24.4 SECURITY ISSUES ON THE INTERNET

24.4 SECURITY ISSUES ON THE INTERNET

Information is power. Nowdays, all organizations keep their information on computers, and these computers are networked. To ensure that unauthorized persons do not have access to this information and that the information is not manipulated or erased is of paramount importance. In addition, the virus menace is creating havoc—an innocent-looking program or e-mail can damage the information of a corporation. To provide information security is crucial for the survival of an organization. In this section, we will discuss the various issues involved in providing security.

To provide security, authentication and encryption are the two most important measures. Authentication is a process to verify the genuineness of the user of the application through a username and a password. Encryption of data involves modifying the bit stream using an algorithm and an encryption key. For decoding the data, the receiver should know the encryption key.

To provide security, the two measures taken are authentication and encryption. Authentication is a mechanism used to verify the genuineness of the user of the application. Authentication is done through a username and password. Encryption is a mechanism in which the data is modified using a predefined bit stream known as an encryption key; the data can be decoded at the destination only if the encryption key is known at the receiving end. For security, each ISP installs a server for authentication purposes. The RADIUS server is the standard way of providing security by ISPs.

24.4.1 RADIUS Server

Remote Authentication Dial In User Service (RADIUS) is now widely used by all ISPs to provide:

• Authentication: to determine who the user is.

• Authorization: to determine what services the user is permitted to access

• Accounting: to track the type of services and duration of the services accessed by the user for billing purposes.

The RADIUS server has a database engine that stores all the information related to users and usage statistics. When a user tries to connect to the network via the network access server (NAS), an access request is sent to the RADIUS server by the NAS. The RADIUS server queries the authentication database and checks whether the user is permitted to access the network and, if so, what types of services are permitted. This information is given to the NAS. NAS also sends an accounting message to the RADIUS server at the beginning of the session and at the end of the session. The RADIUS server keeps a log file for accounting purposes.

Remote Authentication Dial In User Service (RADIUS) is widely used by Internet service providers to provide authentication, authorization, and accounting services.

24.4.2 Firewalls

A firewall can be a separate server or it can be built into the NAS as software. A firewall restricts access to a specific service. For instance, a simple firewall can be a URL filter. URLs related to a specific topic (say, pornography) can be filtered out so that if a user gives a URL that is on the forbidden list, access to that URL is denied by the firewall. However, note that it is difficult to implement such filters because new URLs keep coming up daily on the Internet. Similarly, an ISP can disallow Internet telephony by filtering the URLs that provide voice communication service over the Internet.

One can develop a packet filter that analyzes the packets from the users and checks the destination IP address. Based on the destination IP address, the packet can be filtered out (not transmitted further). Similarly, packets coming from servers also can be filtered out.

A firewall is used to restrict the use of some services. Firewalls can be implemented on dedicated servers, or they can be implemented on an existing server. A firewall can filter e-mails or restrict access to specific URLs such as adult sites.