In this essay i will look at the basic fundamentals of security and privacy for users and businesses in the 21st century and what i think the security risks are for them and what the impact the security problems have on our privacy laws, does this controversal access to everybit of information about people actually make system more secure e.g prevent system attacks. I will go indept into what i believe are the main security risks for users and businesses when browsing the internet or shopping and using online banking and also discuse briefly what it would be like to have no privacy. I will also discuses how when a user goes on a scoial networking site or search engine they might be at risk of sharing information unwillingly with the providers. And another topic i will be discussing in this is how humans fail in there bit for security and how to prevent this from happening.
Digital security in the 21st century is now more important than ever before, there are many different types of security threats to the average person, business or even government. This is because everything we do on a daily basis can have a security risk, whether it be from online shopping or checking your email. If a user’s computer has been hacked or has some spyware or malware and they are using it for online shopping, then the attacker may be able to gain access to the user’s sensitive data which can then be used for fraud or theft or sold on to a third party for marketing data.
Shopping in a store using your debit card can also be a risk as debit cards can be cloned by staff and pin numbers stolen using a device that looks the same as the card machine but has been designed or modified to remember pin codes and clone users debit cards/credit card details. Laptops and Mobile phones being stolen can have personal information on them, even losing your universal serial bus storage device or USB pen drive as they are know as for short which can contain all sorts of information because people, businesses and governments all use these devises to move or store data. And if the data is not encrypted then there is always the chance that someone can gain access to it.
Security is the main issue when it comes to a person’s personal information whether it be from browsing the Internet to online banking there will always be people who want to steal information for an entire range of reasons (eg: phishing and fraud) !
Another thing to be wary of is the topic of Liberty; are security laws infringing on our basic human rights to privacy and our security by allowing corporations and even governments to spy on our Internet communications for what they call ¿½anti-piracy¿½ or “National Security” such as the PATRIOT Act in the United Sates of America, and this brings me to conclude, why should the rights of the many suffer because of the actions of a few.
And this is being debated everyday of every week by civil rights activists to our own government deciding what they can do and cannot do. Too much information available about anyone to anyone can be dangerous and this topic should be taken extremely seriously.
One major impact on privacy is the development of social networking sites and search engine providers that sell the users information to third parties. The quote “Privacy is a fundamental human right. It underpins human dignity and other values such as freedom of association and freedom of speech. It has become one of the most important human rights of the modern age.” by Marc Rotenberg, Protecting Human Dignity in the Digital Age (UNESCO 2000) 1. And i think that we are heading into a society that does not care about the fundamental human rights we have and how we attained them.
For example anti-utopian, dystopian novels of the 20th century, depicted societies where privacy was non existant and an intrusive, oppressive regime denied this fundamental human right as a matter of course. In Yevgeny Zamyatin’s novel ¿½We¿½ 2the population lived in buildings constructed of glass, which allowed everyone and anyone to snoop on anyone whom they wished. Opposition is impossible in a society where privacy is non-existant. George Orwell’s 1984 ¿½Big Brother¿½ and tele-screen are frighteningly similar to todays move towards a 21stcentury society where the Government and corporations have full access to every bit of any citizen’s digital life.
The 19thcentury black champion of civil rights, Frederick Douglass protested that any rights and liberties won by any people were awarded after contesting the power structures of society. He said in 1857 that ¿½Power concedes nothing without a demand, it never did and it never will. Find out just what any people will quietly submit to, and you have found out the exact measure of injustice and wrong that will be imposed upon them.¿½ 3
Frederick Douglass, speaking on the emancipation of the West Indies, 1857
¿½Men may not get all they pay for in this world, but they must certainly pay for all they get.¿½ 3 also has meaning to that you can use a search engine for free and also a social networking site, but be careful of your information as they might sell it on to third parties.
In the book; The Art of Deception: Controlling the Human Element of Security 4, the authors Kevin D. Mitnick & William L. Simon na¿½blame the Human individual as the weakest link, the individual is relegated to a position below the security system in question. Page 3, titled in big black letters ¿½Security’s Weakest Link¿½ states ¿½…the humanfactor is truly security’s weakest link.¿½
In the Computer Security Handbook, John Wiley & Sons (2002) 5which some of the top security specialists in the world have contributed to. Donn B. Parker, a retired (1997) senior management consultant at RedSiren Technologies in Menlo Park, Ca, who has specialised in information security for 35 of his 50 years in the computer field and who Information Security Magazinehas identified as one of the five top Infosecurity Pioneers (1998) writes in ¿½5.1.3 Functions of Information Security Computer Security Handbook¿½ that the complete opposite to the previous paragraph is true, that the current three function security model, (prevention, detection, and recovery) are completely insufficient and that an 11 function model is needed to eliminate or mitigate the security risks in question, which include avoidance, deterrence, detection, prevention, mitigation, transference, investigation, sanctions & rewards, recovery, correction, & finally; education 5.
It is easy to jump to conclusions and intuitively blame the people whom personify ¿½hackers¿½ or adversaries to computer security professionals, but history shows us that nothing should be taken for granted concerning security. No system will be inherently perfect, and new technologies are continually being created and updated, and most will likely become more secure as time goes on. Human nature on the other hand is a constant and no man or woman should ever denigrate humanity to a role below that of a firewall, for any reason. If a computer security system is vulnerable, patch the system or come up with innovative methods to secure it from outside access, improve on the imperfect and take comfort knowing that you have executed your job successfully, thus without sacrificing your morality.
Types of attack
¿½ Once a malicious program has been installed on a person or business or governments body’s computer, it can cause harm in many different ways. And the most typical mechanisms for attacks by hackers is:
¿½ taking control of a users access and pretending to be that legitimate user. This can be very bad if a hacker gains access to any information as the user might not realise in time for it to be stopped being used eg. bank account or credit card information being stolen.
¿½ Stealing or copying secret or confidential data for corporate espionage or other purposes.
¿½ Destroying corporate data to do financial damage to a business or government body
¿½ Causing network and system shortages to paralyze a company¿½s operations eg. Denial of service attack (D.O.S) or Distributed denial of service attack (D.D.O.S).
Risks to an Organisation:
Security vulnerabilites coming from within an organisation are on the increase in today’s businesses and are increasingly the operational risks of any business in today’s world, and in a time of recession this is not good because it brings the running costs of the business up and costs to the average person may go up also . so this can lead to a loss of reputation in the regard to customers or partnership in a company or even the share holders of the company. There may also be a risk to the business by interruption to the company and lead to the violation of legal and government reulation requirements to protect sensitive customer information E.G OFCOM if the attack works, some examples are:
¿½ Unauthorized access to any information where the access includes disclosure, modification and destruction of any data.
¿½ Unauthorized users or hackers, i.e. a person who have not been given the rights by the owner/user to access the system.
How do people fail in the line of security?
Social Engineering & Manipulation: con-artists are being used to acquire confidential information by manipulating genuine users into telling them. It is a new type of insider attack that is on the up trend similar to an attack that is knowm as ¿½phishing¿½ in which a malicious or hackeris able toget internal access with access to company sensitive information in turn which can lead to other users/customers into providing access to forbiddon information.
These con-artists rely and work on the basis that people are kind hearted and not aware of the valuble information they know and are careless about protecting it because they think its irrelevant. These con-artists will search bins or skips or take advantage of people¿½s natural ability to choose passwords that are based on what is considered to bemeaningful to the user such as relative¿½s, date of birth or pets name etc but can be easily guessed if the hacker learns persoanl information about them. the name they now give the method these con-artists employ is called ¿½Social engineering¿½ and will always a threat to any security system.
More internal threats may be: if there is aloss of data or data is corrupted, and backups fail this will lead to business having a losses of revenu and this in turn may affect the clients and loss of money to a business.
There may also be misuse and theft of Call Records and information and also tele-communication center in which, internal breaches my accure by users who sometimes bypass the usage record from billing someone or a subscribers and then bydeleting the call record information from a database or by manipulating a program to overlook simple things to user subscribers.
Identity theft: Identity theft of a customer¿½s valuable information such as address, security passwords credit card information, and date of birth or in a business¿½s sense, ID cards, Access codes .
Identity fraud is a term that is used to refer to any type of crime in which any person or business wrongfully gets hold of and uses another person¿½s personal data in anyway way that may involves fraud or deception, typically for capital gains eg. giving the business an upper-hand from a competitor.
Information used in scanning of biometrics for example of soem (face image scanner, palm print scanner, hand scanner ,handwriting of a person, fingerprints,voice recognition software, iris/retina scaners ) are each unique to every person and cannot be given to another human for their use, but can be faked, well some of them. However, personal data, especially a credit card account or debit card number, and other valuable personal information can be taken advantage of and maybe used by the wrong person for fraudulent purposes and sold to third parties at the cost to the average users.
The not so innocent:
Browsing the Web and using e-mails can seem a normal exercise in layman terms but may seem na¿½ve to the advanced users whom understand the security risks. For the average user however, all their activities can upset business. Some viruses that can do this are ( Worms/trojons/malware/spyware or Choke viruses) that are design and aimed at Instant Messaging systems that people use such as a social networking site and windows live messenger (MSN), the users may use these softwares or websites to talk to their friends online or send information from and each pose their own unique security threats. Anti-virus softwares and other tools may not detect malicious code opening through the font-system 6 or Instant Messaging system, so infected files can infect the desktop and then into the network or a business.
If a company¿½s usb stick or security cards or notebooks are lost or stolen, important information may be at risk such as id names and Unique Identifier numbers.
Outside threats to an organisation:
External threats are mixed threats that combine many different ways such as worms, virus’s, spam and distributed denial of service (DDOS). Every day, hundreds of new ways are discovered to attack software and security breaches by intruders, hackers and security professionals. There are more than 30k hacking-based Web sites on the internet now so it no longer needs a computer savy person to hack a site, just someone with time and patience.
How to keep your computer safe with Virus Counter Measures.
Regular Updating of a users Anti-Virus and Anti Spyware Software: This is to protect the user against viruses and malware/spyware and this is why antivirus software should be installed.
All user email attachment files should be scanned: This is because computer viruses are most likely to be in an email attachment. just because emails come from your best friends does not mean it is still not important to scan there emails which may contain attachments before opening them as they may contain anything.
Key points for handling email attachments:
¿½ Be careful when opening email attachments from unknown recipien