“Internet security”的意思、由来-开放百科全书

Internet security is a branch of computer security specifically related to not only the Internet, often involving browser security and the World Wide Web{{citation needed|date=April 2018}}, but also network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet.^[1] The Internet represents an insecure channel for exchanging information, which leads to a high risk of intrusion or fraud, such as phishing,^[2] online viruses, trojans, worms and more.

Many methods are used to protect the transfer of data, including encryption and from-the-ground-up engineering. The current focus is on prevention as much as on real time protection against well known and new threats.

Threats

Malicious software

An internet user can be tricked or forced into downloading software that is of malicious intent onto a computer. Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.

Denial-of-service attacks

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Another way of understanding DDoS is seeing it as attacks in cloud computing environment that are growing due to the essential characteristics of cloud computing.^[3] Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. According to businesses who participated in an international business security survey, 25% of respondents experienced a DoS attack in 2007 and 16.8% experienced one in 2010.^[4] DoS attacks often use bots (or a botnet) to carry out the attack.

Phishing

Phishing is an attack which targets online users for extraction of their sensitive information such as username, password and credit card information.^[5] Phishing occurs when the attacker pretends to be a trustworthy entity, either via email or web page. Victims are directed to fake web pages, which are dressed to look legitimate, via spoof emails, instant messenger/social media or other avenues. Often tactics such as email spoofing are used to make emails appear to be from legitimate senders, or long complex subdomains hide the real website host.^[6]^[7] Insurance group RSA said that phishing accounted for worldwide losses of $10.8 billion in 2016.^[8]

Application vulnerabilities

Applications used to access Internet resources may contain security vulnerabilities such as memory safety bugs or flawed authentication checks. The most severe of these bugs can give network attackers full control over the computer. Most security applications and suites are incapable of adequate defense against these kinds of attacks.^[9]^[10]

Remedies

Network layer security

TCP/IP protocols may be secured with cryptographic methods and security protocols. These protocols include Secure Sockets Layer (SSL), succeeded by Transport Layer Security (TLS) for web traffic, Pretty Good Privacy (PGP) for email, and IPsec for the network layer security.

Internet Protocol Security (IPsec)

IPsec is designed to protect TCP/IP communication in a secure manner. It is a set of security extensions developed by the Internet Task Force (IETF). It provides security and authentication at the IP layer by transforming data using encryption. Two main types of transformation that form the basis of IPsec: the Authentication Header (AH) and ESP. These two protocols provide data integrity, data origin authentication, and anti-replay service. These protocols can be used alone or in combination to provide the desired set of security services for the Internet Protocol (IP) layer.

The basic components of the IPsec security architecture are described in terms of the following functionalities:

The set of security services provided at the IP layer includes access control, data origin integrity, protection against replays, and confidentiality. The algorithm allows these sets to work independently without affecting other parts of the implementation. The IPsec implementation is operated in a host or security gateway environment giving protection to IP traffic.

Multi-factor authentication

Multi-factor authentication (MFA) is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).^[11]^[12] Internet resources, such as websites and email, may be secured using multi-factor authentication.

Security token

Some online sites offer customers the ability to use a six-digit code which randomly changes every 30–60 seconds on a security token. The keys on the security token have built in mathematical computations and manipulate numbers based on the current time built into the device. This means that every thirty seconds there is only a certain array of numbers possible which would be correct to validate access to the online account. The website that the user is logging into would be made aware of that device's serial number and would know the computation and correct time built into the device to verify that the number given is indeed one of the handful of six-digit numbers that works in that given 30-60 second cycle. After 30–60 seconds the device will present a new random six-digit number which can log into the website.^[13]

Electronic mail security

Background

Email messages are composed, delivered, and stored in a multiple step process, which starts with the message's composition. When the user finishes composing the message and sends it, the message is transformed into a standard format: an RFC 2822 formatted message. Afterwards, the message can be transmitted. Using a network connection, the mail client, referred to as a mail user agent (MUA), connects to a mail transfer agent (MTA) operating on the mail server. The mail client then provides the sender’s identity to the server. Next, using the mail server commands, the client sends the recipient list to the mail server. The client then supplies the message. Once the mail server receives and processes the message, several events occur: recipient server identification, connection establishment, and message transmission. Using Domain Name System (DNS) services, the sender’s mail server determines the mail server(s) for the recipient(s). Then, the server opens up a connection(s) to the recipient mail server(s) and sends the message employing a process similar to that used by the originating client, delivering the message to the recipient(s).

Pretty Good Privacy (PGP)

Pretty Good Privacy provides confidentiality by encrypting messages to be transmitted or data files to be stored using an encryption algorithm such as Triple DES or CAST-128. Email messages can be protected by using cryptography in various ways, such as the following:

The first two methods, message signing and message body encryption, are often used together; however, encrypting the transmissions between mail servers is typically used only when two organizations want to protect emails regularly sent between each other. For example, the organizations could establish a virtual private network (VPN) to encrypt the communications between their mail servers over the Internet.^[14] Unlike methods that can only encrypt a message body, a VPN can encrypt entire messages, including email header information such as senders, recipients, and subjects. In some cases, organizations may need to protect header information. However, a VPN solution alone cannot provide a message signing mechanism, nor can it provide protection for email messages along the entire route from sender to recipient.

Multipurpose Internet Mail Extensions (MIME)

MIME transforms non-ASCII data at the sender's site to Network Virtual Terminal (NVT) ASCII data and delivers it to client's Simple Mail Transfer Protocol (SMTP) to be sent through the Internet.^[15] The server SMTP at the receiver's side receives the NVT ASCII data and delivers it to MIME to be transformed back to the original non-ASCII data.

Message Authentication Code

A Message authentication code (MAC) is a cryptography method that uses a secret key to encrypt a message. This method outputs a MAC value that can be decrypted by the receiver, using the same secret key used by the sender. The Message Authentication Code protects both a message's data integrity as well as its authenticity.^[16]

Firewalls

A computer firewall controls access between networks. It generally consists of gateways and filters which vary from one firewall to another. Firewalls also screen network traffic and are able to block traffic that is dangerous. Firewalls act as the intermediate server between SMTP and Hypertext Transfer Protocol (HTTP) connections.

Role of firewalls in web security

Firewalls impose restrictions on incoming and outgoing Network packets to and from private networks. Incoming or outgoing traffic must pass through the firewall; only authorized traffic is allowed to pass through it. Firewalls create checkpoints between an internal private network and the public Internet, also known as choke points (borrowed from the identical military term of a combat limiting geographical feature). Firewalls can create choke points based on IP source and TCP port number. They can also serve as the platform for IPsec. Using tunnel mode capability, firewall can be used to implement VPNs. Firewalls can also limit network exposure by hiding the internal network system and information from the public Internet.

Types of firewall

Packet filter

A packet filter is a first generation firewall that processes network traffic on a packet-by-packet basis. Its main job is to filter traffic from a remote IP host, so a router is needed to connect the internal network to the Internet. The router is known as a screening router, which screens packets leaving and entering the network.

Stateful packet inspection

In a stateful firewall the circuit-level gateway is a proxy server that operates at the network level of an Open Systems Interconnection (OSI) model and statically defines what traffic will be allowed. Circuit proxies will forward Network packets (formatted unit of data ) containing a given port number, if the port is permitted by the algorithm. The main advantage of a proxy server is its ability to provide Network Address Translation (NAT), which can hide the user's IP address from the Internet, effectively protecting all internal information from the Internet.

Application-level gateway

An application-level firewall is a third generation firewall where a proxy server operates at the very top of the OSI model, the IP suite application level. A network packet is forwarded only if a connection is established using a known protocol. Application-level gateways are notable for analyzing entire messages rather than individual packets of data when the data are being sent or received.

Browser choice

Web browser statistics tend to affect the amount a Web browser is exploited. For example, Internet Explorer 6, which used to own a majority of the Web browser market share,^[17] is considered extremely insecure^[18] because vulnerabilities were exploited due to its former popularity. Since browser choice is now more evenly distributed (Internet Explorer at 28.5%, Firefox at 18.4%, Google Chrome at 40.8%, and so on),^[17] vulnerabilities are exploited in many different browsers.^[19]^[20]^[21]

Internet security products

Antivirus

Password managers

A password manager is a software application that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password; a single, ideally very strong password which grants the user access to their entire password database from top to bottom.^[23]

Security suites

So called security suites were first offered for sale in 2003 (McAfee) and contain a suite of firewalls, anti-virus, anti-spyware and more.^[24] They also offer theft protection, portable storage device safety check, private Internet browsing, cloud anti-spam, a file shredder or make security-related decisions (answering popup windows) and several were free of charge.^[25]

See also

References

1. ^{{cite book|last=Gralla|first=Preston|title=How the Internet Works|year=2007|publisher= Que Pub|location= Indianapolis| isbn=0-7897-2132-5}}
2. ^{{cite book|last=Rhee|first= M. Y.|title= Internet Security: Cryptographic Principles, Algorithms and Protocols|year=2003|publisher=Wiley|location= Chichester|isbn= 0-470-85285-2}}
3. ^{{cite journal|url=http://ieeexplore.ieee.org/abstract/document/7289347/|title=Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges|first1=Q.|last1=Yan|first2=F. R.|last2=Yu|first3=Q.|last3=Gong|first4=J.|last4=Li|publisher=|journal=IEEE Communications Surveys and Tutorials|volume=18|issue=1|pages=602–622|via=IEEE Xplore|doi=10.1109/COMST.2015.2487361}}
4. ^{{cite web|title=Information Security: A Growing Need of Businesses and Industries Worldwide|url=https://businessdegrees.uab.edu/resources/infographic/mis-security-infographic/|website=University of Alabama at Birmingham Business Program|accessdate=20 November 2014}}
5. ^{{cite web|last1=Izak|first1=Belarua|title=Welke virusscanners zijn het beste voor macOS High Sierra|url=https://virusscannermac.nl/beste-virusscanner-voor-mac/|website=Virusscanner MAC|accessdate=4 January 2018|language=nl-NL}}
6. ^{{cite book |authors=Ramzan, Zulfikar |chapter=Phishing attacks and countermeasures |editors=Stamp, Mark & Stavroulakis, Peter |title=Handbook of Information and Communication Security |publisher=Springer |year=2010 |isbn=9783642041174 |url=https://books.google.com/books?id=I-9P1EkTkigC&pg=PA433}}
7. ^{{cite journal|last1=van der Merwe|first1=Alta|last2=Loock|first2=Marianne|last3=Dabrowski|first3=Marek|title=Characteristics and Responsibilities Involved in a Phishing Attack|journal=Proceedings of the 4th International Symposium on Information and Communication Technologies|date=2005|pages=249–254|url=https://dl.acm.org/citation.cfm?id=1071800|accessdate=4 January 2018|publisher=Trinity College Dublin}}
8. ^{{cite web|url=https://www.rsa.com/en-us/blog/2017-02/fraud-insights-integration|title=Fraud Insights Through Integration|last=Long|first=Mathew|date=February 22, 2017|website=|publisher=RSA|archive-url=|archive-date=|dead-url=|accessdate=October 20, 2018}}
9. ^{{Cite web|url=https://msdn.microsoft.com/en-us/library/ms994920.aspx|title=Improving Web Application Security: Threats and Countermeasures|website=msdn.microsoft.com|access-date=2016-04-05}}
10. ^{{cite web|title=Justice Department charges Russian spies and criminal hackers in Yahoo intrusion|url=https://www.washingtonpost.com/world/national-security/justice-department-charging-russian-spies-and-criminal-hackers-for-yahoo-intrusion/2017/03/15/64b98e32-0911-11e7-93dc-00f9bdd74ed1_story.html?tid=ss_fb-bottom|website=Washington Post|accessdate=15 March 2017}}
11. ^{{Cite web|title = Two-factor authentication: What you need to know (FAQ) – CNET|url = https://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/|website = CNET|accessdate = 2015-10-31}}
12. ^{{Cite web|url=https://www.iphonebackupextractor.com/blog/extract-data-two-factor-authentication/|title=How to extract data from an iCloud account with two-factor authentication activated|website=iphonebackupextractor.com|access-date=2016-06-08}}
13. ^{{cite web|url=https://searchsecurity.techtarget.com/definition/security-token|title= What is a security token?|publisher=SearchSecurity.com|author=Margaret Rouse|date=September 2005|accessdate=2014-02-14}}
14. ^{{cite web|url=http://itcd.hq.nasa.gov/networking-vpn.html|title= Virtual Private Network|publisher=NASA|date=|accessdate=2014-02-14}}
15. ^{{cite web|url=http://www.pvv.org/~asgaut/crypto/thesis/node6.html|title= Network Virtual Terminal|publisher=The Norwegian Institute of Technology ppv.org|author=Asgaut Eng|date=1996-04-10|accessdate=2014-02-14}}
16. ^{{cite web|url=http://www.wisegeek.com/what-is-a-message-authentication-code.htm |title=What Is a Message Authentication Code? |publisher=Wisegeek.com |date= |accessdate=2013-04-20}}
17. ^¹{{cite web|url=https://www.w3schools.com/browsers/default.asp|title= Browser Statistics|publisher=W3Schools.com|date=|accessdate=2011-08-10}}
18. ^{{cite web|url=https://www.pcworld.com/article/191356/its_time_to_finally_drop_internet_explorer_6.html|title=It's Time to Finally Drop Internet Explorer 6|author=Bradly, Tony|publisher=PCWorld.com|date=|access-date= 2010-11-09}}
19. ^{{cite web|url=https://www.pcworld.com/article/210797/google_chrome_tops_dirty_dozen_vulnerable_apps_list.html|author=Messmer, Ellen and NetworkWorld|publisher= PCWorld.com |title= Google Chrome Tops 'Dirty Dozen' Vulnerable Apps List|date=2010-11-16|accessdate=2010-11-09}}
20. ^{{cite web |url=https://www.pcworld.com/article/168461/firefox_vulnerability_confirmed.html |title= Firefox 3.5 Vulnerability Confirmed |author=Keizer, Greg |publisher=PCWorld.com |date=2009-07-15 |accessdate=2010-11-09}}
21. ^{{cite web|url=https://www.pcworld.com/article/155854/opera_severe_hole.html |title=Opera Plugs "Severe" Browser Hole |author=Skinner, Carrie-Ann |publisher=PC World.com |date= |accessdate=2010-11-09 |deadurl=yes |archiveurl=https://web.archive.org/web/20090520070700/http://www.pcworld.com/article/155854/opera_plugs_severe_browser_hole.html |archivedate=May 20, 2009 }}
22. ^{{cite web|url=http://www.pcworld.com/article/150204/build_your_own_free_security_suite.html|title=Build Your Own Free Security Suite|author=Larkin, Eric| date=2008-08-26|accessdate=2010-11-09}}
23. ^{{cite web|url=http://www.scsccbkk.org/Use%20a%20Password%20Manager%20for%20Security.pdf|publisher=scsccbkk.org|title= USE A FREE PASSWORD MANAGER}}
24. ^{{cite web|url=https://www.pcworld.com/article/125817/article.html |publisher=PC World.com |title=All-in-one Security |author=Rebbapragada, Narasu |date= |accessdate=2010-11-09 |deadurl=yes |archiveurl=https://web.archive.org/web/20101027173353/http://www.pcworld.com/article/125817/allinone_security.html |archivedate=October 27, 2010 }}
25. ^{{cite web| url=https://www.comodo.com/products/free-products.php|title= Free products for PC security|date= 2015-10-08}}