Internet security is the protection of a computer system from threats originating from other computers that make a connection through the Internet. Internet security is only one aspect of computer security, which encompasses Internet threats, local network threats and the protection of data. The Internet is considered a high-risk environment for computer systems, and it is often used to conduct unauthorized intrusions and other forms of fraudulent activity.
Internet security is a fully developed system with established rules and tools that can be used to protect a computer from attacks made through the Internet. However, experts do not always agree which of the rules, hardware and software is the most reliable. In addition, cost often prohibits the implementation of the most advanced forms of Internet security.
Types of Internet Threats
Internet threats come in many forms. Although they are all implemented by people, several different software and hardware tools can be employed to do the actual damage or help in breaching Internet security systems.
Malware is a shortened form of malicious software. It is a blanket term for any type of software or set of computer code that can be used to allow someone to gain unauthorized access to a computer system, damage a computer system or otherwise cause a computer system to operate in ways not intended by the owner. Following are some of the most common types of malware:
- Virus – A computer virus is a script of computer code that is inserted into a computer’s file system. In most instances, a computer user unintentionally runs an executable program that releases the virus. The script can damage important system files, cause other programs to run or send data to the person implementing the virus. The key feature of a virus is that it replicates and sends itself out to other computers through the Internet.
- Trojan horse – A Trojan horse is a type of malware that is hidden within another program. The shell program is usually non-malicious, so computer users willingly open the program and release the malware.
- Worm – A worm is a set of computer code characterized by how it behaves once it infects a computer system. After being written into the computer’s file system, it will copy itself into various other files on the computer or on other networked computers. Many worms do not cause any damage, but they can eat up bandwidth when they replicate and are sent through the network.
- Spyware – Spyware is a type of malware that records a user’s activity, usually within an Internet browser, and then reports that information back to a home computer. Spyware is often used by advertising and spam companies to target ads to users based on what they view and purchase online. Spyware can cause a computer to run slowly, and it may interrupt online browsing with popup advertising.
A denial-of-service (DoS) attack is an Internet threat that can cause a computer to become unresponsive to Internet traffic. This type of attack is used on servers to shut down a website or otherwise disrupt online communication. A DoS attack starts by infecting thousands of computers with a form of malware. Infected computers are controlled by the malware and made to send communication requests to a specific server at a specific time. When hundreds of thousands or millions of infected computers, called bots or zombies, send these requests simultaneously, it overloads the target server so legitimate communication requests cannot be processed. The effects of DoS attacks are usually temporary, but they can cause extensive losses to businesses that rely on the Internet for revenue.
Hackers are computer experts who gain unauthorized access to computers through the Internet. Some hackers gain access through a system’s front door by breaking or illegally obtaining passwords. Other hackers gain access through backdoor communication ports that may be left open for use by legitimate programs. One type of hacker attack is called a buffer overflow attack. In this type of attack, hackers can access a computer’s memory while it is being used by a another program. Hackers that access a computer can control the computer and edit, delete or steal files on the computer.
Computers are often attacked while users are accessing the Internet through a web browser. Traditionally, most browser attacks occur through Internet Explorer, but since the popularity of other browsers, such as Firefox and Chrome, has risen, more attacks are made to work on multiple types of browsers. Some browser attacks may occur by simply visiting a website that carries malicious code. In some cases, the website owner is not aware that the malicious code had been inserted surreptitiously.
Types of Internet Security
Several types of Internet security protocols and tools are used to protect computer systems. Some forms of Internet security are designed to protect against specific threats, while others are designed to protect specific systems or applications.
One of the most common types of Internet Security is an antivirus program. Although the name implicates that this is a defence against viruses, most antivirus programs protect a system from all forms of malware. Some antivirus programs continuously run in the background to provide real-time protection that stops malware from infecting computers. Other types of antivirus programs scan files and remove malware only after it has infected a system. Antivirus programs are often packaged together with other types of Internet security programs, forming an Internet security suite.
Firewalls are hardware devices or software applications that filter and block traffic on a computer network. Firewalls screen all communications going through the network. Some firewalls only screen incoming communications, but the more advanced firewalls screen both inbound and outbound traffic. Firewalls are considered the best defence in reducing the exposure of a computer system through the Internet.
Firewalls can be customized to block specific ports of entry, types of communication packets and packets from specific IP addresses. If packets meet the established criteria, then they are not allowed to pass through the firewall. The place in a network where the firewall exists is known as the choke point.
Three primary types of firewalls are used today. Details of each are as follows:
- Packet filter – Packet filters are the most commonly used type of firewall. These firewalls scan each packet attempting to go into or out of a computer network. A packet filter may be hardware-based and are often components of traffic routers. Packet filters may also be software-based and run directly from the system that is being protected.
- Application-level gateway – Application-level gateways are proxy servers that work at the TCP/IP level. Packets are scanned by the firewall and only allowed to pass through if using known protocols.
- Circuit-level gateway – Circuit-level gateways are port-based firewalls. Packets of any type are allowed to pass through as long as they are directed to the proper port. One advantage of this type of firewall is that it can be implemented with network address translation (NAT) to hide IP addresses, thus making computers invisible through the Internet.
Network Layer Security
Network layer security protects a computer system by using what is called IPsec protocol through TCP/IP. IPsec protocol is a set of extensions that encrypt data at the IP layer. The protocol allows a system to authenticate the origin of data being sent and to analyse the integrity of the data. IPsec also allows secure policy management and Internet key exchange (IKE) management.
Transport Layer Security
Transport layer security (TLS) is a new version of the secure sockets layer (SSL) protocol for encrypting communications sent through the Internet. These protocols encrypt messages as they pass through the transport layer and can be used for a variety of applications, including email, web browsing and instant messaging. TLS communications begin with what is known as a handshake. The delivering and receiving computers make sure that TLS is enabled and discover which types of encryption are allowed. The server then chooses the strongest type of encryption that can be used. The server also identifies itself as valid by sending its digital certificate, which is issued by one of several certificate authorities. Session keys are then generated so data can be decrypted by the receiving computer after it is sent. After the handshake process is finished, all data sent in the session is encrypted.
Several types of email encryption are used to protect the contents of email messages sent through the Internet. The three most common types of email encryption are as follows:
- Pretty good privacy (PGP) – PGP uses 3DES or CAST-128 encryption protocols on email messages. It also confirms the identity of email senders. Both the body and header information is encrypted through PGP.
- Multipurpose Internet Mail Extensions (MIME) – MIME is a method of encryption that converts non-ASCII email data into ASCII data through a network virtual terminal (NVT). Once the data is delivered, it is converted back into its original form.
- Message authentication – This form of encryption uses secret keys to encrypt and decrypt email. Only a receiver with the key can read the email.