Network security and threats, and using firewalls, proxies and encryption
Introduction
There are many threats to security on a network. In this section, we will detail the most common ones and how to deal with them.
Viruses, worms and trojan horses
A virus is a program that has been written by someone. It can replicate itself, be attached to files and applications and can cause a lot of damage because it can change the contents of your hard disk as well as use up your memory. They can spread very quickly, usually by shared storage devices or email attachments. Ideally, you should never share storage devices. You should never open an email attachment unless you know and can trust where it comes from (by checking a digital certificate, for example). Attachments to be especially careful of include file names ending in .exe .bat .pif .scr and .vbs. Other types of viruses include ‘Worms’ and ‘Trojan horses’. Worms are programs that can spread themselves via vulnerable network connections. They are standalone programs, unlike viruses, which ‘piggyback’ on other programs. In addition to unauthorised use of systems and causing damage, they can take up a lot of bandwidth as they spread and slow networks right down. A particularly nasty one called MSBlaster affected computers worldwide in August 2003. It spread very quickly, hunting for computers on the Internet without a firewall. When it found one, it jumped into the computer through the open communication port and infected it without the user knowing - until their PC closed down every time an Internet connection was made!! Another one, W32.Sobig.F@mm mails itself to all the email addresses it can find on an infected computer. Trojan horses are viruses hidden inside seemingly innocent programs. They, too, can cause major problems for your computer.
You should always have an anti-virus program on your computer and you need to ensure that the virus patterns are always up-to-date. Updating virus patterns typically happens at least once a day. An up-to-date anti-virus program will catch most viruses, worms and trojan horses most of the time.
Spyware and adware
These are both types of malicious software (called 'malware' for short). Spyware is the name given to software that gets access to your computer without you knowing, often because you have downloaded and installed free software from the Internet. Spyware can change the settings on your computer and interfere with or slow down your internet experience. Spyware can also gather information silently about your computer habits and personal information and transmit them to unauthorised people. Adware is software that gets access to your computer, again usually because you have downloaded free software from the Internet or you have downloaded legitamate software but it cam bundled with adware. You often have the option to not install adware when installing any software so be careful about just clicking OK - OK - OK when installing new software! Always check to see if there is a screen that is asking if you want to install extra software that has nothing to do with the main software. Adware can cause adverts to pop up on your screen or in your browser and can add adverts to whatever browser you are using and can be very annoying.
You should frequently run software designed specifically to identify and destroy spyware and adware. Two such programs are:
and Adaware from
Phishing
This is a term used to describe when criminals try to get hold of your credit card details or other personal information by pretending to be someone they are not over the Internet. They do this by sending out bogus emails e.g. pretending to be from a bank and asking you to confirm passwords for security reasons or by setting up a web site that looks like it is a legitimate business and luring you into entering personal data, perhaps by advertising very cheap prices for goods. Despite numerous warnings that organisations never ask for personal details by email, and reminding people that if an offer is too good to be trueit probably is, people fall victim to Phishing attacks regularly and can suffer huge financial loses.
Cookies
A cookie is text file deposited onto your computer by a website that you have been to. When you next visit the website, the cookie detects that you have been there before and can display content based on what has been accessed previously or can retrieve information entered last time, such as personal details or account details. It's not a threat to your computer as such but many people block cookies on their computer because they don’t like the idea that information is being collected about their surfing habits and potentially, being sent back to the websites that they visit. Websites now have to legally ask your permission to put a cookie on your computer.
Hackers and hacking
Hackers try to get unauthorised access to your computer by 'hacking' into it (breaking in to it). Firewalls, described later, are an excellent way of preventing hackers from getting into a network and most companies and individuals set one up on their system.
Firewalls and proxies on a network
The Data Protection Act 1998 requires that an organisation take steps to keep data secure. Any computer system that is accessible to people, either physically or over a network, has a problem - how does it make sure that only those people who should have access to data or resources on a network can do so and everyone else is excluded? How can it ensure that it keeps data secure? You could use firewalls, proxy servers and authorisation, encryption and authentication techniques.
A Firewall, according to the British Computing Society's 'A Glossary of Computing Terms', "is a computing program used in a large computing system to prevent external users (even if authorised) getting access to the rest of the system. Network users' access is restricted to a small part of the system and the firewall software prevents a user (including unauthorised users) accessing data or executing any programs in the rest of the system".
When a user on a network wants to access data or applications held in a main server, it sends a request for the information. The request is typically intercepted by the firewall program sitting in a proxy server. A proxy server is simply a server that has been set up to control access to the main server. The firewall program will look at the request and the information about the user that is automatically attached to it. It then checks both that the user is valid and that they have the right to the information they are requesting. It is able to do this because it holds a database of all the users and their associated rights - it just needs to look up its database! If the request is valid, then the firewall will send a message to a proxy server to retrieve the requested data. The proxy server will then access the data from the main server and pass it out through the firewall to the user. The user cannot access the main server directly but must go through the firewall and proxy server.
Firewalls and authorising a user from outside a LAN
Many computer networks are set up so that users can dial into them to retrieve files and use their resources. To prevent only authorised users dialling into the network, a firewall program on a proxy server can be used. A user dials in to the network with a user ID and password. The firewall looks at these and also looks at the other information automatically attached to the request, such as the individual's IP address. Using all of this information, it attempts to authorise the user. If the user can be validated, then access is granted. The user, however, will continue to work through this firewall and proxy server and will not have direct access to the network itself.
Encyption when using a network
Symmetric and asymmetric encryption methods were discussed in detail here:
Symmetric and asymmetric encryption
Authentication and digital signatures
When someone sends you an email, how can you be sure that it comes from whom you think it comes from? You can achieve this by using digital signatures. PGP can be used to sign an email digitally, with a special signature. It works like this.
1) Alfred writes an email to Max.
2) He digitally signs it. By that, we mean that the PGP program takes the message and Alfred’s Private Key and then generates a signature (a mixture of characters from the keyboard). The signature is attached to the email.
3) Alfred then sends it.
4) When Max receives it, he opens his PGP program and uses Alfred's Public Key to check the signature. If there is any change in the message or Alfred's Private Key hasn't been used, then Max will be told by the computer that authentication has failed and he should consider that the message is not from Alfred or has been compromised.
Digitally signing emails is a very good way of letting your users check communications received. You do not want anyone pretending that they are you and your users need a way of being confident that an email is from who it says it's from.
Digital certificates
A digital certificate is another way of proving who you are when you do business on the Internet. Certificates are only issued by special companies after a series of stringent security checks. If someone goes to a web site to buy something and the web site has a genuine digital certificate, it increases the confidence of that buyer to do business with the web site.
http and https
When you request a website from a web browser, it is sent to your computer using a set of standards known as http. This is not secure so somebody potentially could intercept this communication and see what has been requested. If you are sending, for example, your personal details or a password across the Internet using a web page, or requesting a web page with your personal finances on, then there is a serious risk these details could be intercepted and used for criminal activities, such as stealing from your bank or identity theft. To prevent this, companies use the https protocol rather than the http one. https stands for Hyper Text Transfer Protocol Secure and is the secure version of http. If you are using an https website then you can reasonably expect that you are communicating with the website you were intending to communicate with and that any communications are encrypted automatically so can't be intercepted and used by criminals.
Free hotspots and https
You should assume that at all times on a public network, someone else is watching what you have on your screen and can see all of your communications. When you use a free local hotspot with wifi on a phone, tablet or laptop, your communications are especially vulnerable. Anyone on these types of unencrypted networks, with the right freely available software, can capture the packets of data that make up communications across networks and can steal any information you send or receive. It is also perfectly possibly for an unscrupulous criminal to set up what appears to be a free local hotspot for you to use, which you unwittingly connect to. They can then easily see everything you are doing on your computer. It is very important to only use encrypted communications across any public network and to use https at all times for anything sensitive. However, the best course of action is to not use public networks for anything at all that is sensitive.
Virtual Private Networks (VPNs)
Many people go on holiday, go travelling or go on business these days and they need constant access to the Internet. We know that this presents a serious security risk so what can people do. The best solution by far is to ensure that all communications between you and whatever websites you are using on a public network or a network that you cannot trust are encrypted. The best solution is to rent a Virtual Private Network service. This can cost just a few pounds a month. What happens when you sign up is that you download and install some client software. When you go to a public hotspot and log on, the client software makes contact with the VPN service and your computer and the VPN exchange security keys, to verify to each other that you are authentic. Once this has been done, all of your communications are encrypted and go via the VPN service. Apart from encrypting everything, the VPN service masks your IP address. This can be useful if you want to watch your favourite program on catch-up TV via the Internet whilst on holiday but you can only do so if you are in the UK.
No system is 100% secure
Of course, it is possible for the VPN service to intercept your communications if they wanted to. Companies and individuals who are concerned about this check carefully in the Terms and Conditions whether a VPN company logs communications. Most don't but the weak link in any 'secure' system are the employees, who could do something unauthorised or illegal if given an opportunity and reason!