Different types of Internet security

oceanchemicalSecurity

Jun 14, 2012 (5 years and 6 months ago)

440 views

Different types of Internet security
(Wednesday, 06 July 2005) - Contributed by Administrator - Last Updated (Wednesday, 06 July 2005)
What are the different types of security that are available for the Internet? Some background in Internet Security Policy
here:

http://www.eurocert.net/documents/other/NIST-SP800XX.html here:

Internet security is the practice of protecting and preserving private
resources and information on the Internet. Computer and network
security are tough

topics among executives and managers of computer corporations. Even
discussing security policies may seem to create a potential liability.
Therefore, enterprise management teams are often not aware of the many
advances and innovations in Internet and intranet security technology.
Without this knowledge, corporations are not able to take full
advantage of the benefits and capabilities of the network. Together,
network security and a well-implemented security policy can
provide a very effective solution to the problem of security. Employees
can then confidently use secure data

transmission channels and reduce or eliminate less secure methods, such
as photocopying proprietary information, sending purchase orders and
other sensitive financial information by fax, and placing orders by
phone.

Based on the article, the following are sample policy statements that address Internet-based security:

- "Identification and Authentication": Process of recognizing/verifying
legitimate users/processes. Authentication can be divided into three
areas: Static, Robust and Continuous. Passwords and IDs are an example.
- "Software Import Control": This category deals with virus
detection/prevention, controlling interactive software (Java, ActiveX)
and software licensees.
- "Encryption": This category deals with providing ways to retain
privacy and confidentiality over the Internet. Encryption may be used
in a variety of different applications: email, down/uploads, online
transactions, etc.
- "System/Architecture Level": This category deals the architecture of
system security. This may include firewalls, physically separated
networks (VPNs), remote system access, and internal database access.
- "Incident Handling": This category deals with how a
company/organization prevents and/or handles an actual security
incident, such as breach, hacker

intrusion, virus, worm, etc. A possible way to mitigate risk is to
assign a special Security or Response team trained in dealing with
"incidents."
- "Administrative": This category pertains to how the company
administration does the following: manages security on a day-to-day
basis, instills a "security culture" and/or educates its employees on security matters,
assigns security responsibility, resolves violations/establishing
penalties, establishes a privacy policy, etc.
- "Awareness Education:" Similar to above.

Further info on obtaining a good security policy can be found at:
http://www.iec.org/online/tutorials/int_sec/topic04.html?Next.x=43&Next.y=17

Elements of networking security may be divided into the following types:

1. Orange Book Security Levels and Firewalls
a. Orange Book Security Levels: Developed by the Dept of Defense (see
http://www.iec.org/online/tutorials/int_sec/topic01.html?Next.x=21&Next.y=13
)
b. Firewalls: They are not only useful for keeping out hackers and
http://www.searchengineer.us - searchengineer.us
Powered by Mambo
Generated: 14 June, 2012, 14:05
other malicious outsiders, they can be used to compartmentalize
different servers and

networks, in effect controlling access *within* the organizational network




2. Password Mechanisms: a way to identify and authenticate users as they access the system.

3. Encryption, Authentication, and Integrity
a. Encryption can be explained as follows [2]:
* the coding of data through an algorithm or transform table into apparently unintelligible garbage
* used on both data stored on a server or as data is communicated through a network
* a method of ensuring privacy of data and that only intended users may view the information
b. Authentication and Integrity
i. Authentication simply makes sure users are who they say they are
ii. Integrity is knowing that the data sent has not
been altered along the way. Message integrity is maintained with
digital signatures. Digital certificates

encrypt data using Secure Sockets Layer (SSL) technology. A newer
technology called SET hopes to increase integrity and security even
further (

http://www.setco.org/ ).

[1] http://www.cert.org/
[2] http://www.iec.org/online/tutorials/int_sec/
[3] http://www.w3.org/Security/faq/www-security-faq.html
http://www.searchengineer.us - searchengineer.us
Powered by Mambo
Generated: 14 June, 2012, 14:05