Commerce on the internet continues to grow at astounding speed and is already in the tens of billions of dollars on a global basis. Unfortunately, security concerns are replete because along with easy fast access to data on a global basis comes the threats from computer hackers including criminals, vandals, and others with potentially harmful motives.
The System Administration, Networking, and Security (SANS) Institute, an American non-profit organization for cooperative research and education draws on experts from academia and government agencies such as the National Security Agency (NAS) and the Federal Bureau of Investigation (FBI). Web threats are highlighted in “The Twenty Most Critical Internet Security Vulnerabilities The Experts' Consensus” Version 2.502 Jan. 30, 2002 published on the SANS website (www.sans.org)
Despite the listed vulnerabilities having been well known they had not been fixed because there were so many other vulnerabilities and system administrators were so busy it seemed overwhelming to figure out which were the most important. Opportunists exploiting paths of least resistance have targeted the same so-called “holes,” time after time, thus leading to the SANS list. According to SANS, system compromises in a recent Pentagon hacking incident and the easy and rapid spread of the year 2001 Code Red and NIMDA worms were traceable to vulnerabilities in the top twenty list.
The vulnerabilities listed in a prioritized list format by SANS were grouped into the following categories: (1) General; (2) Microsoft Windows operating system-based; and (3) Unix operating system based. The General category includes such issues as failure to require passwords or stolen passwords and system ports vulnerable to intrusion by hackers while the other two categories detail problems with existing dominating operating systems that operate on servers and clients in networked environments including, of course, the internet network.
The vulnerability of data that is exposed to network intrusion will remain are serious problem as long as these and other vulnerabilities can be exploited to get to data which is too easily accessible on the internet. What is needed is a security based solution that does not prohibitively slow down legitimate access to data. After all if the data is to hard to get to by users on the internet the growth and popularity will be inhibited and internet commerce itself and global economies in turn will suffer.