Internet Security

1
Internet Security

• Servers
• Hacking
• Publicly available information
• Information storage
• Intrusion methods
• Phishing
• Pharming
• Spyware
• Viruses
• Spam
• Identity theft

2
Concerns Shared by Firms and Consumers

• Identity theft
• Fraudulent use of credit cards or bank accounts
• Loss of privacy
• Consumer reluctance to shop online due to fears
  of fraud
• Costs of authentication

3
Consumer Privacy Concerns

• Large amounts of consumer information can be
  bought online
• Some information is available to the public
  through government officese.g.,
• Real estate ownership
• Vehicle registrations
• Licenses (drivers /professional)
• Personal recordse.g.,
• Marriage divorce
• Certain tax liens
• Certain criminal records
• Bankruptcies

• Information inadvertently posted online
• Information posted without consent of customer
• E.g., employment records
• E.g., membership directories

4
Consumer Privacy Concerns, Part II

• Online services combining information
• Information sold by vendors (e.g., unlisted phone
  numbers of customers purchase histories)
• Aggregation of databases (e.g., combining
  multiple phone directories and real-estate
  recordings)

• Information that is only supposed to be available
  when authorized
• Credit records
• Medical
• Some information may be available only to certain
  kinds of users

5
Online Data Storage

• Types of information stored on customers
• Login, passwords
• Credit card information
• Purchase histories
• Home addresses
• Other personal info
• May or may not have resulted from online
  transactionsdatabases are often networked for
  internal firm use

6
Vulnerable Information

• Social security numbers
• Place and date of birth mothers maiden name
• Home address
• Login and passwords
• Financial information

7
Data Interception

• By employees or others with direct access to
  information
• Cyber thieves may attempt to access information
  through
• Phishing/pharming
• Host computer
• Log-in through insecure passwords
• Hacking
• Internet traffic
• Local networksespecially wireless with limited
  or no security

8
Password Vulnerabilities

• Disclosure to strangers
• Theft of databases
• Phishing
• Use of obvious passwords
• Common words
• Personal informatione.g., phone number, address,
  birthday
• Passwords not frequently changed
• Password sniffers

9
Some Security Measures

• Encryption
• Tracking of IP address of entry into the computer
• Secondary passwords
• Consumer chosen icon
• In e-mails
• At site, once origin IP address is recognized

10
Servers

• Denial of service
• Numerous requests to identify are sent to
  targeted server
• The server may slow down or become entirely in
  accessible
• Computers and servers infected through viruses
  are often targeted
• Mostly intended as vandalism

• Hacking
• Hackers break into computer systems
• Purposes
• Taking on challenge/political expression
• Vandalism
• Stealing information

11
Hacking

• Established software has holes that are
  gradually discovered
• May be able to crash sites and access core
  dump files intended for use by programmers to
  identify problems
• Exploitation of back doors left by programmers

12
Phishing

• Consumer receives an e-mail asking that he or she
  log in to take care of account issues
• This e-mail contains a legitimate-looking
  hyperlink title but the actual link is to a take
  site
• 1 of consumers are estimated to fall for the
  hoax

• The consumer logs into a fake site, providing
  login, password, and other info

13
Phishing--Remedies

• Consumer education
• Software safeguards
• Warning if the internal link does not match the
  title
• Feasible only when the title features an actual
  address
• E-mail filters
• E-mail programs
• Server
• Anti-virus software

• Quick identification of phishing sites
• Cooperation with host
• Denial-of-service attacks if needed
• Massive entry of fake data
• Tracing of logins based from origin of phishing
  e-mail or site

14
Pharming

• The user attempts to go to a legitimate web site
  address but is redirected
• Through hacking of DNS servers (match domain
  names with numerical IP address)
• Through false report of changed server to DNS
  registrar
• Malicious code in trojan horse or virus to
  redirect traffic

15
Viruses

• Malicious code that attacks a computer to
• Cause damage (vandalism)
• Serve as spam or denial of service attack server
• Transmit data
• Spread through
• Software (as trojan horse or through infection of
  legitimate software)
• E-mail attachments
• Online activity

16
Trojan Horses

• Legitimate-looking software intended to spread
  malicious code
• User downloads software and once run, malicious
  code is run with results similar to those of
  viruses

17
Spyware

• Software that sends back user information through
  Internet connection
• Legal vs. illegal
• Legitimate and authorized by user
• Non-malicious intent but not authorized
• Malicious
• May be spread through program, trojan, or virus

18
E-mail Spam

• Unsolicited e-mail messages
• Unsolicited contacts have always happened but
  telemarketing and bulk mail are more expensive
  than e-mail
• Very low response rate but very low cost of
  distribution
• Usually sent by
• Unauthorized vendors
• Fraudulent persons/vendors

19
Determining When E-mail Is Likely to Be Welcome

• Individual vs. mall mailing
• Established relationship with receiver
• Logistical communication
• Offering of new services
• Promoting services by others
• Opt-in policies

20
Spam Remedies

• Termination by host
• E-mail generally sent through SMTP servers
  located at the Internet Service Provider (ISP)
  site
• Problems
• Foreign governments may not cooperate
• Spammer may move on to other addresses quickly

• Anti-spam programs
• Locations
• In e-mail servers
• On the users computer
• At local server
• Problems
• Distinguishing legitimate messages from
  non-legitimate
• Imperfect algorithms
• Regulatory
• Legal limits
• Litigation of offenders in reachable jurisdictions