Sunday, March 4, 2007

The Future of Internet Security

Security is a major concern for Internet users and system administrators. Whether to protect confidential data and information in individual files, lock a computer system to unauthorised users, control access to an intranet or an extranet, or conduct business on the Internet, one needs to determine an appropriate level of security and the effective means to achieve the objectives. The threat to Internet security is one of the main barriers to electronic transaction via the Internet medium. With the current popularity and the potential profits of electronic business, many executives face a conflict situation. That is, connecting to the Internet and expanding their business would lead to risks and threats of intrusion. On the other hand, remaining disconnected from the Internet would sacrifice their customer contact and services to their competitors.

The Internet uses simple mail transfer protocol (SMTP) to transmit electronic mail and most business transactions. These transmissions have as much privacy as a postcard and travel over insecure, untrusted lines. Anyone anywhere along the transmission path can obtain access to a message and read the contents with a simple text viewer or word processing program. Because the transmission lines are insecure, it is easy to forge e-mail or use another person's name. Theft of identity is becoming the nation's leading incidence of fraud. A person can even claim that someone else sent a message, for example, to cancel an order or avoid paying an invoice.
Organisations in both the public and the private sectors are aware of the needs of Internet security. It is interesting to know how both sectors take action to protect their Internet data and corporate systems. The best way to keep an intruder from entering the network is to provide a security wall between the intruder and the corporate network. Since the intruders enter the network through a software program, such as a virus or worm etc., or a direct connection, firewalls, data encryption, and user authentication can restrain a hacker to some extent.

The first objective to improving security is to control physical access by limiting it to authorised individuals. The principle is that the fewer people who can get physical and administrative access to sensitive files or to server systems, the greater the security will be. Most applications rely on passwords, personal identification numbers, and keys to access restricted information or confidential files. Passwords, cards, personal identification numbers and keys can be forgotten, stolen, forged, lost or given away. Moreover, these devices serve primarily to identify the person. They cannot verify or authenticate that the person really is who he or she claims to be. (source

The information age is quickly revolutionising the way transactions are completed. Everyday actions are increasingly being handled electronically, instead of with pencil and paper or face to face. This growth in electronic transactions has resulted in a greater demand for fast and accurate user identification and authentication. Biometric technology is a way to achieve fast, user-friendly authentication with a high level of accuracy.
Every industry has its own particular needs and requires certain safeguards to protect its data from damage. The public and private sectors have their own strengths and weaknesses on Internet security. Each industry requires certain safeguards to protect its data while in transit. Developing a plan that has proportionately more strength than weakness is always the goal. However, the Internet is an untamed frontier that is still young and growing. It may take some time to develop stronger methods for data security. (source
Protecting an organisation from the perils of the Internet is similar to the job of a security guard working during the night shift: As long as he stays awake and keeps his eyes open, the chances are that nothing will happen. While companies arm themselves with the latest IDS and virus software, there is still a chance that someone from the outside can get in and wreak havoc on the company's system. Software and hardware configurations keep most of the intruders at bay, but being able to recognise abnormal activity when it occurs seems to be the best method. This requires a well trained IT staff to constantly monitor the network for deviants, using the system software to set up audits in all the right places. As technology continues to evolve and software and hardware improvements are implemented, there may come a time when hackers not only will be forced to stay outside the company walls, but also will be exposed by law enforcement during the process.

The future of Internet security, therefore, resides in human intervention and innovation. Implementing hardware and software solutions, as well as using human intervention to continually monitor the network, are two of the best ways to keep abreast of attacks from the outside.

One of the latest technologies in the security market, which was introduced at the NetWorld + Interop trade show in Atlanta, is a technology called adaptive security. This development is a result of Internet Security Systems' (ISS) formation of the Adaptive Network Security Alliance (ANSA) around an application program interface for its real secure intrusion detection system. The technology requires the enlistment of major infrastructure vendors, such as 3Com, Lucent, Compaq, Entrust and Checkpoint, to enable their products to talk with ISS;s intrusion detection monitors. By communicating between ISS's monitor and the vendor's products, firewalls and switches could be reconfigured in response to perceived break-ins, thereby diminishing the lag time between detection and prevention and ultimately, making the network virtually impossible to penetrate.

In addition, SSL, the standard for secure Internet transmissions used by credit card companies, may get a face-lift in the near future. To improve the security between themselves and their customers, the credit card companies have been developing another standard called the secure electronic transaction (SET) standard, which may have an effect on the security of Internet transaction. SET focuses on confidentiality and authentication. SET-compliant software will not only make sure that thieves cannot steal a credit card number, but also keep a merchant from seeing the number while still providing assurances that the card is valid. The transmission will pass through the merchant's hands directly to the credit card user, which will then decrypt it and credit the merchant's account.

The possibility of the back-end authentication process (in a networked situation) being compromised by the passing of illegal data may represent a point of vulnerability. The authentication engine and its associated interface could be fooled. It is necessary to suggest a measure of risk to the biometrics system in use, especially when the authentication engine may not be able to verify that it is receiving a bona fide live transaction data (and not a data stream from another source). Even a highly accurate biometrics system can reject authorised users, fail to identify known users, identify users incorrectly, or allow unauthorised person to verify as known users. In addition, if a third-party network is utilised as part of the overall biometrics system - for example using the Internet to connect remotely to corporate networks -the end-to-end connection between host controller and back-end application server should be carefully considered.

However, in most cases, biometrics system cannot determine if an individual has established a fraudulent identity, or is posing as another individual during biometrics enrollment process. An individual with a fake passport may be able to use the passport as the basis of enrollment in a biometrics system. The system can only verify that the individual is who he or she claimed to be during enrollment, unless a large-scale identification system is built in which all users are matched against all other users to find duplicates or individual attempts to enroll more than once.

Implementing payment processing systems that utilise biometrics with private account management can easily prevent credit card crime. Biometrics can be incorporated at the point of sale, thereby enabling consumers to enroll their payment options e.g., checking, credit, debit, loyalty, etc., into a secure electronic account that is protected by, and accessed with, a unique physical attribute such as a fingerprint. Cash, cards or cheques are not needed to make purchases, so there is no need to carry them in a purse or wallet. Not carrying a purse or wallet eliminates the chances of it being stolen or lost while shopping.

Biometric transaction-processing systems allow consumers to manage point-of-sale payment easily and securely. This solution is particularly well suited for personal check use. Biometrics can also offer increased protection for check-cashing services, whether personal or payroll. By requiring biometric identity verification before allowing a check to be cashed, the possibility of it being presented by anyone other than the intended payee is eliminated.

Biometrics technologies has been gaining recognition as a security solution that can improve the collective safety of society, and it is undoubtedly useful in this manner. Since the September 11 terrorist attack on US, many questions have been raised concerning airport security. Although biometrics technology alone could not have prevented the September 11 attacks from happening, biometrics can be implemented as one component of a security system. A biometrics verification and identification can ensure that a person is who he or she claims to be, or can identify a person from a database of trusted or suspect individuals. If the identity of a traveller or employee is in question, biometrics can be a highly effective solution. An individual using a forged or stolen badge or ID card, if required to verify biometrically before entering a secure area, would likely be detected if his or her biometric does not matched the biometric on file. An individual claiming a fraudulent ID can be identified from a database of known criminals and linked to biometric identification systems, which may prevent him or her from boarding an airplane.

Consumers in the Internet marketplace want to control what personal information is disclosed about them, to whom, and how that information will be used and further distributed. The state of the art technology has been addressed and pointed out the imminent integration of business self-regulation and the consumer's ability to enhance individual privacy protection through the use of technology. We need emerging technologies to protect privacy on the Internet. Depending on the type of business and the value of the data, a company has the choice of using virtual private networks, digital certificates, data encryption, and network operating systems to protect their data while in transit, ensure the identity of a user, and mask the data from unauthorised eyes. (source

However, the future is not all rosy. There remains much that needs to be done in order to make the Internet a widely acceptable marketplace for the exchange of goods and services between merchants and consumers. Technology continues to become more complex, the safeguards used today may be severely out of date tomorrow.

I believed biometric will be most effective when used in tandem with other security measures. Strong encryption is not the answer to every security issue. Buggy software, human error and greed and poor server administration provide opportunities for unscrupulous hackers. The increasing number of private communications over the Web, particularly business transactions, will require a higher level of security. If a problem occurs with a business transaction or a Web company is accused of bad business practices, it may become very difficult to establish liability. Who should be held accountable - the business, the bank, or the trust intermediary? The authentication may become an important condition of conducting business electronically.
Many questions concerning biometrics remain unanswered: "Will it produce an underworld of cyber criminals who pose a threat to the very structure of the society?", "To what extent can companies trust their employees with sensitive employees coded biometrics information?". Indeed, the problems of Internet security cannot be ignored by companies as this would result in the loss of competitive advantage in the market place. What the future holds for Internet security technology such as biometrics cannot be predicted to the rate technology is advancing.

The ethical issues surrounding biometrics technologies are of grave concern. The right to privacy is one of our most cherished freedoms. As society grows more complex and people become more interconnected in every way, we must work even harder to respect the privacy, dignity and autonomy of each individual. We must develop new protection for privacy in the face of new technological reality.

This issue of privacy is central to biometrics. Critics complain that the use of biometrics poses a substantial risk to privacy rights. Evaluating this argument requires a proper understanding of what privacy rights entails. But if biometrics are the way forward in making sure that all transactions are fully secure then the questions to ask are: "How much will it cost to implement such security solution(s)?", "Who should be trust with genetics information?", and "How long will it take the expert hacker to decrypt such human genetic codes?" These are some of the concerns of businesses and online shoppers.

Indeed, the human race has not only brought its business to cyberspace, it has brought its exploration of the psyche there, too. In the digital world, just as everywhere else, humanity has encountered its dark side. Information Age business, government, and culture have led to Information Age crime, Information Age war and even Information Age terror the control of access to personal computers, private files and information repositories, building access control, and many others. Although biometrics is still relatively expensive and immature, integrated multiple biometrics features such as fingerprints, palm prints, facial features and voice patterns to authenticate a person's identity and verify his or her eligibility to access the Internet are in the development stage. The biometrics devices will continue to improve, becoming even more accurate and reliable as Internet technology evolves. (source
As biometrics technology becomes more acceptable, the proliferation of applications should multiply into many phases of our daily activities. The growing interest in combining common Internet security technologies with biometrics will increase the growth and popularity of blended Internet security methods in the future. Nevertheless the ethical issues surrounding biometrics technologies must be weighed against any potential benefits.

Courtesy of

Tim Johnson is a freelance writer working for - on line Custom Writing/Research company. She specializes in Social sciences, Arts, History and English literature. During 2005, earned became one of 10 best writers at