Internet Security Breaches

The world has been undergoing persistent transformation which well-nigh grant been attributed to the ever-changing developments in science and technology. In particular, entropy and communication technology is unrivalled of the most celebrated developments. Indeed, information technology has changed the lives of people across the globe. Information technology has reduced the world to a global crossroads by fostering advanced communicationforms. However, with the advancements in information technology, especially the network, in auspices issues have emerged.In guarantor issues have, in turn, sparked outlying(prenominal) r all(prenominal)ing implications to the phthisisrs. The most rampant gage breaches that have been evidenced within the last six months include cyber hector, engagement ravishment, cyber fraud, virus launching and info breaches. Cyber Fraud Cyber fraud net be defined as the use of softw ar or profit serve to defraud victims or taking advantage of them . This includes stealth information that is considered somebodyal, in what pee-pees identity theft. One of the most common forms of internet fraud entails distributing rogue security packet.Internet technology has created the allowance for criminals to carry out dishonest transactions, as sound as transmit the restoration of the frauds to different institutions. Cyber frauds occur in message boards, websites, emails and even chat rooms (Messner, 2012). Purchase fraud is an practice session of cyber fraud and occurs when a perpetrator proposes a business transaction to a merchant, only to use fraudulent mechanisms, much(prenominal) as a fake or stolen credit card, to pay for it. The eventuality is that the merchant does not receive the payment and may even be charged back for accepting credit cards.Another fount of fraud is whereby theperpetrators post information about goods that they intend to sell. Interested buyers ar asked to make payments for the purchase and bring ing of the goods. However, it later turns out that the goods were non-existent and they had only been conned. The third example of cyber fraud is phishing, which is the act of masquerading as a person that wad be trusted, such as bank agents or consultants, to acquire information that is sensitive, such as details of credit cards and passwords, among other details that victims may be convinced to sh are.Subsequently, the information supported is apply for fraudulent transactions. It is argued that cyber frauds makeheadlines each day. In October 2012, Barners & Noble Inc. made announcements that several PIN keypads had been hacked in as umteen as its 63 outlets, leaking the card information and PIN numbers of its customers. Easy Solution is one of the companies with evolving techniques of hold cyber frauds. The lodge claims to be the only one that is well fixed to curb discordant forms of electronic fraud, clouds and premises.The connection has introduced an updated version of the get a line Monitoring Services, which entails timely fraud protection, enhanced observe capabilities and enhanced fraud protection. Detect Monitoring Service software effectively monitors the behaviors and patterns associated with phishing scams. Thus, it stops the threats before they cause damage. The software comprises of a relatively simple interface that can effectively function for all forms of clouds and even premises. It is argued that of over 800, 000 phishing attacks, the service enabled the union to detect as many as 76% on timely basis, exhibiting 3.6 hours of average deactivation time. Online transactions services have been particularly affected by cyber frauds.More often than not, customers often get cautious when asked to produce personal information. Online transaction service providers have only resorted to instilling confidence in the customers as a way of encouraging them. This entails displaying policies, security badges and trust certificates, as wel l as the contact information. Online retailers should highlight security around the websites secured areas to assure customers that their confidential information is safe.This should be done, regardless of whether some browsers have security indicators create in them. Some online retailing companies, such as Amazon, display this through the use of the sign-in button. Others opt to use padlock symbols that are located in the sign-in areas. This is advisable, even when it is not needed by the customers. Online retailing companies are advised to give alternative contact options. Indeed, some companies are offering customer care take over by using call backs, e-mails, and chats to enable users report suspicious activities.Data breachesData breaches includeall those cyber activities characterized by unauthorized ingress, use and divine revelation of individuals or organization information over or from the internet. Malicious attacks are considered to constitute the most dearly-won e ntropy breach, yet they are increasing. Malicious attacks account for as significant as 40% of the data breaches where negligence account for about 32% (In Defense of Data, 2013)Computer software companies, healthcare records and companies have been the most targeted and have accounted for as significant as 93% of the global data breaches (In Defense of Data, 2013). intercommunicate security is a necessary for every attach to. A companys entanglement cannot be said to be effective if it consists of security lapses. Threats to companys cyberspace can be considered as a subject of unhomogeneous activities. However, precedent employees who leave the company due to downsizing can be considered as a significant threat. Other activities such as a daily courier dropping packages at the companys premises, employees travelling on company business to other cities, or building heed company installing a fire fire extinguisher system in companys premises are not a serious threat.It can be argued that individuals with the potential of hacking, sabotaging and damaging systems are those with familiarity to nature and form of network system. Therefore, an employee that left the company has the faculty of hacking the companys network since they are familiar about the loopholes in the companys network system. What increases the possibility of hacking is,if the employees left the company due to retrenchment, the attempts of network hacking could be fueled by the whims of revenge.It is argued that all former employees that worked in the company, accessing sensitive data bases and financial documents pose a threat to the companys security. The item that information technology does not respond to the altering of access points act as a provide factor. Therefore, a person with information about the companys network system has the potential of cause more harm than a hacker. According to the 2005 CERT survey, a significant number of former employees are increasingly utilizing the opportunity.The survey indicates that about 59% of the security intrusion is done by former companys contractors48% of those involved in hacking had been sacked38% had left the company due to downsizing speckle 7% had been retrenched. The survey also notes that former IT professionals are particularly a significant threat to data security(Hazelden Foundation, 2012). Data breaches caused by negligence could be resolved by heading the factors associated with negligence. On the other hand, data breaches caused by malicious software could be prevented by using appropriate network intrusion, detection techniques and anti-spyware software.Technological mechanisms would include modify and altering passwords for security purposes. Network intrusion/ Hacking Network intrusion or hacking refers to the unauthorized entry into a network, often characterized by malicious ambition of intercepting information from the network or website. The information can be used for other criminal activ ities such as fraud or espionage. Telvent Company hacking is considered as one of the recent hacking events that occurred in September 2012.The company has learned that its firewall and security systems have been compromised by the attackers who installed malicious software that enabled them steal project files. Telvent, a company whose services and software are applied in monitor energy industry reported that it has been hacked which affected its operation in linked States, Spain and Canada. The incident was blamed on Chinese hacking groups opposed to Western interests (Thiel, 2012). Lately, US officials have blamed Russia and China for staging intrusion attacks against United States for espionage, economic gains and other selfish motives.In November 2012, Leon Panetta, the US Secretary of Defense, had warned that United States was about to experience a cyber-attack comparable to Pearl Harbor, blaming hacking incidents that had been linked to the Middle East and United States Oil producers (Messner, 2012). The technological intervention to network intrusion is the development of Intrusion Detection Systems (IDSs). IDSs refer to practise of device or software that aims at monitoring either networks or activities of systems against activities that are either malicious or that violate policies in place.Types of IDSs include Network Intrusion Detection Systems (NIDSs) and Hot-based Intrusion Detection System (HIDS). Network Intrusion Detection System is considered as one of the most popular approaches. Network Intrusion Detection System refers to a system that is knowing to detect activities that are considered malicious such as service denial attacks, port scans, as well as cracking into computers via Network Security Monitoring. NID senses the packets coming through the network and scans them in order to discover patterns that are suspected to be malicious.Such patterns can be referred to as rules or signatures. Not only NIDSis express to scanning of the network commerce that jazzs into the system but, one can also find a bent of important information concerning network intrusion from both local traffic and outgoing networks. More so, through NIDS, it is possible to stage attacks from the inside the network under monitoring and even a segment of the network. In this regard, such attacks are not in any way considered as incoming traffic. Usually, other various systems are incorporated to function with NIDS.The other network systems could, for instance, deal with updating the blacklists of firewalls using IP address of the computers under the use of real or suspected network crackers. NIDS consist of documentation (DISA) that utilizes NID as a terminology with a target of distinguishing IDS that are internal from external. Just like any other IDS, NIDS comprises sensors and management console as its essential components. While management console deals with management and reporting, sensors deal with monitoring of networks. NIDS sen ses network intrusions through examination of network traffic.The system has the capability of monitoring multiple hosts. Usually, the access to the network traffic is gained through connection to a hub of networks, port-mirroring configured networks or even through the network taps. The NIDS sensors are fit(p) at checkpoints of networks under monitoring. This are more often than not located in demilitarized areas or at the boarders of the network so as to increase effectiveness. All the network traffic is captured by the sensors before each of the packets contents are eventually analyzed for malicious network traffic.There are various examples of NIDS such as commercial products (such as ISS Realsecure, NFR Network Intrusion Detection System, Sourcefire and Computer Associates e Trust IDS) and freeware products (such as Ethereal, tinkers dam and Tcpdump). Snort is the most common of all. NIDS should be considered as the most appropriate for organization securitybecause it ensures the greatest shock on the security of the network, takes shorter time to deploy compared to HIDS, yet it is relatively cheaper.Additionally, as long as it is placed on the outside of firewall or demilitarized zones to ensure for effectiveness, NIDS is capable of monitoring all forms of internet traffic and relays flying feedback on the nature of network security. NIDS is very important to the general internet security. But particularly concerning the network security, NIDS is farther important to organizations in the spare-time activity ways first, NIDS has the capability of detecting attacks that HIDS cannot, for instance, fort scan and denial-of-service.Second, NIDS rapidly detects and alerts on incidents of intrusion to avert maximum damage. This is particularly suited t o the demilitarized zones, considering the fact that internet providers usually situated at the zones are major computer attack targets. Third, NIDS is capable of reporting lucky as well as unsuccessful atta cks which is particularly essential as it offers a chance to split understand the network and hence, a key to network security enhancement. Fourth, NIDS equips organizations with knowledge regarding the environment of their network.Fifth, but for application of NIDS, it is difficult to identify network hacking. Lastly, NIDS is very important for organizations forensic evidence tool (Thiel, 2007). In this regard, it is not easy to tamper with the evidence unless the aggressors interfered with IDS. Launching worms Launching worms is a cybercrime that involves development of worms, also referred to as viruses, wherefore releasing them on the internet domains. The worms slow down the internet connectivity or infect computers to stop them from function effectively.In 2000, FBI suspected incidents of cybercrimes being committed by the Russian citizens namely Alexey Ivanov and VasiliyGorshkov. It sought to track the suspected cyber criminals, luring them to come to United States with a ruse of a job promise (Quinlan, 2012). Activities of concocting worms and launching them on the internet are illegal in some parts of the world. As such, a person found to engage in cybercrime activities that spreads worms is likely to be prosecuted in various courts of countries affected by the worms. In some cases, the prosecution can be consecutive.However, in practice, few countries are in the position of claiming jurisdictions partly because some assume other countries would have incurred serious damages to consider it a priority to prosecute. These reflect how tricky dealing with cybercrimes across the borders is. Certain actions that are done on the internet may be legal in countries where they are initiated, but illegal in other countries that have access to the internet content. There are various recent incidents that entail virus launching. In October 2012, reports were made that FBI was to shut down a DNS as a way of containing viruses.Users were required to check their c omputers for virus and clean them before they could be allowed to access. These steps had been taken following the launching of the internet infestation by the DNS changer virus. The virus had cost the world billions of dollars (Quinlan, 2012). There are various technological approaches to worm problems. The most common approach is through installing anti-virus software. The antivirus software could be installed remotely on the computers, creating the allowance for all the information that streams in to be scanned for viruses.Malicious files and viruses are either occlude or repaired. Anti-virus could also be installed on the internet to scan the information that is sent over it. Websites, such as Google, are now offering such services. There are various antivirus software products on the market, including Avira, Norton and Kaspersky, which are effective in detecting and blocking malware (Nnap, 2011). Cyber deterrence Cyber blustery has been cited as one of the areas that constitu te internet security breaches. It entails transferring of abusesor information aimed at intimidating other people.Cyber bullying has turned out as the newest platform for which the people, especially the youth, are increasingly abusing each other. The more concerning issue is that there are shortly no new appropriate techniques that intervene for cyber bullying despite the large numbers of children who have access to information and technologies. Internet and cell phone communications have been cited as tools of cyber bullying. Even more ambitious is that cyber bullying occurs during class time. Various incidents of cyber bullying have been witnessed recently.One of the cases that conspicuously featured on news headlines was of Alexis Henkel, a high school student. Henkel was charged with posting a number of anonymous and threatening messages on the internet account of one of her former classmates, who she accused of engaging in a flirt with his boyfriend (HazeldenFoundation, 2012) . It has been argued that cyber bullying is particularly rampant because most cases are not reported. The most appropriate technological approach to addressing cyber bullying entails the application of gumshoe tools, which facilitates content monitoring, as well as blocking.Indeed, various social sites now offer safety tools that enable users and administrators to report and block forms of communication that amount to bullying. These go hand-in-hand with the approach of instilling of ethical morals among the users, as well as enlightening the society on online safety, including ways of using online safety tools. Category of internet security Breaches Information leakageIntegrity ViolationDenial of ServiceIllegitimate use Data breaches information stored in a website is accessed and released without authorityCyber bullying entails sending abuses and information that undermines the integrity of other peopleWorm Launching worms or viruses block internet access, denying the victims ac cess to the internet. Additionally, some worms infect computers, making them malfunction. This also denies the victims access to computer services1. Internet intrusion and Hacking Hacking enables the perpetrators to access websites and use services illegitimately. 2. Cyber fraud Cyber fraud constitutes the motives of illegitimate use of internet resources