Introduction
The increased use of the internet today to accomplish various tasks has led to an increase in internet based crime. Criminals have developed a variety of techniques to increase the threats one is exposed to on using the internet. Among the common intrusion detection schemes is a software application known as Snort. The application performs analysis on the data travelling on a network to identify potential threats.
In this generation that has popularized heavy use of the internet for various purposes such as shopping, gaming, education, communication, there is a need to expose the dangers that lurk in this environment (Yang & Shen 2009, p. 1). The internet has become prone to criminal attacks owing to the large numbers of people who rely on this resource. For example cyber crime often occurs in online gaming, also there is the theft of personal information leading to financial losses. These risks have led organizations to put in place various intrusion detection systems to provide some safety in the event of a web based attack (Gomez et al. 2009, p. 515).
When a network system is under attack it relies on an intrusion detection system (IDS) to provide information on network behavior and to provide an analysis of attack methods (Gomez et al. 2009, p. 516). Based on the reports produced by the IDS, system administrators can adjust the system to prevent similar incidents in future. Reports indicate that these web attacks capitalize on operating system weaknesses, applications and protocols and currently account for over 75% of all attack activities (Yang & Shen 2009, p. 1).
One popular IDS is known as SNORT which is a lightweight system developed in 1998 by Marty Roesch (Yang & Shen 2009, p. 3). It is an open source product and has been reported as having good processing ability making it the most popular IDS on an open platform (Gomez et al. 2009, p. 517). This system utilizes signature based detection and maintains a frequently update signature database. In addition to this Snort has a customized rule set language which allows users to customize the signature database. However, for this to take place it will require the user to become familiar with the language.
The system uses PCAP library to capture packets that are being transferred on the LAN (Yang & Shen 2009, p. 3). The data collected includes the captured time, packet length and link time. In addition to this it creates a pointer that can be used to identify each packet for efficient analysis. The software can operate in various modes such as inline mode where it takes on the additional functions of a firewall (Yang & Shen 2009, p. 3). In inline mode some of the additional tasks include packet transfer, packet modification, rejecting and dropping specific packets.
After capturing packets the software transfers them to the preprocessor whose function is to repack and normalize the packets based on the format of the protocol in use. This preprocessor also analyses network traffic to identify unregulated attacks such as denial of service and worms (Yang & Shen 2009, p. 3). The data is then based to the detection engine which forms the core of the IDS. The users can download the signature database from the company website at regular intervals to ensure they are up to date and can handle the most current threats. If the system captures a packet whose signature matches any stored in the database, an alert is sent to prevent any further activity by this packet (Yang & Shen 2009, p. 3).
The other essential component of the system is the audit log fie. This file is updated when the system detects an attack and it contains details of the attack. It is this information that the system administrator can use to prevent similar attacks in future. The system also provides the user with various output modules for users to select under different environments. The software has different versions with varying capabilities (Gomez et al. 2009, p. 517).
Internet Connectivity and Increased Use of Internet
There has been a major increase in internet usage in recent years by people who regularly rely on networks to accomplish their daily routine. It has been reported that the internet has established itself as the most common application in modern society used for a wise variety of day to day activities (Yang & Yen 2010, p. 413). However, due to this rapid development and a lack of proper regulations the internet has become very prone to crime by unscrupulous individuals. This position requires that individuals equip themselves with appropriate security mechanisms to avoid any unfortunate losses.
Other than the popular uses such as entertainment and news the internet is also fast gaining popularity for use in other essential activities. It has been reported that within various groups in the US over 70% use the internet on a regular basis (Valadez & Duran 2007, p. 31). By the year 2002, over 90% of the schools in the US had computers and internet access. This position suggests that the students are likely to use the internet to complete school related work as well as for social interaction. The internet has also made a significant on banking with the introduction of online banking and currently there is widespread use of the resource for banking purposes (Goldfarb & Prince 2008, p. 3). Information contained in reports implies significant increase in use of the internet in recent years with estimates for the average household in the range of 8 hours per week (Goldfarb & Prince 2008, p. 6).
Unfortunately despite the increase in use there is very little information available in the public domain about computer and information security breaches, number of people or organizations affected and the costs associated with these breaches (Hoonakker et al. 2008, p. 1). In addition to this most users know very little about the contributing factors, kinds of deviation from computers and information security rules and possible results of these deviations. Deviations may either suggest an intention to cause harm such as hacking and phishing schemes or be unintentional e.g. use of weak passwords, turning off firewalls etc (Hoonakker et al. 2008, p. 1).
It is possible that the paucity of information about computer crime arises from the differences between computer crime and traditional crime. A typical criminal investigation involves information, instrumentation and interviewing. Information in this case refers to evidence, while instrumentation refers to crime solving technique such as DNA analysis. Interviewing involves the lawful extraction of evidence from individuals with knowledge on the process (Hinduja 2007, p. 9). This position changes significantly in the case of computer crime where information forms the core of the case. It has been reported in computer crime without adequate information even an expert opinion can be rendered irrelevant (Hinduja 2007, p. 9). Based on this it becomes essential that a security mechanism must allow the user to collect as much information as possible within all situations.
As a result of this increased use and a lack of information computer crime continues to become rampant with significant losses being incurred by individuals. For example it has been reported that as many as 800,000 Americans suffer due to identity theft incurring monetary losses to the tune of $5 billion a year (Hoonakker et al. 2008, p. 2). Though 90% of information used in identity theft result from loss of items such as wallets and internet use through spyware and hackers accounted for 5% of the total identity thefts. This position suggests a serious need to combat the associated costs incurred through computer crime. In some reports it has been estimated that the cost incurred in removal of viruses, lost productivity due to system downtime may be in the range of $12 billion (Hoonakker et al. 2008, p. 2). The problem is further compounded due to the fact many organizations fail to report security breaches to avoid negative publicity.
Types of Cyber Crime
Cyber crime can be defined as a criminal act that takes places over the internet typically involving online fraud. These crimes are basically of two types namely, those involving the computer and information stored on the computer and those where the computer is used to facilitate another more traditional crime (Decker 2008, pp. 964). These crimes can be thought of as a natural result of introduction of computers and the internet just like the introduction of cars led to the beginning of crime involving the vehicle.
Hacking is a form of cyber crime that is perpetrated by a hacker. The hacker is often a computer enthusiast who enjoys learning everything about a computer system and pushing the system to great heights using smart programming skills (Decker 2008, pp. 965). Without any ill intent hacking is not necessarily illegal but when this skill is used to acquire information or unauthorized access it becomes a criminal activity. The increased prevalence of hacking could be among the reasons that 25-50% of business activity in the US reported security breaches on their computer networks (Decker 2008, pp. 965). A hacker’s knowledge in the wrong hands can cause increased criminal activity.
A denial of service (DOS) attack is another form of cyber crime. This form of attack is relatively primitive and involves overwhelming the resources of a computer or a server thus denying access to the legitimate clients (Decker 2008, pp. 966). A distributed denial of service attack (DDOS) is a natural progression of DOS and involves the deployment of a destructive program on a third party computer which is then distributed to a large number of users. It is reported that in 2008 these attacks cost businesses in America almost $ 2.9 billion (Decker 2008, pp. 967).
Another very popular cyber crime is known as access device theft or credit card fraud. Though this type of crime is common in the case of credit cards it also includes theft of other sensitive information such as passwords, PIN’s used to activate ATM’s (Decker 2008, pp. 969). Of the existing computer crimes this is perhaps the one most common and easily identified by users.
Also in the list of cyber crimes is the concept of wiretap violations. It is a criminal activity based upon the law in most states to posses, manufacture, sell or assemble any device that is intended for the interception of electronic communication (Decker 2008, pp. 970). Electronic communication in this case refers to any transfer of data in any form over wire, radio, electromagnetic or other media. Auction fraud is also a cyber crime that is fast gaining popularity due to the increased amount of business on sites such as e Bay. It has been reported that these crimes accounted for two thirds of the 97,000 complaints in 2005 (Decker 2008, pp. 972). Apparently these fraud related cyber crimes are on the rise and statistics indicate that the total amount of loss almost tripled between 2004 and 2005 (Decker 2008, pp. 972).
Spam is also considered a cyber crime though its outcome is less likely to result in financial loss but criminal nonetheless. This refers to unsolicited bulk electronic mail usually with commercial nature (Decker 2008, pp. 972). Most spam is received from bulk mail mailing lists and offer cheap products, gambling offers, etc. It is reported that with 140 million regular email users in America spam accounts for over half the total amount of email traffic (Decker 2008, pp. 973).
Phishing is also a cyber crime and is fast gaining popularity. This crime involves the use of trusted resources such as known web sites to deceive the user into disclosing personal information (Decker 2008, pp. 974). This form of cyber crime is often used in conjunction with spam to lead the user to the intended website. Once this personal information is collected the criminal will often steal from the user accounts.
Conclusion
In this report the discussion presented has provided some information on internet security software and some related issues. It has been observed that as more people resort to the internet the number of web attacks is also expected to increase. It is unfortunate that despite this trend many users have little information about web attacks. As a result many individuals incur losses to unscrupulous individuals on the internet.
In providing solutions to web attacks some developers have created software solutions such as Snort. This software application monitors the data being transmitted on the web to identify potential threats. However it was also established that internet threats manifest in many different forms and hence it appears there is a need to develop security for different user groups. For example, spam filter’s in use by some sites is an effective security measure for users who utilize the web for communication. However for an organization transmitting orders and others sensitive information a more appropriate solution appears to be surveillance software such as Snort.
Evaluation
I selected the topic of network security due to the increased impact the internet in daily life activities. As has been mentioned in the course of the report on the topic a large number of institutions already provide computers and internet access to students in school. Owing to this position a large number of institutions have resorted to using this resource to accomplish learning outcomes. Already a number of assignments and course work require students to perform research on the internet and use resources on the internet to complete tasks. My motivation for research on the topic is in part due to the role of the internet in my life.
Another reason for choosing this assignment is due to the nature of tasks currently beginning to take pace on the internet. As mentioned in the report, a large number of individuals have started to use the internet for services such as banking and bill payment. It is common practice in such environments to submit credit card and other sensitive financial information to accomplish such transactions. These transactions involving money probably pose a major incentive for criminals. It is for this reason I felt it was necessary to discover what is available in internet based security that can ensure the safety of individuals.
In the course of completing this task I enjoyed the process of learning through accessing various research materials. For example, due to the fact that most of my internet use revolves around communication and entertainment I was yet to realize the potential threat of spam. I regularly receive a lot of spam in my email and from time to time by virtue of the exciting offers open these messages. I just came to realize that these messages may in fact have been sent by individuals interested in phishing. As mentioned in the report phishing is a crime that involves the use of a false website to collect personal information about the user. The information I discovered through research has taught me to stay clear of all unsolicited mail.
In addition to this I also enjoyed the fact that this task gave me an opportunity to explore the issue of security in detail. This exploration led me to clearly understand various threats that internet users are exposed to. Other than threats the research helped me to identify various solutions to these threats. Prior to this research I had often failed to see the importance of software such as firewalls and malware. I often found the messages by the malware software irritating and switched off or uninstalled such applications. However, I can now see their importance in the blocking of potential threats that could lead to denial of service. I was under the impression that threats such as viruses were mostly downloaded or received when browsing unsafe web sites.
One aspect that was difficult in completing this task was identifying and objectively constructing a report from various sources. In the course of research it was noted that different research papers discuss the content in varied ways. However, despite the different contexts they utilize facts from studies and other sources to support their arguments. The collection of the information while keeping the discussion within the right context was especially difficult. For example, some research papers provided information on Snort for the purposes of proposing a modified approach.
References
Decker, C 2008,”Cyber crime 2.0: An argument to update the United States criminal code to reflect the changing nature of cyber crime”, Southern California Law Review, 81, pp. 959-1016.
Goldfarb, A & Prince, J 2008, “Internet adoption and usage standards are different: Implications for the digital divide”, Information Economics and Policy, 20, pp. 2-15.
Gomez, J, Gil, C, Padilla, N, Banos, R & Jimenez, C 2009, “Design of a SNORT based intrusion detection system”, Lecture Notes in Computer Science, 55, pp. 515-522.
Hinduja, S 2007, “Computer crime investigations in the United States: Leveraging knowledge from the past to address the future”, International Journal of Cyber Criminology, 1, pp. 1-26.
Hoonakker, P, Carayon, P, Deb, J, El Desoki, R & Veeramani, R 2008, “The use of focus groups to examine human factors in computers and information security”, Human Factors in Organizational Design and Management, 9, pp. 1-6.
Valadez, JR & Duran, R 2007, “Redefining the digital divide: Beyond access to computers and the internet”, The High School Journal, pp. 31-44.
Yang, C & Shen, C2009, “Implement web attack detection engine with SNORT by using modsecurity core rules”, in proceedings of The E-learning and Information Technology Symposium, Taiwan, pp. 1-6.
Yang, C & Yen, P 2010, “Fast deployment of computer forensics with USB’s”, IEEE Computer Society, 106, pp. 413-413.