Internet and security issues
Web services that use HTTP require particular attention to security. Web services on the Internet have become the foundation of our lives.
Electronic commerce, such as Internet shopping, auctions, and Internet banking, is now a service that everyone uses.
However, since the Internet is something that an unspecified number of users participate in, the agreements for services on the Internet are widely publicized in advance.
This means that exposed mechanisms are highly vulnerable to attacks. This is because it is not so difficult for high-level users to derive exploitation methods from public information.
There are two types of attacks against WWW sites, for example:
(1) Receive authentication by impersonating another person, enter the site and perform alterations
This is a pattern in which someone else's login ID and password are used to infiltrate the network and commit malicious acts.
In more complicated schemes, stolen credentials are used to steal other people's credentials. There are also elaborate tricks that repeat this over and over to make it harder to identify the culprit.
② Monitor communication and steal information
If the information that flows is not encrypted, it is easy to eavesdrop. Tools such as packet monitors can be used to see the content of the information.
If the content of this information is important information such as user ID and password, it will be a problem. It can be abused. There are more, but it is important to have mechanisms in place to defend against these attacks.
As a mechanism to prepare for attacks, for example,
(1) We will deal with the problem by making the password mechanism more complicated, and changing the password periodically.
(2) In response to the problem, we will communicate with https, encrypt the communication content with SSL, and use electronic signatures by a third party certification authority (VeriSign) to deal with unauthorized access.
Internet and security issues
Internet and security issues are inseparable. There is a technical background to why the security of services on the Internet is fragile.
LAN technology is used in the technology that supports the current Internet.
Most LANs today are built on Ethernet. This Ethernet operates with a mechanism called CSMA/CD (Carrier Sense Multiple Access/Collision Detection).
CSMA/CD always responds to inquiries if there is a corresponding one. This simple mechanism made CSMA/CD popular because it was easy to implement and inexpensive.
Ethernet was originally intended for use in local areas and works with simple mechanisms.
Computers on Ethernet always respond to certain protocols.
For example, it always responds to the ping command.
* Currently, it is blocked by the firewall on the OS side.
Receiving a response is nothing other than letting a malicious third party know of your existence. In other words, it becomes possible to attack the system.
In the first place, the internet is a place where an unspecified number of users participate, so it is a major premise that anyone can access it. If anyone can access it, it will lead to fragility in terms of security.
Internet and security issues are therefore inseparable. Since this problem is inherent in the mechanism, it is not easy to fundamentally solve it.