Internet Security Issues
Luxembourg Business -
<*dv_0*>Security on the Internet is undoubtedly the primary concern of corporate strategists. No organization should allow unauthorized access to its network and/or systems via an open network, including the Internet. However, many do.
Where does security start? At the strategic planning stage. An Internet connection is not a solution, it is merely a tool or communications means by which to achieve a specific goal in providing a solution to an identified problem.
Some organizations plan an Internet Strategy, others develop a Strategic Plan which can incorporate business objectives and a marketing strategy. Whichever way your organization develops such plans is not the issue: the issue is that without any such plan, an Internet connection will enable unauthorized access and intrusion without careful planning.
Understanding of all the technical considerations is not required by strategists, just awareness and understanding of the potential hazards. In-house technicians and external consultants can together address the issues and come up with a security plan. This plan may not necessarily provide a one-stop solution, but one which is modular in design and offers increasing functionality in step with project goals. It is important to note that Internet-related plans need to incorporate a certain amount of flexibility as the technology is moving at a rapid pace.
The main issues concerning Internet Security are as follows:
- Confidentiality (data protection);
- <*dv_2*>Authentication (determine identity of sender and receiver);
- <*dv_1*>Integrity (no alteration of data);
- Non-repudiation (neither party can deny transaction).
Security modules in Internet Banking solutions (see Luxembourg Business, May 1998) require the latest technology and integration to ensure both the organization and client trust the security system engaged.
Confidentiality is usually achieved by public and private key systems, based on the concept of two separate keys (strings of data bits). The longer the key, the harder it is to break the code. The public key can only be used to encrypt data. The private key is required to decrypt the resultant encrypted data and is kept secret, while the public key is not. Confidentiality is assured.
Other security projects involve the integration of Firewall solutions, often with anti-virus modules incorporated. The term Firewall can refer to hardware or software: in fact it is both - a software product which requires a dedicated machine with multiple network cards. Firewalls can be configured to restrict both internal and outgoing traffic, classifying by time, tools (WWW, e-mail), file attachments, etc. Determining and configuring the business rules are the most important aspects of operating a Firewall.
Diligence is required in maintaining the integrity of security solutions: it can be easy to connect a modem to a network workstation and communicate with the outside world, therefore bypassing the firewall. However, this innocent connection to the public network also opens a back door for unauthorized intrusion! Once a system is operational does not necessarily mean that regular maintenance and security reviews can be discarded and reduced.
One saying goes like this: IT loves standards, that is why there are so many! Lets hope that the standards which converge on the global Internet and its security solutions are robust, enabling organizations and individuals to benefit from the Information Society.
This article first appeared in the October 1999 issue of Luxembourg Business. It is the Copyright (1999) of International City Magazines (ICM S.a.r.l.) and we use it with their kind permission.
