Internet Security

1
Internet Security

• Michael OFarrell
• Ernst Young
• 23-November-1999

2
Background

• The Internet is increasingly used for commercial
  activities e.g. Information, Ordering,
  Payment...
• The best known of these are the companies who
  sell directly to customers known as Business to
  Customer (B2C). e.g. Amazon and eBay ...
• The biggest Internet growth area is Business to
  Business (B2B).

3
B2B - is happening already

• Greater level of electronic communication
  (e-mail)
• Companies use the web for various purposes
• Catalogues (pictures, sound, text and prices)
• Form filling (e.g. surveys, applications)
• Account information (balances, transactions)
• Many Companies are replacing EDI systems with
  simpler Internet-based inter-company
  communication. These inter-company links are
  direct connections between the computers of
  partner firms.

4
Whats the big deal with Internet Security

• Ability to trust the other party is more
  difficult over the Internet alone.
• Any security weaknesses can impact customer
  confidence.
• Insecure trading partners can be a threat to an
  organisation, because of the risk of ...
• virus infection
• disclosure of information they trusted you with
• as an avenue to try and hack their organisation.

5
Common vulnerabilities - the scare stories

• Viruses
• they can cause disruption and nobody will want to
  talk to you (electronically) if you are infected.
• Poor security controls on computers.
• The most basic is proper use of passwords.The
  e-mail you send and files you store are protected
  by password This is the key to your electronic
  filecabinet. Having no control allows anybody to
  write a document or send an e-mail in your name.

6
Other Concerns

• Backup
• What is the effect of your computer failing - a
  crash. Do you have a backup copy of your
  general ledger ?
• Hacking
• If you connect full time to the Internet consider
  that others on the network will find you and may
  want to explore your computer.
• Are you what your email says ?
• It is possible to forge messages on the
  Internet. A Company getting an email from you
  needs assurance that the message came from you
  and that the information was not tampered with.

7
Some answers ...

• Do the basics ...
• Up to date anti-virus software on ALL your
  computers
• A good, secret password that is changed regularly
• Up to date software that has all the recommended
  security features turned on.
• Backup software and data stored securely.
• Follow the Law on protection of personal
  information.
• If your system is more complex take the time to
  review the risks and address them.
• Use digital signatures to prove your identity.

8
Summary

• Trading partners will use more Internet
  technology for their transactions.
• This technology increases the risks to your
  organisation which must be balanced against the
  benefits of using it.
• Good controls, up to date software and, in some
  cases, hardware can significantly reduce the
  risks.

9

• Would you be comfortable if your bank and
  insurance broker habitually kept their premises
  unlocked overnight ?
• You have a responsibility to your customers and
  trading partners to ensure your systems
  (especially Internet) are secure.

10
References - on the web.
Irish and EU legislation on the
Internet http//www.echo.lu/ http//www.odtr.ie/ht
ml/legislation.html http//www.irlgov.ie/taoiseach
/publication/infosocactionplan/infosocframework.ht
m http//www.irlgov.ie/tec/communications/commsleg
.htm Information Society Commission http//www.inf
osocomm.ie/background.htm Information Security
organisations http//www.ciac.org/ http//www.sans
.org/newlook/home.htm