Enhancing National Internet Security

Internet is considered now one of the most used technologies to transfer and exchange information throughout the world, and the number of internet users increases very fast day by day. The major usage of internet is to transfer and obtain information, e-commerce, email and download software and books. But as technology goes ahead, another services are now provided through internet, including VoIP, Content Delivery, Teleconferencing, TV on Demand…etc. The need for eGovernment Services pushed internet usage to new generation of eservices. But as technology goes ahead, vulnerabilities and attacks increases indeed, putting new interest for information security specialists to cover these issues, specially that internet technology and services are very attractive to users who can be exploited easily with the absence of awareness and legalizations.

The intent of this paper is to explain the concept of Internet Security, and to address the areas by which all internet stakeholders of various sectors can collaborate their efforts to provide the acceptable level of security of this resource.

Internet Security is defined as "the prevention of unauthorized access and/or damage to computer systems via internet access". The most security measures used within this field involve data encryption, which is the translation of data into a form that is unintelligible without a deciphering mechanism, and Passwords, which are secret words or phrases that gives a user access to a particular program or system. (Wikipedia)

Internet security is composed of three major components, each of which has its separate way to secure:

1. Infrastructure: which include Communication Lines (cables or fibers), routers, DNS, DHCP, ISPs, Protocols…etc. This part usually dependent on physical matters. Internet infrastructure is usually owned by great corporates or the government itself. For ISPs, the business sector owns some ISPs.

2. Applications: these are the web applications and e-services that are used within the umbrella of Internet. Some applications are commercial such as in e-commerce, some are for education purposes as VoIP, some related to eBanking, eGovernment….etc. Some individuals own some applications as that of FTP sites, buying and selling…etc

3. Content: this is the core of Internet advantages, which related to information itself, including emails, photos, multimedia, e-telephony, books, articles…etc.

For that, Internet is a mixture of physical and logical technologies, hence, internet security professionals should be fluent in the four major aspects: (Wikipedia)

1. Penetration testing: this skill is essential in order to discover the vulnerabilities of systems connected to internet such as extranets, websites, e-commerce applications and banking systems.

2. Intrusion Detection: which used to detect (prevent for Intrusion prevention) how attackers, hackers and any malicious activities are functioning or whether they are within the perimeter of the system. This can be done using some specialized software and tools to analyze the log of internet access on-bound or out-bound the enterprise.

3. Incidence Response: this is the exercise of detection and handling of any incident considering information systems security, such as attacks, DoS, malicious activities, physical destruction, and disruption of systems.

4. Legal / Audit Compliance: which is related to legalization aspects concerning information security as Cyber Crime Law and Privacy and Data Protection Act and other regulations concerning digital certificates and digital signature. In addition, compliance issues are essential in Internet Security, as Information Security Strategies, Policies, Standards, Guidelines and Procedures.

Internet security is responsibility of each party use it. The basic sectors in any society are mainly four: Government, Business, Academia and Individuals. Now it is the time to explore the role of each sector to secure the Internet.

The main responsibility of Government is to develop and enforce suitable legalization to secure Internet environment. This includes laws, bylaws, regulations, and information security strategies and policies. Such legalization should cover: e-Transactions Law, Cyber Crime Law, Privacy and Data Protection Act, e-Signature and Certificate Authorities. This suite of laws should provide the suitable accountability methods of enforce these laws and to manage Internet access in a secure manner. ISPs should also be very well regulated to control access to Internet using the suitable security measures.

As per, the role of Government extends further than regulating and accountability, since it should plan and implement suitable National Information Security Awareness Program to identify the weaknesses in using Internet within the borders. In addition, the Government should regulate and control the activities of Computer Emergency Response Teams CERTs to monitor, detect and handle any cyber attack or incident related to the Internet infrastructure in the country.

The engine of regulations and legalization in any country is to serve business and human beings. The business is a strategic partner to the Government in the globe. This partnership throws charges on the business toward the country. One of these charges is Internet security. The main reason for such charge is that most of our new business uses Internet as a major tool to conduct bargains and simplify marketing. Therefore, the business should collaborate the efforts to secure Internet by the following methods:

1. IT vendors should provide powerful security tools to be used by the Government, Business and other sectors to secure Internet, by purchasing them or developing them locally.

2. Business should make use of these security measures and tools in the correct way, in compliance with the Governmental laws, regulations and policies. Business should conduct IT audits to make sure that their systems are secure enough when using Internet.

3. Business should financing and supporting the efforts of non-profit organizations and research institutes regarding Internet security, which can be motivated by the Government. Such support can be done by building capacity of such organizations and institutes, providing the research and monitoring tools and security measures as supplementary efforts.

This is the scientific part of the story, by which advanced and specialized studies and research can be implemented and conducted to enhance Internet security and discover new types of attacks and vulnerabilities, and providing new innovative solutions to secure Internet. Such institutes can share knowledge with other research institutes in other countries, and conducting experiments on their labs by specialized personnel and researchers. Non-profit organizations regarding internet security should be included within this collaborative efforts. Finally, Academic
institutes are acquired to develop training courses and materials and conducting for a national information security awareness program for other sectors in the country.

Awareness is the most important part that should be practiced by the individuals. If the individual is well aware of Internet security then the largest part of the problem is solved. In addition, individuals are acquired to follow regulations and policies, and make use of suitable security measures when connecting to Internet. He/she should not introduce himself/herself as a hacker for any reason. Awareness is the most powerful tool for this sector.

National efforts cannot get its full advantages without the incorporation of international efforts related to the subject of Internet Security. Such efforts varies in political signature as non-profit organizations, which could be multilateral such as IMPACT Alliance, or to be part of the regional or international organizations such as UN, or that of Academic Institutes as that of International CERT of Carnegie Mellon University. In addition, a lot of international standardization organizations have developed protocols, schemas and frameworks to enhance Internet Security, to secure infrastructure, applications and the content transmitted through Internet.

In addition, there is a commitment between big vendors to optimize security measures when connecting their products to Internet, such as email applications. Some venders who are interested in security tools such as antiviral software and intrusion detection and prevention, provides some free services to Internet globe considering security matters, such as security operations centers, but it is not 100% free services, since they provide these services for free for some limit, not absolutely. However, big venders, usually, provide awareness and training materials and courses for the globe to enhance Internet Security.

Internet security is a practice not a theory. Each sector in the country should contribute its efforts to keep internet use secure to the acceptable level. Government, Business, Academic Institutes and even Individuals are acquired within these efforts. The Government will take the regulatory part, Business will take the financial part, Academic Institutes will take the scientific methodology part, and individuals will take the practice. However, if the Government is very
well organized in its vision, regulations, legalization and policies, then other sectors will contribute in the acceptable level to implement these issues for the benefit of Internet Security in the country.