Internet Security
by: Mark Brooks Before being able to choose a secure Internet communication system, youneed to understand the threats to your security. Since the beginning of the Internet there has been a naive assumptionon the part of most email users that the only people who are readingtheir email are the people they are sending it to. After all,with billions of emails and gigabytes of data moving over the Internetevery day, who would be able to find their single email in such a floodof data? Wake-up and smell the coffee! Our entire economy is nowinformation based, and the majority of that mission criticalinformation is now flowing through the Internet in some form, fromemails and email attachments, to corporate FTP transmissions andinstant messages. Human beings, especially those strange creatures with a criminal mind,look for every possible advantage in a dog eat dog world, even if thatadvantage includes prying into other peoples' mail or even assumingyour identity. The privacy of your Internet communications hasnow become the front line in a struggle for the soul of the Internet. The New Generation Packet Sniffers: At the beginning of 2001, most computer security professionals began tobecome aware of an alarming new threat to Internet security, theproliferation of cheap, easy to use packet sniffer software. Anyone with this new software, a high school education, andnetwork access can easily eavesdrop on email messages and FTPtransmissions. Software packages such as Caspa 3.0 or PassDetect - Ace PasswordSniffer automate the task of eavesdropping to the point were if yousend an email messages over the Internet with the phrase ""CreditCard"", it's almost a certainty that someone, somewhere will captureit, attachments and all. (Caspa 3.0 - from ColaSoft Corporation, located in Chengdu, Chinahttp://www.colasoft.com ,PassDetect - a product whose advertisedpurpose is to sniff passwords sent in email, over HTTP, or over FTPfrom EffeTech Corporation, http://www.effetech.com ) A good example of this new class of software is called MSNSniffer, also from Effetech, and it highlights the ""party line""openness of today's LAN and Internet environments. Just like oldtelephone party lines, MSN sniffer lets you listen-in on other people'sconversations, just like picking up another phone on a party line. On their web site, Effetech advertises MSN Sniffer as: ""a handy network utility to capture MSN chat on a network. It recordsMSN conversations automatically. All intercepted messages can besaved as HTML files for later processing and analyzing. It isvery easy to make it to work. Just run the MSN Sniffer on anycomputer on your network, and start to capture. It will recordany conversation from any PC on the network."" Just as the Internet has been flooded by a deluge of spam messagesafter the introduction of cheap, easy-to-use spam generation software,the same effect is now taking place with sniffer software. Themajor difference is that, unlike spam, Internet eavesdropping istotally invisible, and ten times as deadly. How much of theidentity theft being reported today is a direct result of Interneteavesdropping? Its hard to tell, but with the every growingdependency by individuals and corporations on Internet communications,opportunities to ""capture"" your sensitive data abound. Most FTP transmission are unencrypted! As of November 2003, the majority of corporate FTP transmissions arestill unencrypted (unencrypted is geek speak for ""in the clear"") and almost all email communications take place ""in theclear"". Many email and FTP transmissions travel over 30 or more""hops"" to make its way from the sender and receiver. Each oneof these hops is a separate network, often owned by a differentInternet Service Provider (ISP). Any Idiot in the Middle Even a well run corporation must still primarily rely on trusting itsemployees, contractors and suppliers to respect the privacy of the dataflowing over its networks. With the new sniffer technology, allit takes is one ""idiot in the middle"", and your security iscompromised. It could be the admin assistant sitting in the cubicalnext to you, or a network assistant working for one of the many ISPsyour data will travel over, but somewhere, someone is listening. Maybe all he is looking for is his next stock trading idea, or maybe hewants to take over your eBay account so he can sell a nonexistentlaptop to some unsuspecting ""sucker"" using your good name. its allhappening right now, at some of the most respected companies in theworld. Access to your network doesn't have to come from a malicious or curiousemployee-many Internet worms, Trojans and viruses are designed to openup security holes on a PC so that other software can beinstalled. Once a hacker has access to one computer in yournetwork, or one computer on your ISP's network, he can then use asniffer to analyze all the traffic on the network. So I'll password-protect my files, right? You're getting warmer, but this still isn't going to do thetrick. It's a good way to stop packet sniffers from searching forkey words in a file, but unfortunately it is not as secure as you mightthink. If you ever forget a Zip, Word or Excelpassword, don't worry, just download the password tool from Last BitSoftware www.PasswordTools.com, it works very well. There aremany other packages out on the Internet but Last Bit's tool is the mostrobust and easy to use, if a bit slower that some others. So what can I do about it? OK, so now that you understand the threat, what can you do about it? Stop using the Internet? - More than a few professionals are returningto phone calls and faxes for all their important communications. Complain to your IT department? - If you have an ITdepartment in your company this is a good place to start. But didthe spam mail stop when you complained about it to your LANadministrator? Unfortunately he is almost as helpless as you are. Encrypt your communications with PKI, etc. - For email thisis a bit drastic, and can be very expensive, especially since you willneed to install a key on each PC and coordinate this with the receiversof your email messages, your IT organization, etc. Use FileCourier - This is by far the easiest and most cost effectiveway to protect your email attachments, or replace FTPtransmissions. It takes out the ""idiot in the middle"" with avery clever solution. The FileCourier approach to Security I believe that FileCourier is the easiest out-of-the box securecommunication system available. FileCourier approaches Internet data transfer security in a unique way.Until FileCourier was first released in December of 2002, all secureemail and file transmission systems relied on encrypting the dataduring the tried and true method of ""upload, store, andforward"". When you send an email, it and any documents attachedto it are first transmitted to one or more intermediate servers. These mail server store the documents and then attempt to forward it tothe receivers email server. To secure the transmission of the emailrequires either the servers to use extra encryption softwaretechnology, or forces the individual sender and receivers to installencryption software and their associated keys, or both. Notonly is this a costly and time consuming exercise but it also oftenfails to protect the data over the complete path of thetransmission. What do you do if the receiver is in anothercompany and doesn't have any encryption software installed? Whatif his company is using a difference encryption standard? Ignoring the complexity of existing secure email and FTP systems theirbiggest failings continue to be the ""idiot in the middle"". Froma nosey email or FTP server administrator, to a hungry co-worker, to anincompetent who lets a hacker have free reign of their server, if yoursensitive documents are stored on a server maintained by someone elsethen that person, or his company, can view your documents. The FileCourier approach is creative, yet simple. FileCourierutilizes existing email and instant messaging systems in the same wayyou use an envelope to send a letter thru the US postal service, as awrapper for the real content. We assume that EVERYONE can readwhat is in the email, so we don't send your documents in the email atall. In fact your documents never leave your PC, until thereceiver of the email requests it. How it works: FileCourier lets you ticket the file you want to email, and theninstead of sending the file in the email, sends a ""FileTicket""instead. The file is only transmitted to the receiver ofthe email when he opens the FileTicket and is ""authenticated"". After the receiver is authenticated the file is transmitted through anSSL (secure socket layer) tunnel directly from the sender's PC to thereceiver's PC through our secure relay servers. SSL is the samesecurity used by banks and is impossible for packet sniffers topenetrate. With FileCourier each packet is encrypted using a 1024bit key and is delivered to your receiver through his browser. FileCourier lets your communications go un-detected by any sniffer, andremoves the ""idiot in the middle"" threat by never storing the data onan intermediate server. More over, FileCourier is the easiest wayto secure your sensitive data transmission in both an Internet andcorporate LAN environment. Take Action Now! Internet communications security is one of the most important privacyissues we face today. It might feel a bit paranoid for alaw-abiding citizen to encrypt his email communications and computerdocument transmissions, but would you send a customers contract thrunormal mail without an envelope? How would you feel if youremployer sent your next pay stub to you on the back of apostcard? Use FileCourier, just like you would use a envelope forregular mail. Download the no obligation free trial today atwww.filecourier.com and send 50MB of data securely forfree! About The Author Mark Brooks is a software architect, internet entrepreneur and founderof CanDo Networks Corporation. CanDo Networks Corporationmakes easy-to-use software for communicating large amounts of datasecurely and privately over the Internet. Its flagshipproduct, FileCourier (www.filecourier.com),is used by thousands of legal, medical, and computer professionals tosecurely deliver files over the internet, to anyone, anywhere mark@candonet.com Home > Internet Articles > Internet Security
|
