Essays /

Awareness And Challenges Of Internet Security Essay

Essay preview

Information Management & Computer Security
Awareness and challenges of Internet security
Steve Hawkins David C. Yen David C. Chou

Article information:
To cite this document:
Steve Hawkins David C. Yen David C. Chou, (2000),"Awareness and challenges of Internet security", Information Management & Computer Security, Vol. 8 Iss 3 pp. 131 - 143
Permanent link to this document:
Downloaded on: 19 September 2014, At: 06:43 (PT)
References: this document contains references to 30 other documents. To copy this document: [email protected]
The fulltext of this document has been downloaded 4869 times since 2006* Downloaded by UNIVERSITI UTARA MALAYSIA At 06:43 19 September 2014 (PT)

Users who downloaded this article also downloaded:
Godwin J. Udo, (2001),"Privacy and security concerns as major barriers for e#commerce: a survey study", Information Management & Computer Security, Vol. 9 Iss 4 pp. 165-174 David C. Chou, David C. Yen, Binshan Lin, Philip Hong#Lam Cheng, (1999),"Cyberspace security management", Industrial Management & Data Systems, Vol. 99 Iss 8 pp. 353-361

H. Joseph Wen, (1998),"Internet computer virus protection policy", Information Management & Computer Security, Vol. 6 Iss 2 pp. 66-71

Access to this document was granted through an Emerald subscription provided by 394654 []

For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service information about how to choose which publication to write for and submission guidelines are available for all. Please visit for more information.

About Emerald
Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online products and additional customer resources and services.

Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation. *Related content and download information correct at time of download.

Awareness and challenges of Internet security

Downloaded by UNIVERSITI UTARA MALAYSIA At 06:43 19 September 2014 (PT)

Steve Hawkins
Technical Writer/Analyst, Dell Computers Co., Austin, Texas, USA David C. Yen
Department of Decision Sciences and MIS, Miami University, Oxford, Ohio, USA David C. Chou
Department of Business Computer Information Systems, St Cloud State University, St Cloud, Minnesota, USA

Internet, Security,
Computer networks, Companies


The threat of computer security is one of the
main barriers to Internet commerce. With
Internet security is an important
the current popularity and the potential
issue today. Corporate data are at
profits of e-commerce, many executives face
risk when they are exposed to the
a conflict situation. That is, connecting to the
Internet. Current technologies
Internet and expanding their business would
provide a number of ways to
secure data transmission and
risk the threat of intrusion. On the other
storage, including encryption,
hand, remaining disconnected from the
firewalls, and private networks.
Internet would sacrifice their customer
This article discusses the
awareness of Internet security and contact and services.
challenges faced in both the
Seven members of the Lopht Heavy
public and the private sectors.
Industries, an independent watchdog group
composed of seven hackers, informed the
Senate Committee on Governmental Affairs
in 1998, that ``it would take only 30 minutes
for them to render the Internet unusable for
the entire nation'' (Yasin, 1998). There is
more. Officials from the General Accounting
Office (GAO) also met with the committee
and stated that the GAO has uncovered
serious computer security weaknesses at
both the State Department and the Federal
Aviation Administration that could
jeopardize the operations of both
governmental agencies (Yasin, 1998).
Organizations in both the public and the
private sectors are aware of the needs of
Internet security. It is interesting to know
how both sectors take action to protect their
Internet data and corporate systems. Internet
security is recognized as the methods used by
an organization to protect its corporate
network from intrusion.
The best way to keep an intruder from
entering the network is to provide a security
wall between the intruder and the corporate
network. Since the intruders enter the
network through a software program (such
as a virus, trojan horse, or worm) or a direct
connection, firewalls, data encryption, and
user authentication can restrain a hacker.
Information Management &

Computer Security
8/3 [2000] 131±143

# MCB University Press
[ISSN 0968-5227]

The current issue and full text archive of this journal is available at

While many tactics provide assurance of
protection, carelessness can also be a key
factor. As a result, awareness training and
education should be used to remind staff that
an Internet security breach could have a
profound effect on the health of the
organization and, hence, their job security
(Everett, 1998).
When a company is connected to the
Internet, any user in cyberspace can have
access to its Web site. Installing firewalls,
intrusion detection systems (IDS), and user
authentication software are the necessary
precautions a company must take to protect
themselves. Ultimately, the best protection
from intrusion is to constantly keep
watching for intrusion and to employ the best
protection you can afford while travelling
through the untamed terrain of cyberspace.
This article begins with an overview of
Internet security and the technologies used
in protecting the data on a computer system.
Next, this article investigates the awareness
of Internet security in selected industries
from the public and the private sectors. New
developments and challenges regarding data
protection and Internet security are
addressed in the last sections.

Technology for Internet security
There are a variety of methods that a
company can employ to protect itself from
unauthorized access. Some of the most
popular methods are:
user authentication;
data encryption;
key management;
digital certificates;
intrusion detection systems (IDS);
virus detection;
virtual private networks (VPN);

[ 131 ]

Steve Hawkins, David C. Yen
and David C. Chou
Awareness and challenges of
Internet security

Table I illustrates the unique features and
the limitations of all of these Internet
security methods.

Information Management &
Computer Security
8/3 [2000] 131±143

Implications of security methods

Firewalls are the first line of defense for
corporate networks. A firewall is a
combination of hardware and software that
separates a local area network (LAN) into
two or more parts for security purposes. All
public connections to and from the corporate
network initially pass through a firewall,
which acts as a gatekeeper to give access to

valid requests and, in the end, block out all
other requests and transmissions (Cantin,
1999). In addition, firewalls can be
implemented between departments to allow
certain users access to secure data.
Another line of defense is user
authentication. Basically, a user must enter a
password as a digital key to enter the
computer system. User authentication can be
incorporated into a firewall, a particular
application, a document, or a network
operating system such as Novell NetWare
and Windows NT.

Downloaded by UNIVERSITI UTARA MALAYSIA At 06:43 19 September 2014 (PT)

Table I
A comparison of Internet security components

Unique features



Hides the corporate intranet from the
Acts as a gatekeeper to give access
to valid requests, blocking out all
other requests and transmissions
Can be implemented between
departments to provide certain users
access to secured data
Records all intrusion attempts for
future review and identification
Enforces user verification
Can be incorporated within a firewall,
application, document, or a network

Software-only encryption may curtail
firewall performance
Presents a single point of failure
No guarantee to protect a network
from harm
Must be installed and configured
correctly in order to work properly

User authentication

Data encryption

Key management
Digital certificate

Intrusion detection system

Virus detection
Virtual private network

[ 132 ]

User password could be intercepted
during transmission
User password could be related to
their lifestyle, making password
identification easier for hackers if they
know the habits and interests of the
Scrambles the data before transit,
Cryptology community believes that
making interception attempts futile
point to point tunnelling protocol
(PPTP) technology may be flawed and
Acts as an electronic key to open
User may lose the key or have it fall
encrypted data
into the wrong hands
Verifies the authenticity of the e-mail Not very useful if companies do not sender
act as their own certificate authorities
Alerts the e-mail recipient if the
or get them from third-party service
message has been altered
Uses static and dynamic methods to No IDS product can detect all of the attacks on a network when it is
spot attacks to the network in
heavily loaded
progress or over time, respectively
IDS products work only on sharedaccess segments, and not on switched networks
Protects computers and servers from Useless if virus definitions are not virus attacks
updated on a regular basis
An inexpensive way to connect remote Some VPN products permit use of users to an enterprise network
private addresses, while others require
Cheaper than using a dial-up
public IP addresses
Flexibility may come at a price
VPN product prices vary according to
through-put and number of tunnels
Provides fast data exchange between Requires security and privacy systems a company and its suppliers
to protect data during transmission

Steve Hawkins, David C. Yen
and David C. Chou
Awareness and challenges of
Internet security

Downloaded by UNIVERSITI UTARA MALAYSIA At 06:43 19 September 2014 (PT)

Information Management &
Computer Security
8/3 [2000] 131±143

A user can incorporate a data encryption
utility to protect the data while in transit.
Basically, data encryption is a method of
scrambling the data into an unreadable form
before they leave a company's network.
When the data arrive at the proper
destination, a key decodes the data bits into
understandable information.
There are basically three elements to an
encryption system:
1 a method of changing the data into code
(the algorithm);
2 a hidden place to start the algorithm (the
3 control of the key (key management).
A binary number usually provides the
starting key for the algorithm. Transforming
the data into a readable format is controlled
by the key (DeVeau, 1999).
Key management, therefore, becomes an
important factor in data security. The key
must be secured in a safe place so those
unauthorized individuals cannot access it. In
most organizations, a system policy is
developed that spells out who has the keys
(and/or the power) to access sensitive data on
the network (DeVeau, 1999).
Digital certificate is an electronic credit
card that establishes the credentials for
doing business or other transactions on the
Web. A governing party called ``certification
authority'' issues the certificate. This
certificate contains the user's name, a serial
number, expiration dates, a copy of the
certificate holder's public key, and the digital
signature of the certificate-issuing authority
so that a recipient can verify that the
certificate is real (DeVeau, 1999).
Authenticated users keep these digital
certificates in registries for access.
Digital certificates are similar to
watermarks on a bank check. They not only
verify that the author of the message is the
author, but also alert the receiver if the
message has been altered while in transit.
Digital certificates are useful if the receiving
party absolutely needs to know that the
message they received is authentic (McCune,
To protect themselves from problems
within the network, a company can use
specialized software that monitors the
network for suspect activity. The software
not only detects intrusion from someone
outside the company, but also monitors and
detects any malicious activity on the network
generated from ...

Read more


-1512 -174 -18 -21 -22 -240 -26 -271 -292 -32 -340 -361 -501 -5227 -56 -69 -7 -70 -71 -79 -8 /10.1108/09685220010372564 /815/815ws1.html /904/904f2.html /authors /log-off /nav/ /pcmag/ /security/csaman. /vpn.htm / 000 06 0968 1 10 100 103 113 12 13 131 132 133 134 135 136 137 138 139 14 140 141 142 143 1493 15 16 165 17 18 19 1970s 1984 1986 1994 1996 1997 1998 1999 1st 2 20 2000 2001 2005 2006 2008 2009 2012 2013 2014 21 22 23 233 25 26 261 27 280 290 3 30 31 32 33 330 35 350 353 36 367 394654 3com 4 41 42 43 44 467 484 4869 5 5.0 50 53 59 6 63 65 66 7 75 78 8 8/3 87 89 9 99 a.k aben abhishek abl abnorm aboutcert.html abreast absolut abstract abus access accomplish accord account accuraci acm across act action activ actual ad adapt addison addison-wesley addit address adequ administr adopt advantag affair affect afford agenc agent aid al alarm alert algorithm alik alleg allianc allow along alreadi also alter altern alway america american among amount analys and/or andrew announc anomali anoth ansa answer anti anti-virus antiwiretap anyon anyth aol api appear appli applic appoint april apt architectur archiv area arm around arrest arriv arsenal articl ask assess associ assur atlanta attack attempt attend audit austin australia authent author automat avail aviat aviolo awak awar axent b back backup bad bank barrier barzilai barzilai-nahon base basi basic bay becom begin behavior believ benefit best better bhattacharya big bigg biggest binari binshan birth bit black block bolt book boot box breach break break-in brian broker brokerag browser build bus busi businessto businessto-busi button buyer c call callback campbel canada cannot cantin capabl captur card care careless carnegi carri case cash caus cc center central cert certain certif certificate-issu challeng chanc chang chaturvedi cheaper check checkpoint chelli cheng chief choi choic choos chou cio circuitri circumv cite citi clark classroom clean cleartext click client cloth cloud co coast/intrusion-detection/introduction.html code colleg combat combin come command comment commerc commerci commit committe common communic communiti compani compaq compar comparison competit complex compliant compon compos comput computerworld concern conclud conclus conduct confidenti configur confirm conflict confront congress conjunct connect consent consequ consid consist consortium constant consult consum contact contain contend content context continu contrast control conveni convent convers coordin cope copi corba core corpor correct cos cost could counter countermeasur counterpart counti countri couret cover crack crash creat credenti credit cri crime crimin crossref cryptolog csaman cultur cure currenc current curtail custom cybercash cybercrim cyberspac d d.a d.m da da-yeon damag dan danger data databas date daunt david day de decent decid decis decod decrypt defend defens defin definit deliveri dell demonstr deni depart depend deploy depubl descript design desir desktop destin detail detect deter detriment deveau develop deviant deviat devic dial dial-up dialogu didio differ difficult digicash digit dilemma diminish direct directlyconnect directori disappear disast disconnect discov discuss disk dissemin dns document doesn dollar domain donald doubl download downtim drive dualli dynam e e-busi e-commerc e-mail easier easili eavesdrop edi educ effect effici effort eft either electron element emerald emerg employ employe en enabl enact encrypt end end-us energi enforc engin enlist enough ensur enter enterpris entir entiti entri entrust environ equal equip especi essenc essenti establish et etc ethic evalu even event eventu everett everi evolut evolv exact examin exampl exceed excess exchang execut expand expect experi experienc expert expir explor expos extend extens extern extranet eye f f.m faa face face-lift faceless facil facto factor fail failur fall faouzi fast fault featur februari fed feder field figur file filter financ financi find fine firewal first flaw flexibl fli floppi focus follow food forc forget form format fortun forward four framework fraud frequent frighten front frontier full fulltext function fund furnel furnellestablish futil futur g.l gain gao gatekeep gateway gather general generat geograph get gigabyt giorgi give given global go goal godwin goo good govern government graduat grant graphic group groupwar grow guarante guard guess guid guidelin gupta gurus h habit hacker halaweh han hand handl hann happen hard hardwar harm havoc hawkin he/she health heavi heavili hee help henc hidden hide high high-tech higher him/her hire his/her hold holder home homegrown hong hors host hous howev htm http human hurt id ident identif idss ii illeg illustr imag impact imper implement implic import impos imposs improv in inadequ inc incid includ incom incorpor increas independ indian individu industri industry-specif inexpens inform informationweek infoworld infrastructur initi innov insecur insid instal instanc instead institut instruct instrument integr intent intercept interchang interest interfac intern internet internetweek internetworld interop interoper intervent intranet introduc introduct intrud intrus invad invas invest investig invis involv ip irani isp iss issalou issn issu j j.c jahyun jaijit januari java javascript jeopard jie jit job join joseph journal juggl juli just-in-tim k k.m kamoun kang karin keep key keyword kim kiril know knowledg known korean kovacich l l.w lab lack lag lam lan languag laptop larg large-scal largescal larsen last later latest law layer leader leas least leav legal legisl less lessen level li liberti lifestyl lift like limit lin line link list littl load local locat lock lockss log log-on lone long longman look loophol lopht lose loss lot lotus lowest lowest-level loyalti lucent lutz m ma machin made magazin mail main mainfram maintain major make malaysia malici man manag maneuv mani manmohan manpow manufactur map march market mask materi maximum may mcb mcclure mccune mcse mean mechan meet mellon member menac mention merchant messag met method miami mind minim minnesota minor minut mis misconfigur miss misus mobil modem modifi mohanad momentum mondex money monitor month morri move multimedia multipl must myung myung-he n nahon name namjoo narain nathan nation nativ navig near necessari need neither net netchex netscap netwar network networld never new newman news next night nightmar norm normal note notes/domino noth notifi novel novemb nt number nut object observ obtain occur offenc offic offici often ohio one one-tim onlin open oper order organ origin os other otherwis outdat outlet outsid outsourc overal overhead overlook oversight overview oxford p packet parallel part parti particip particular partner pass passag password patch pattern pc pcanywher pcs pctech/content/17/02/it1702.005.html pdf peac penetr pentagon peopl perceiv percent percept perform perhap peril perman permiss [email protected] permit person personnel perspect peter pg1 philip phone piscitello pki place plan platform player pleas point point-to-point polici popular port portfolio porthol portico posit possibl potenti pound power pp pptp practic prasad precaut prepar present preserv press pressur pretti preval prevent previous price primari prioriti privaci privat proactiv probabl problem procedur process produc product profession professor profil profit profound program progress proper proport proportion protect protocol provid pseudonym pt public publish punch purchas purpos put question quit r radcliff rang ras rather ratio read readabl readili real real-tim real-world reason rebuilt receipt receiv recipi recogn recommend reconfigur record recoveri recruit reduc refer refin reform regard regardless registri regular reithel relat relationship releas reli remain remind remot remov render replac report repres request requir rescrambl research resid resourc resources/legislation/comfraud.html respect respond respons restart restrain restrict result retail review right risk robert rough rout router run sacrific safe safeguard salari sale savvi scalabl scale scambray scan scandal scanner scari school scienc scrambl search section sector secur see seem seetharaman segment select sell seller seminar senat send sender sensit sent separ septemb seri serial serious server servic service-bas session set setcompli seven sever share sharedaccess shift short show shown shuhaili shut sign signatur similar simpli simul sinc singh singl sit site situat skill small snapshot sniffer social societi socket softwar software-on solut solv someon sometim somewhat sophist sound span special specif spell spend spot ssl st staff stamper standard stapl start state static statut stay steal steer step steve steven still stole stop storag store straw strength strengthen stress string strong stronger struggl student studi submiss subscrib subscript subvert suffici suggest supervis supplier support sure survey surviv suspect suspici switch sybex symantec synchron system tabl tactic tail tailor take taken talib talk tamper tape target task tax tcp/ip teach teacher team tech technic technolog telecommun telephon tell telltal tend termin terrain terror test tests/intrusion.html texa text theft theori therebi therefor thiev thing think third third-parti though thought thousand threat three through-put throughout time today togeth token toler tomorrow took tool top toronto toward town track trade tradit traffic trail train transact transfer transform transit transmiss transmit travel trend tri trip trojan trust tunnel two type typic udo ultim unauthor unawar uncontrol uncov understand unencrypt unexpect unfix uniqu unison unit univers unless unnam unread unsecur untam untrac unus unwarr updat usa usag use useless user usual utara util valid valu valuabl van vari varieti various vast vehicl vendor veneti verif verifi versa version via vice view virtual virus visit voic vol volum vpn vpns vulner wall walsh warn watch watchdog waterg watermark way weak wealth web well well-educ well-train wen wesley whenev whitmor window wiretap wish within without work workgroup world worm worst would wreak write writer/analyst wrong yasin yavari yavari-issalou year yen yeon young yurov zahir zelnick zero zhang zks