by Margaret Headley
“Using encryption on the Internet is the equivalent of arranging an armoured car to deliver credit card information from someone living in a cardboard box to someone living on a park bench.” Gene Spafford, computer security researcher, Purdue University.
This quote serves to mock the current level of technical solutions applied to Internet based transactions. An armoured car is an inappropriate method of delivery if the recipient lives on a park bench and a cardboard box will not deter a determined thief! If the security of the transport is significantly stronger than the security of the end user system, the end user system becomes an obvious target for ‘hackers’ and ‘crackers’.
This paper discusses how the Department of Justice, the CIA, NASA, the Department of Commerce and even Microsoft have publicly fallen victim to electronic sabotage due to the lack of security in their systems. In 1997, CERT (Computer Emergency Response Team) handled more than 39,000 reported incidents. That number is expected to have quadrupled by the end of 2001.
The immense security risks of large networks such as the Internet are examined in full along with the security of firewalls linking private databases to the Internet. Because the Internet is considered to be in its ‘embryonic’ stages, advancements in security should also be seen as such.
With Trojan, virus & worm infections, becoming harder to detect and more catastrophic in the damage they cause, this paper also examines the new generation of malicious viruses, frequently delivered through email and why added security is imperative. To provide the required level of protection, security policies are needed which prevent unauthorised users from accessing resources on private databases, exporting private information and causing malicious damage.