Reading: Internet Security

Internet security is a tree branch of computer security

specifically related to the Internet, often involving browser
security but also network security on a more general level as
it applies to other applications or operating systems on a
whole. Its objective is to establish rules and measures to use
against attacks over the Internet. The Internet represents an
insecure channel for exchanging information leading to a
high risk of intrusion or fraud, such as phishing. Different
methods have been used to protect the transfer of data,
including encryption.
Types of security
Network layer security
TCP/IP which stands for Transmission Control Protocol
(TCP) and Internet Protocol (IP) aka Internet protocol suite
can be made secure with the help of cryptographic methods
and protocols. These protocols include Secure Sockets
Layer (SSL), succeeded by Transport Layer Security (TLS)
for web traffic, Pretty Good Privacy (PGP) for email, and
IPsec for the network layer security.
Internet Protocol Security (IPsec) 
This protocol is designed to protect communication in a
secure manner using TCP/IP aka Internet protocol suite. It is
a set of security extensions developed by the Internet Task
force IETF, and it provides security and authentication at the
IP layer by transforming data using encryption. Two main
types of transformation that form the basis of IPsec: the
Authentication Header (AH) and ESP. These two protocols
provide data integrity, data origin authentication, and anti-
replay service. These protocols can be used alone or in
combination to provide the desired set of security services
for the Internet Protocol (IP) layer.
The basic components of the IPsec security architecture are
described in terms of the following functionalities:
• Security protocols for AH and ESP
• Security association for policy management and traffic
processing
• Manual and automatic key management for the Internet
key exchange (IKE)
• Algorithms for authentication and encryption
The set of security services provided at the IP layer includes
access control, data origin integrity, protection against
replays, and confidentiality. The algorithm allows these sets
to work independently without affecting other parts of the
implementation. The IPsec implementation is operated in a
host or security gateway environment giving protection to IP
traffic.
Security token
Some online sites offer customers the ability to use a six-
digit code which randomly changes every 30–60 seconds on
a security token. The keys on the security token have built in
mathematical computations and manipulate numbers based
on the current time built into the device. This means that
every thirty seconds there is only a certain array of numbers
possible which would be correct to validate access to the
online account. The website that the user is logging into
would be made aware of that devices’ serial number and
would know the computation and correct time built into the
device to verify that the number given is indeed one of the
handful of six-digit numbers that works in that given 30-60
second cycle. After 30–60 seconds the device will present a
new random six-digit number which can log into the website.
Electronic mail security (E-mail)
Background
Email messages are composed, delivered, and stored in a
multiple step process, which starts with the message’s
composition. When the user finishes composing the
message and sends it, the message is transformed into a
standard format: an RFC 2822 formatted message.
Afterwards, the message can be transmitted. Using a
network connection, the mail client, referred to as a mail user
agent (MUA), connects to a mail transfer agent (MTA)
operating on the mail server. The mail client then provides
the sender’s identity to the server. Next, using the mail
server commands, the client sends the recipient list to the
mail server. The client then supplies the message. Once the
mail server receives and processes the message, several
events occur: recipient server identification, connection
establishment, and message transmission. Using Domain
Name System (DNS) services, the sender’s mail server
determines the mail server(s) for the recipient(s). Then, the
server opens up a connection(s) to the recipient mail
server(s) and sends the message employing a process
similar to that used by the originating client, delivering the
message to the recipient(s).
Pretty Good Privacy (PGP)
Pretty Good Privacy provides confidentiality by encrypting
messages to be transmitted or data files to be stored using
an encryption algorithm such Triple DES or CAST-128.
Email messages can be protected by using cryptography in
various ways, such as the following:
• Signing an email message to ensure its integrity and
confirm the identity of its sender.
• Encrypting the body of an email message to ensure its
confidentiality.
• Encrypting the communications between mail servers to
protect the confidentiality of both message body and
message header.
The first two methods, message signing and message body
encryption, are often used together; however, encrypting the
transmissions between mail servers is typically used only
when two organizations want to protect emails regularly sent
between each other. For example, the organizations could
establish a virtual private network (VPN) to encrypt the
communications between their mail servers over the
Internet. Unlike methods that can only encrypt a message
body, a VPN can encrypt entire messages, including email
header information such as senders, recipients, and
subjects. In some cases, organizations may need to protect
header information. However, a VPN solution alone cannot
provide a message signing mechanism, nor can it provide
protection for email messages along the entire route from
sender to recipient.
Multipurpose Internet Mail Extensions (MIME)
MIME transforms non-ASCII data at the sender’s site to
Network Virtual Terminal (NVT) ASCII data and delivers it to
client’s Simple Mail Transfer Protocol (SMTP) to be sent
through the Internet. The server SMTP at the receiver’s side
receives the NVT ASCII data and delivers it to MIME to be
transformed back to the original non-ASCII data.
Message Authentication Code
A Message authentication code (MAC) is a cryptography
method that uses a secret key to encrypt a message. This
method outputs a MAC value that can be decrypted by the
receiver, using the same secret key used by the sender. The
Message Authentication Code protects both a message’s
data integrity as well as its authenticity.
Firewalls

A computer firewall controls access between networks. It

generally consists of gateways and filters which vary from
one firewall to another. Firewalls also screen network traffic
and are able to block traffic that is dangerous. Firewalls act
as the intermediate server between SMTP and Hypertext
Transfer Protocol (HTTP) connections.
Role of firewalls in web security
Firewalls impose restrictions on incoming and outgoing
Network packets to and from private networks. Incoming or
outgoing traffic must pass through the firewall; only
authorized traffic is allowed to pass through it. Firewalls
create checkpoints between an internal private network and
the public Internet, also known as choke points(borrowed
from the identical military term of a combat limiting
geographical feature). Firewalls can create choke points
based on IP source and TCP port number. They can also
serve as the platform for IPsec. Using tunnel mode
capability, firewall can be used to implement VPNs. Firewalls
can also limit network exposure by hiding the internal
network system and information from the public Internet.
Types of firewall
Packet filter
A packet filter is a first generation firewall that processes
network traffic on a packet-by-packet basis. Its main job is to
filter traffic from a remote IP host, so a router is needed to
connect the internal network to the Internet. The router is
known as a screening router, which screens packets leaving
and entering the network.
Stateful packet inspection
In a stateful firewall the circuit-level gateway is a proxy
server that operates at the network level of an Open
Systems Interconnection (OSI) model and statically defines
what traffic will be allowed. Circuit proxies will forward
Network packets (formatted unit of data ) containing a given
port number, if the port is permitted by the algorithm. The
main advantage of a proxy server is its ability to provide
Network Address Translation (NAT), which can hide the
user’s IP address from the Internet, effectively protecting all
internal information from the Internet.
Application-level gateway
An application-level firewall is a third generation firewall
where a proxy server operates at the very top of the OSI
model, the IP suite application level. A network packet is
forwarded only if a connection is established using a known
protocol. Application-level gateways are notable for
analyzing entire messages rather than individual packets of
data when the data are being sent or received.
Malicious software
A computer user can be tricked or forced into downloading
software onto a computer that is of malicious intent. Such
software comes in many forms, such as viruses, Trojan
horses, spyware, and worms.
• Malware, short for malicious software, is any software used
to disrupt computer operation, gather sensitive
information, or gain access to private computer
 systems. Malware is defined by its malicious intent,
acting against the requirements of the computer user,
and does not include software that causes unintentional
harm due to some deficiency. The term badware is
sometimes used, and applied to both true (malicious)
malware and unintentionally harmful software.
• A botnet is a network of zombie computers that have been
taken over by a robot or bot that performs large-scale
malicious acts for the creator of the botnet.
• Computer Viruses are programs that can replicate their
structures or effects by infecting other files or structures
on a computer. The common use of a virus is to take
over a computer to steal data.
• Computer worms are programs that can replicate
themselves throughout a computer network, performing
malicious tasks throughout.
• Ransomware is a type of malware which restricts access to
the computer system that it infects, and demands a
ransom paid to the creator(s) of the malware in order
for the restriction to be removed.
• Scareware is scam software with malicious payloads,
usually of limited or no benefit, that are sold to
consumers via certain unethical marketing practices.
The selling approach uses social engineering to cause
shock, anxiety, or the perception of a threat, generally
directed at an unsuspecting user.
• Spyware refers to programs that surreptitiously monitor
activity on a computer system and report that
information to others without the user’s consent.
• A Trojan horse, commonly known as a Trojan, is a general
term for malicious software that pretends to be
harmless, so that a user willingly allows it to be
downloaded onto the computer.
Denial-of-service attack
A denial-of-service attack (DoS attack) or distributed denial-
of-service attack (DDoS attack) is an attempt to make a
computer resource unavailable to its intended users.
Although the means to carry out, motives for, and targets of
a DoS attack may vary, it generally consists of the concerted
efforts to prevent an Internet site or service from functioning
efficiently or at all, temporarily or indefinitely. According to
businesses who participated in an international business
security survey, 25% of respondents experienced a DoS
attack in 2007 and 16.8% experienced one in 2010.
Phishing
Phishing is another common threat to the Internet. “SA, the
Security Division of EMC, today announced the findings of
its January 2013 Fraud Report, estimating the global losses
from Phishing at $1.5 Billion in 2012.”. Filter evasion,
website forgery, phone phishing, Covert Redirect are some
well known phishing techniques.
Hackers use a variety of tools to conduct phishing attacks.
They create forged websites that pretend to be other
websites in order for users to leave their personal
information. These hackers usually host these sites on
legitimate hosting services using stolen credit cards while
the last trend is to use a mailing system and finding a mailing
list of people which they can try and fraud.
Browser choice
Web browser statistics tend to affect the amount a Web
browser is exploited. For example, Internet Explorer 6, which
used to own a majority of the Web browser market share, is
considered extremely insecure because vulnerabilities were
exploited due to its former popularity. Since browser choice
is more evenly distributed (Internet Explorer at 28.5%,
Firefox at 18.4%, Google Chrome at 40.8%, and so on) and
vulnerabilities are exploited in many different browsers.
Application vulnerabilities
Applications used to access Internet resources may contain
security vulnerabilities such as memory safety bugs or
flawed authentication checks. The most severe of these
bugs can give network attackers full control over the
computer. Most security applications and suites are
incapable of adequate defense against these kinds of
attacks.
Internet security products
Antivirus
Antivirus and Internet security programs can protect a
programmable device from malware by detecting and
eliminating viruses; Antivirus software was mainly shareware
in the early years of the Internet, but there are now several
free security applications on the Internet to choose from for
all platforms.
Security suites
So called “security suites” were first offered for sale in 2003
(McAfee) and contain a suite of firewalls, anti-virus, anti-
spyware and more. They may now offer theft protection,
portable storage device safety check, private Internet
browsing, cloud anti-spam, a file shredder or make security-
related decisions (answering popup windows) and several
were free of charge as of at least 2012.