Security is a major concern for Internet users. The threat to online security is one of the main barriers to electronic transaction via the Internet medium. Types of online security threats included Internet Attacks, Vulnerabilities, Malicious Code, Phishing, Spam, Viruses, Trojan horse, Hacker, Cracker, and Identity and Data Theft.In order to get confidential data or information of a company, hacker will create virus or tools to hack into the company’s computer. Those hackers normally spread out the viruses through e-mail attachment. Viruses can be generally categorized into Trojan horse, worm, spyware and etc. Surfing internet website may also expose the risk attacked by the viruses.
Nowadays, many people surfing internet via Wi-Fi. Wireless devices pass through many different, potentially non-trustworthy networks from which service is derived and data is exchanged. Information can be stolen or altered without the end user's knowledge.
Beside that, simply "refreshing" a browser to re-establish the connection may unintentionally introduce risks. Re-establishing connections and transactions without re-authenticating principals on both sides of the transactions can be dangerous. Requests can be redirected and malicious code stealthily downloaded with expected Web data. Most Web sites are not currently configured to deal with inconstant service failures, as is common with wireless connections.
Below are the online security predictions for 2008:
1. Bots will dominate 2008: The number of computers infected by botnets will increase sharply in 2008. In an effort to become harder to detect, bot-herders are changing their tactics and decentralizing via peer-to-peer architectures. They are increasingly using instant messaging as their main vehicle for spreading botnets.
2. Smarter malware: There are new levels of sophistication in malware. Malware will target virtualized computers, and increasing use of obfuscation techniques to hide in plain sight, including steganography and encryptions, will help criminals conceal their activities.
3. Gamers under fire: Gamers already are a prized target, and stealing their account credentials continues to be a primary objective of online criminals. Gamers historically are more concerned with optimizing their PCs for high performance rather than for tight security. In 2008, virtual assets will equal real world money for Internet criminals.
4. Social networking sites in the crosshairs: Social networking sites will become increasingly popular and, as a result, more vulnerable. The large number of aggregated potential victims and relatively small concern for computer security make these sites a windfall for cyber thieves.
5. Key dates for opportunity: The U.S. presidential election and the 2008 Olympics in Beijing offer high-profile opportunities for destructive attacks and corruption or outright theft of information.
6. Web 2.0 services and sites will come under targeted attacks: While it is relatively easy to implement Web 2.0 services, it can be quite challenging to configure them to be totally secure. Therefore, many Internet sites using these services are easy targets with little outward indication that a site is compromised.
7. Windows Vista at risk: As businesses and consumers buy new computers, Vista's market share will grow. Although it is designed as Microsoft's most secure operating system, 20 vulnerabilities were reported in 2007, according to the National Institute of Standards and Technology. As more people use it, the more attackers will target it.
8. Mobile devices will still be safe: Mobile devices are still safe, despite rumours of mobile malware. Smartphone and other mobile devices will not be a real opportunity for criminals in 2008. Proof-of-concept malware for mobile devices has not yet translated into any meaningful attacks. The only significant mobile vulnerability reported in 2007 was to the Apple iPhone.
Prevention of Online SecuritySeveral approaches can be applied in an attempt to prevent Internet criminal activity, which can categorize as `hard' prevention and `soft' prevention.
(i) ‘Hard’ Prevention
`Hard' prevention, in the sense of intrinsic features within the architecture, protocols and software, that prevents difficult, actions of a criminal nature from being performed. `Hard' prevention is an attractive idea. Unfortunately, it is largely impracticable. This is because most criminal activities are only differentiable from non-criminal ones on the basis of the content or purpose of transmitted data, and hence little scope exists for designing Internet architecture or protocols in order to ensure that the Internet simply cannot be used for criminal purposes.
(ii) ‘Soft’ Prevention - Definition, Awareness and Education
`Soft' prevention, comprising disincentives against criminal activity, and in particular clear definition of criminal offences, public awareness-raising and education, the perceived likelihood of discovery, the perceived likelihood of effective investigation, and the perceived likelihood of successful prosecution.
Awareness of the existence of a criminal offence, and education can only be successful if the message is clear. Hence it is fundamental to the prevention of crime that members of the public understand what the activities is that are proscribed, and where the boundaries lie. Many 'white-collar' crimes (such as ‘insider trading’) suffer in this regard, as do so-called 'computer crimes'. A further need is that the definition of criminal offences, and the punishment meted out to wrongdoer will reflects public opinion.
No comments:
Post a Comment