf of the user. The user never has an account or the need to login on the firewall itself, and he or she can interact only with a tightly controlled restricted environment created by the firewall’s administrator (IBM). This approach greatly enhances the security of the firewall itself because it means that users do not have accounts or shell access to the operating system. Most UNIX bugs require that the attacker have a login on the system to exploit them. By throwing the users off the firewall, it becomes just a dedicated platform that does nothing except support a small set of proxies, it is no longer a general-purpose computing environment. The proxies, in turn, are carefully designed to be reliable and secure because they are the only real po...