1. What is Information security?

Information security (also known as InfoSec) means basically keeping your information under your direct control: that no one can access your information without your permission -- and that you know what risks you take when you allow someone to access the information you own.

It is essential to understand that you do not want everyone to have access to all your information. For most people it is clear that they want to keep their private and sensitive information like passwords and credit card information away from the hands of other people. Many of them don’t understand though, that even some pieces of information, that might seem meaningless to them may be very valuable to some other people, especially when combined together with other pieces of information. For instance a corporation could want your demographic information for marketing purposes -- so badly, that they would be happy to buy it from a person, who gathers this information by accessing your computer illegally.

It is also important to understand, that even if you don’t give any of your information to anyone on the Internet, someone may access your computer system to get the information they need.

2. Vulnerabilities of the Internet

Internet is vulnerable to flaws and weaknesses in the network defence. Vulnerabilities may result from bugs or design flaws in the system. Some vulnerabilities are caused by un-sanitized user input, often allowing the direct execution of commands or SQL statements. Sometimes the programmer fails to check the size of data buffers, which can overflow and cause corruption of the stack or heap areas of memory.

Vulnerability usually allows an attacker to trick the application into bypassing access control checks or executing commands on the system hosting the application.

There are a number of vulnerabilities that your computer and network may be subjected to. Some of the most common ones are input validation errors like format string bugs, improperly handling of shell metacharacters so they are interpreted, SQL injection and in web applications cross-site scripting. Also stack smashing and other buffer overflows as well as symlink races are common vulnerabilities.

Vulnerability scans

Vulnerabilities might exist in all major operating systems like Windows, Mac OS, Linux, OpenVMS, and others. The vulnerability of your network and servers can be tested by vulnerability scans. They test your servers, web pages, firewall and others for possible vulnerability.  Vulnerability scans can be downloaded from the Internet.

3. Security problems

The security problem occurs when an unauthorised attacker; a hacker, virus or other type of malware breaks into the system.

Browsers are the most common targets of Internet security breaches. They are often merely an annoyance as the browser might slow down and crash at regular intervals, the data could become inaccessible and at worse cases the confidentiality of user’s personal information could be violated.

If there are bugs or misconfiguration problems in the Web server they might allow unauthorized remote users to gain access to confidential documents containing personal information or to obtain information about the server’s host machine that will allow a break into the system. They can also execute commands on the server host machine, allowing them to modify the system and to launch denial-of-service attacks, rendering the machine temporarily unusable. Denial-of-service attacks, also known as DoS, will target the computer's network bandwidth or connectivity. A distributed denial-of-services attack, DDoS, will use a number of computers the perpetrator has taken over, to attack against one or more targets. Typically a DDoS master program is installed on one computer using a stolen account.

The spying on interception of network data moving between the server and the browser can be made possible if the vulnerability of the network or the server is left open to it.

Hacker

A hacker is a person who creates and modifies computer software and computer hardware. The term hacker has negative connotations as it’s a term used for a person who exploits a system and gains unauthorized access to systems and often performs tasks that are not recommended or often legal. However the term can also relate to a person who simply uses his or hers skills to for example create computer programming, administration and security-related items.

Computer viruses

The most common security issue concerning individual users as well as companies, are viruses. Computer virus is an unsolicited program that insert copies of itself on the computer programs. Computer viruses are one type of malicious software or malware. Other types of malware are so called worms, trojan horses, adware and spyware.

Malware can be a mere nuisance by affecting the useability of your computer by slowing it down, making the computer crash at regular intervals and also affecting the various programs and documents you might want to access. More seriously malware can become a security risk by acquiring personal information about you from your emails and other data stored on your computer.

Adware and spyware are most annoying as they keep the unwanted advertising popping up on your screen. Spyware also collects your personal information and provides commercial interests with your details.

You can protect your computer and yourself by using appropriate software to combat unwanted and possibly destructive malware. (See How to protect your computer against viruses for more information.)

Phishing

Phishing is a term used for an identity theft. Phishing is a criminal activity where a person or a business is approached fraudulently usually by an email claiming to be from a legitimate organization and requesting personal information, like bank account details, passwords and credit card details, from the receiver of the email.  The information is used to access Internet bank accounts and other organizations where personal details are needed to access the site.

Anti-phishing software attempts to expose the true identity of the sender of the email or the website. But the personal vigilance is the best protection from phishing: no reputable bank or legitimate organization would ask for your personal details on an email.

Email

It is also good to remember, that email has no guarantee of privacy: it is as private as a postcard. On its way to the recipient your email travels through a lot of servers, where it can be accessed by those who manage the system as well as those who have illegally intruded it. The only way to be relatively sure for the privacy of your email is to use encryption. See more below..

4. How to protect your network and systems?

Your constant vigilance is essential for protecting your system from being exposed to an attack due to vulnerability. Also efficient software can be installed to make using the Internet more secure for you.

Physical means

Below we’ll talk more about the different software and other system related means of keeping your information safe, but it is good to remember that there are other ways to the intruders to access your information too. Keep your computer and especially your laptop always in a safe place. Protect your computer with a password and preferably shut it down when you leave it. Be very suspicious of anyone who wants to have any of your passwords - even the people who work (or claim to work) for the technical support of your company. If they need your password, rather type it on the computer by yourself (so that they don’t see it) than tell it to them. Change the password always if you have accidentally let anyone else to know it -- or even if you just feel that someone else has had access to it. Don’t write your passwords anywhere.

Updates

Keep all your software, including your operating system software up-to-date. If you use automatic update that checks for the updates only on the start-up of your computer, restart your computer daily.

Firewalls

Firewall is either hardware or software that will protect your network or server from an intruder. Firewalls vary depending on the needs of the user. If a firewall is needed for a single node operating with one network, a personal firewall is appropriate. With a traffic entering or leaving a number of networks a network firewall filters is needed to filter all the traffic. Many servers and networks come with a default firewall but it is worth checking that it filters effectively everything you need it to, if not it’s worth acquiring a more powerful firewall.

Packet sniffers

An effective way to monitor traffic passing over a network is using so called packet sniffers. Gathering information by logging the traffic coming in and going out can be useful in detecting network intrusion attempts. They can also be used for analyzing network problems and filtering suspect content from network traffic.

Encryption

Encryption is an encoding of data so that it cannot be read by anyone who does not have the password that decodes it. Encryption garbles the data by using irreversible mathematical functions. Encryption makes the information on your computer non-readable for anybody who has stolen or gained access to it without your permission. PGP is one of the most popular piece encryption software programs.

5. Wireless network security

Wireless networks are popping up everywhere and the exponential growth doesn't seem to show signs of stopping anytime soon. It comes with some security concerns as well. As well as you can access the network from anywhere the wireless connection is available so can anybody else willing to do so as well. Added to the general security measures you follow to protect your wired network, it’s essential that you follow simple rules to give the wireless connection the best possible security.

Encryption

Protect your wireless network by using Wireless Encryption Protocol (WEP). This works by establishing a shared 64-bit or 128-bit key between the clients and the access-point, then using the key to encrypt and de-encrypt the data passing between them. This offers adequate security for a home network. Consult the documentation for your wireless devices to find out how to enable and configure WEP on your network. For business environments, WEP should be looked on as a starting point for security only. They should seriously consider moving their wireless networks to the more secure WPA capable networking.

Identification

Devices and Administrators come with default system IDs. It’s very easy for a hacker to find out what they are, so make the passwords and ID personal to you by changing it. It is good idea to name your devices with a names that don’t reveal to whom they belong or where they are: i.e. instead of using your physical address like the name of the building or the name of the company as the name of your device, use names like “mountain” or “my device”.

Identifier Broadcasting

Your hardware might have a default function of broadcasting the status of your connection. As the wireless network might be especially easy for hackers to break into, disable the identifier broadcasting from functioning.

MAC Filtering

A MAC address (also known as a physical address) is a unique hardware identifier assigned to every network device. MAC address filtering means that you enter manually a list of the addresses found in your local network and configuring your router to allow only these specific addressed to connect via the wireless network. Mac addresses can be easily found by going to the command prompt on each system and typing the following command:

ipconfig /all

CONCLUSION

By following these safety measurements you can make your networking and your use of Internet more safety. Since the technology as well as the knowledge of hackers and other intruders will develop all the time, keep yourself informed by following websites on Information Security (see for instance Information Security Forum).