 | This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Internet security" – news ·newspapers ·books ·scholar ·JSTOR(April 2009) (Learn how and when to remove this message) |
Internet security is a branch ofcomputer security focused on theInternet. It includesbrowser security,web application security, andnetwork security as it applies to otherapplications oroperating systems as a whole. Its objective is to establish rules and measures to improveInternet safety andInternet privacy, including to protect againstcyberattacks andcybercrime. The Internet is an inherentlyinsecure channel for information exchange, with risk ofintrusion andInternet fraud, includingphishing,[1]viruses,trojans,ransomware andworms.
Manycountermeasures are used to combat Internet security threats andweb threats, includingencryption and ground-up engineering.[2]
Malicious software comes in many forms, such asviruses,Trojan horses,spyware, and worms.
Adenial-of-service attack (DoS) or distributed denial-of-service attack (DDoS) is an attempt to make a computer resource unavailable to its intended users. It works by making so many service requests at once that the system is overwhelmed and becomes unable to process any of them. DoS may targetcloud computing systems.[3] According to business participants in an international security survey, 25% of respondents experienced a DoS attack in 2007 and another 16.8% in 2010.[citation needed] DoS attacks often use bots (or a botnet) to carry out the attack.
Phishing targets online users in an attempt to extract sensitive information such as passwords and financial information.[4] Phishing occurs when the attacker pretends to be a trustworthy entity, either via email or a web page. Victims are directed to web pages that appear to be legitimate, but instead route information to the attackers. Tactics such asemail spoofing attempt to make emails appear to be from legitimate senders, or long complexURLs hide the actual website.[5][6] Insurance groupRSA claimed that phishing accounted for worldwide losses of $10.8 billion in 2016.[7] Attackers may useAI to create more convincing phishing attacks, such asdeepfakes with audio or video that seem to be real messages from a trusted person but are actually fake.[8]
A man-in-the-middle (MITM) attack is a type of cyber attack. Cybercriminals can intercept data sent between people to steal, eavesdrop or modify data for certain malicious purposes, such as extorting money andidentity theft. Public WiFi is often insecure because monitoring or intercepting Web traffic is unknown.[9]
Applications used to access Internet resources may contain security vulnerabilities such asmemory safety bugs or flawed authentication checks. Such bugs can give network attackers full control over the computer.[10][11]
| Internet security protocols |
|---|
| Key management |
| Application layer |
| Domain Name System |
| Internet Layer |
TCP/IP protocols may be secured withcryptographic methods andsecurity protocols. These protocols includeSecure Sockets Layer (SSL), succeeded byTransport Layer Security (TLS) forweb traffic,Pretty Good Privacy (PGP) for email, andIPsec for network layer security.[12]
Threat modeling tools help people to proactively analyze the cyber security posture of a system or system of systems and in that way prevent security threats.
Multi-factor authentication (MFA) is anaccess control method in which auser is granted access only after successfully presenting separate pieces of evidence to anauthentication mechanism – two or more from the following categories: knowledge (something they know), possession (something they have), and inference (something they are).[13][14] Internet resources, such as websites and email, may be secured using this technique.
Some online sites offer customers the ability to use a six-digit code which randomly changes every 30–60 seconds on a physicalsecurity token. The token has built-in computations and manipulates numbers based on the current time. This means that every thirty seconds only a certain array of numbers validate access. The website is made aware of that device's serial number and knows the computation and correct time to verify the number. After 30–60 seconds the device presents a new random six-digit number to log into the website.[15]
Email messages are composed, delivered, and stored in a multiple step process, which starts with the message's composition. When a message is sent, it is transformed into a standard format according to RFC 2822.[16] Using a network connection, the mail client sends the sender's identity, the recipient list and the message content to the server. Once the server receives this information, it forwards the message to the recipients.
Pretty Good Privacy provides confidentiality by encrypting messages to be transmitted or data files to be stored using an encryption algorithm such asTriple DES orCAST-128. Email messages can be protected by using cryptography in various ways, such as the following:
The first two methods, message signing and message body encryption, are often used together; however, encrypting the transmissions between mail servers is typically used only when two organizations want to protect emails regularly sent between them. For example, the organizations could establish avirtual private network (VPN) to encrypt communications between their mail servers.[17] Unlike methods that only encrypt a message body, a VPN can encrypt all communication over the connection, including email header information such as senders, recipients, and subjects. However, a VPN does not provide a message signing mechanism, nor can it provide protection for email messages along the entire route from sender to recipient.
AMessage authentication code (MAC) is a cryptography method that uses asecret key to digitally sign a message. This method outputs a MAC value that can be decrypted by the receiver, using the same secret key used by the sender. The Message Authentication Code protects both a message'sdata integrity as well as itsauthenticity.[18]
Acomputer firewall controls access to a single computer. A network firewall controls access to an entire network. A firewall is a security device — computer hardware or software — that filters traffic and blocks outsiders. It generally consists of gateways and filters. Firewalls can also screen network traffic and block traffic deemed unauthorized.
Firewalls restrict incoming and outgoingnetwork packets. Only authorized traffic is allowed to pass through it. Firewalls create checkpoints between networks and computers. Firewalls can block traffic based on IP source and TCP port number. They can also serve as the platform for IPsec. Using tunnel mode, firewalls can implement VPNs. Firewalls can also limit network exposure by hiding the internal network from the public Internet.
A packet filter processes network traffic on a packet-by-packet basis. Its main job is to filter traffic from a remote IP host, so a router is needed to connect the internal network to the Internet. The router is known as ascreening router, which screens packets leaving and entering the network.
In astateful firewall thecircuit-level gateway is aproxy server that operates at the network level of anOpen Systems Interconnect (OSI) model and statically defines what traffic will be allowed. Circuit proxies forwardnetwork packets (formatted data) containing a given port number, if theport is permitted by thealgorithm. The main advantage of a proxy server is its ability to provideNetwork Address Translation (NAT), which can hide the user's IP address from the Internet, effectively protecting internal information from the outside.
Anapplication-level firewall is a third-generation firewall where aproxy server operates at the very top of the OSI model, theIP suite application level. A network packet is forwarded only if a connection is established using a known protocol. Application-level gateways are notable for analyzing entire messages rather than individual packets.
Web browser market share predicts the share of hacker attacks. For example,Internet Explorer 6, which used to lead the market,[19] was heavily attacked.[20]
As cyberthreats become more complex, user education is essential for improving internet security. Important areas of attention consist of:
Antivirus software can protect a programmable device by detecting and eliminatingmalware.[21] A variety of techniques are used, such as signature-based, heuristics,rootkit, and real-time.
Apassword manager is a software application that creates, stores and provides passwords to applications. Password managers encrypt passwords. The user only needs to remember a single master password to access the store.[22]
Security suites were first offered for sale in 2003 (McAfee) and containfirewalls,anti-virus,anti-spyware and other components.[23] They also offer theft protection, portable storage device safety check, private Internet browsing, cloudanti-spam, a file shredder or make security-related decisions (answering popup windows) and several were free of charge.[24]
