| Help to make better security over Net. It is a subject that related to all of us. |
| For centuries, security was synonymous with secrecy. The shared secret between two parties conducting business was a worldwide approach. But secret passwords require a great deal of trust between parties sharing the secret. Can we always trust the administrator or other users of the Internet network service provider that we access? Most computer break-ins today are due to compromise by system users or hackers who use legitimate accounts to gain access to general security. Determining the identity of a person is becoming critical in our vastly connected information society. As a large number of biometrics-based identification systems are being deployed for many civilian and forensic applications, biometrics and its application have evoked considerable interest. Current technologies provide a number of ways to secure data transmission and storage, but other approaches to Internet security focus on protecting the contents of electronic transmissions and verification of individual users. Secure electronic transmissions are an important condition for conducting business on the Internet. Biometrics -- technology that uses the human beings' physical or behavioral traits for identification purposes -- will play an important role in the near future of desktop computing, mobile phones, and, in particular, access to institutional computers and sensitive data via the Internet. This paper discusses common Internet security technologies and blended Internet security methods with references to other areas where biometrics technologies has been adopted. Security is a major concern for Internet users and system administrators. Whether to protect confidential data and information in individual files, lock a computer system to unauthorised users, control access to an intranet or an extranet, or conduct business on the Internet, one needs to determine an appropriate level of security and the effective means to achieve the objectives. The threat to Internet security is one of the main barriers to electronic transaction via the Internet medium. With the current popularity and the potential profits of electronic business, many executives face a conflict situation. That is, connecting to the Internet and expanding their business would lead to risks and threats of intrusion. On the other hand, remaining disconnected from the Internet would sacrifice their customer contact and services to their competitors. The Internet uses simple mail transfer protocol (SMTP) to transmit electronic mail and most business transactions. These transmissions have as much privacy as a postcard and travel over insecure, untrusted lines. Anyone anywhere along the transmission path can obtain access to a message and read the contents with a simple text viewer or word processing program. Because the transmission lines are insecure, it is easy to forge e-mail or use another person's name. Theft of identity is becoming the nation's leading incidence of fraud. A person can even claim that someone else sent a message, for example, to cancel an order or avoid paying an invoice. Organisations in both the public and the private sectors are aware of the needs of Internet security. It is interesting to know how both sectors take action to protect their Internet data and corporate systems. The best way to keep an intruder from entering the network is to provide a security wall between the intruder and the corporate network. Since the intruders enter the network through a software program, such as a virus or worm etc., or a direct connection, firewalls, data encryption, and user authentication can restrain a hacker to some extent. The first objective to improving security is to control physical access by limiting it to authorised individuals. The principle is that the fewer people who can get physical and administrative access to sensitive files or to server systems, the greater the security will be. Most applications rely on passwords, personal identification numbers, and keys to access restricted information or confidential files. Passwords, cards, personal identification numbers and keys can be forgotten, stolen, forged, lost or given away. Moreover, these devices serve primarily to identify the person. They cannot verify or authenticate that the person really is who he or she claims to be. The information age is quickly revolutionising the way transactions are completed. Everyday actions are increasingly being handled electronically, instead of with pencil and paper or face to face. This growth in electronic transactions has resulted in a greater demand for fast and accurate user identification and authentication. Biometric technology is a way to achieve fast, user-friendly authentication with a high level of accuracy. Every industry has its own particular needs and requires certain safeguards to protect its data from damage. The public and private sectors have their own strengths and weaknesses on Internet security. Each industry requires certain safeguards to protect its data while in transit. Developing a plan that has proportionately more strength than weakness is always the goal. However, the Internet is an untamed frontier that is still young and growing. It may take some time to develop stronger methods for data security. Protecting an organisation from the perils of the Internet is similar to the job of a security guard working during the night shift: As long as he stays awake and keeps his eyes open, the chances are that nothing will happen. While companies arm themselves with the latest IDS and virus software, there is still a chance that someone from the outside can get in and wreak havoc on the company's system. Software and hardware configurations keep most of the intruders at bay, but being able to recognise abnormal activity when it occurs seems to be the best method. This requires a well trained IT staff to constantly monitor the network for deviants, using the system software to set up audits in all the right places. As technology continues to evolve and software and hardware improvements are implemented, there may come a time when hackers not only will be forced to stay outside the company walls, but also will be exposed by law enforcement during the process. The future of Internet security, therefore, resides in human intervention and innovation. Implementing hardware and software solutions, as well as using human intervention to continually monitor the network, are two of the best ways to keep abreast of attacks from the outside. The past decade has witnessed dramatic changes in business processes. The number of organisations that store and access confidential and business-critical data in digital form on computer networks or over the Internet has increased dramatically. The importance of Internet security will therefore become an important aspect as the threat-level of electronic crime increases. Although the global community has gained numerous benefits from using new computing technologies, these technologies have at the same time made the wired community more vulnerable to breaches in electronic information transfer security. Biometrics has been used for years in high-security government and military applications, but the technology is now becoming affordable for use as a network authentication method and general security feature. It is tempting to think of biometrics as being sci-fi futuristic technology that we should in the near future use together with solar-powered cars, food pills, and other fiendish devices. There are many references to individuals being formally identified via unique physiological parameters such as scars, measured physical criteria or a combination of features such as complexion, eye colour, height, etc. Government agencies, businesses and consumers are increasingly recognising the limitations of passwords and PIN numbers as computer hacking, identify theft and other forms of cyber crime become more prevalent. Biometrics devices offer a higher level of security because they verify physiological or behavioural characteristics that are unique to each individual and are difficult to forge. Biometrics devices also relieve security personnel, network managers and customer service representatives of the tedious and often intrusive tasks of identity verification and password/PIN administration. Personal identification numbers were one of the first identifiers to offer automated recognition. However, it should be understood that this means recognition of the PIN, not necessarily recognition of the person who has provided it. The same applies with cards and other tokens. We may easily recognise the token, but it could be presented by anybody. Using the two together provides a slightly higher confidence level, but this is still easily compromised if one is determined to do so. Biometrics is a technology that uses human beings unique physical or behavioural features to identify or verify persons. It relies on "something that you are" to make a personal identification and therefore can inherently differentiate between authorised person and a fraudulent impostor. Because one's unique characteristics cannot be stolen, forgotten, duplicated, shared or observed, biometrics based security system is nearly impossible to fraud. This does not mean that biometrics is a universal remedy for all our personal identification related issues, but they do represent an interesting new tool in our technology tool box, which we might usefully consider as we march forward into the new millennium. However, the future is not all rosy. There remains much that needs to be done in order to make the Internet a widely acceptable marketplace for the exchange of goods and services between merchants and consumers. Technology continues to become more complex, the safeguards used today may be severely out of date tomorrow. It is a well established fact that the traditional security measures such as password and identification cards cannot satisfy every security requirement. Various physiological and behavioural biometrics for the authentication of individuals have broader applications such as the control of access to personal computers, private files and information repositories, building access control, and many others. Although biometrics is still relatively expensive and immature, integrated multiple biometrics features such as fingerprints, palm prints, facial features and voice patterns to authenticate a person's identity and verify his or her eligibility to access the Internet are in the development stage. The biometrics devices will continue to improve, becoming even more accurate and reliable as Internet technology evolves. As biometrics technology becomes more acceptable, the proliferation of applications should multiply into many phases of our daily activities. The growing interest in combining common Internet security technologies with biometrics will increase the growth and popularity of blended Internet security methods in the future. Nevertheless the ethical issues surrounding biometrics technologies must be weighed against any potential benefits. |
| Copyright ©2003, part of The YKTA Corporation, and its licensor's. All rights reserved. |
| Home I Mind I Body I Life I Tools I New I Music Instrument I Links I Contact Us I |
 |  |  |  |  |  |  |  |  |
| Y K T A |
|
| Get the last news about Germany and the world. http://www.focus.de/ |
| |||||
|
|
|