The Internet presents various challenges in the realms of privacy and security. Such threats originate from obvious sources such as hackers and malware, but threats come from less obvious sources as well; employees, government agencies, and even one’s self through lack of knowledge or vigilance. Privacy, as explained by Lawrence Lessig (2006), “from the perspective of law, is the set of legal restrictions on the power of others to invade a protected space” (p.201). Cisco describes network security as the activities which protect a computer network to ensure “… the usability, reliability, integrity, and safety of your network and data” (n.d.). The two terms are closely related in Internet security, and as such, the threats outlined can be considered to have element of both privacy and security. The following is a brief analysis of a few common threats to Internet privacy and security.
There are many threats that are manned attacks from a live hacker or hackers. IP spoofing is one such threat where IP packets are intercepted and altered by inserting a false source address into the packet header. The purpose of IP spoofing is to create false entries into network routers, creating valid entries for an invalid IP address, and is a precursor to further hacking techniques. A hacker can take control of an authenticated communication session by correctly guessing the session’s TCP sequence number, called a sequence number attack. The attacker intercepts a communication from the client to the server, guesses the next sequence number, and injects a spoofed IP address to go to the server. The server will then send an acknowledgement to the spoofed IP address (Joseph Migga Kizza, 2011p.72-73).
A hacker may attempt to directly break into a network by one of three classes of penetration attack; masquerader, misfeasor, or clandestine user (Joseph Migga Kizza, 2011p.89). A masquerader is someone who uses someone else’s credentials to gain access to a system. A misfeasor is “a legitimate user who gains access to system resources for which there is no authorization” (Joseph Migga Kizza, 2011p.89), and a clandestine user is a privileged user who abuses her privileges to evade security measures. Once access to a network is achieved, a packet sniffer can be used to monitor traffic as it traverses the network. A packet sniffer in conjunction with a network access interface set to promiscuous mode will allow a hacker to view packets traveling the network and delete or alter their contents. An example of a network attack by the use of a packet sniffer is a disgruntled employee who uses a packet sniffer to steal authentication information from within the organization, then later uses the stolen credentials to steal proprietary information to be sold on the black market.
There are many threats to privacy and security on the Internet which are automated in nature or inherently insecure, and generally...