Chapter 40 Internet Security

Learning objectives In this chapter you will learn: how a firewall and proxy server can be used to protect a network how public/private key encryption is used to protect data how digital certificates and signatures are used to authenticate websites to understand the risk posed by Trojans, viruses and worms and how to protect against them.

Overview There are some inherent risks when using the Internet. These often relate to the potential threat of someone discovering personal or sensitive information about individuals and organisations and the information being misused. There is also an increasing risk from worms, Trojans and viruses which can cause network failure, corruption of files or denial of service. There are a number of measures that can be employed to either prevent or minimise the risks from these threats.

Firewall A firewall describes the technique used to protect an organisation’s network from unauthorised access by users outside the network. A firewall can be constructed using hardware, software or a combination of both. The most secure firewalls tend to be those constructed from both hardware and software.

Proxy server One security measure that can be used at this stage is a proxy server. The word proxy means ‘on behalf of’ so in this context it is a server that acts on behalf of another computer. By routing through a proxy server there is no direct connection between the computer on the LAN and the Internet.

Private / public key encryption Encryption techniques make use of a key, which is a string of numbers or characters that are used as a code to encrypt and then decrypt the message. Typically, the key may be 128-bit or 256-bit, enabling billions of permutations for the way in which data can be encrypted. Without the key, the message cannot be understood. Symmetric key encryption uses a key to encrypt and then decrypt the data. The key must be known to sender and receiver.

Asymmetric key encryption Asymmetric key encryption uses a public and private key. Assuming two computers, A and B: A will have a private key known only to A. A will also have a public key, which is mathematically related to the private key. It is called a public key as anyone can access it . B will also have a private key and a related public key. For A to send a secure message to B, A will first encrypt the message using B’s public key. As the private and public keys are related, the message can only be decrypted by B using B’s private key. As no-one else knows B’s private key, even if the message were intercepted, it could not be decrypted.

Digital certificates and signatures A digital certificate is a means of proving who you are when dealing with people and organisations on the Internet. It is usually used by businesses to authenticate that they are genuine, and is important in the use of asymmetric encryption as a secure way of sharing public keys. Digital certificates, sometimes referred to as SSL (Secure Socket Layer) is another method of ensuring the authenticity of the sender. A digital signature uses mathematical functions and the public/private key method.

Trojans A Trojan is a computer program designed to cause harm to a computer system or allow a hacker unauthorised access. It is one of a group of malware, which is short for malicious software. The distinguishing feature of a Trojan is that it is hidden away inside another file and that it is not always obvious that a computer is infected. This gives a hacker the opportunity to access a computer remotely without the knowledge of the user.

Viruses A virus is a small malware program that is designed to cause damage to a computer system or the data stored on it. A computer gets infected when the malware installs itself on the computer from a number of sources including pop-ups, email attachments or file downloads. The virus itself will be attached to another file but once installed on the host machine, it will activate. The defining feature of a virus is that it replicates itself and can therefore cause extensive damage to individual computers and networks as, like a human virus, it can spread anywhere.

Worms Worms also replicate themselves and are designed to spread, exploiting any weaknesses in a computer’s defences. The defining feature of a worm is that it does not need to be attached to another file to infect the computer.

How worms spread

Protecting against threats – users Use anti-virus software and anti-malware software and keep it up-to-date. Keep operating system software up-to-date. Use a firewall. Do not open attachments or click on pop-ups from unknown senders. Operate a whitelist of trusted sites. Ensure sites use HTTPS, digital signatures and certificates. Use passwords on programs and files. Encrypt data files.

Protecting against threats – programmers Select a programming language with in-built security features, including tools that check for common security errors. Use recognised encryption techniques for all data stored within the program. Set administrative rights as part of the program and carefully control access and permission rights for different users. Don’t load up lots of Internet services as part of your code unless they are needed. Thoroughly test your code as errors can be exploited, specifically testing for known security issues. Keep code up-to-date in light of new security threats. Never trust the user! Many threats are internal to an organisation and might not be malicious. Major problems can be caused through accidental misuse by a user.

Protecting against threats – programmers Ensure that requests are coming from recognised sources. Use a network firewall and use the packet filtering and stateful inspection techniques as described earlier in this chapter. Use encryption techniques as described earlier and ensure digital certificates and signatures are used and are up-to-date. Keep anti-virus software up-to-date. Update the network operating system regularly.