Internet Security


Security in the online world is essential for the internet to realise its economic potential - but experts agree that there is no simple solution to a problem that has multiple dimensions: technological, societal, economic and psychological.

Horizontal Tabs


The European Network and Information Security Agency (ENISA), based in Heraklion, Greece, classifies threats on the internet according to when experts think they will materialise, in 'current', 'emerging' and 'future' risks. ENISA describes itself as "a Centre of Excellence for the EU member states and EU institutions in network and information security, giving expert advice and recommendations". 

Current risks are relevant within the coming year. As of summer 2007, this concerns: 

Spambotnetsphishingidentity theftroute hijackinginstant messagingpeer-to-peer systemsmalware on Cell Phones, hackers  in stock markets, software vulnerabilities and lack of protection (e.g. antivirus) in some devices.  

recent survey conducted by Harris Interactive and sponsored by Microsoft revealed that , in the US, almost 20% of adults have already fallen victim to an online scam of some sort. 

The OWASP Top Ten Project, an industry-standard awareness document for web application security endorsed by the US Federal Trade Commission and Department of Defense, lists the following as "the most serious web application vulnerabilities in 2007": 

Cross-site scripting (XSS), injection flawsmalicious file execution, insecure direct object referencecross-site request forgery (CSRF), information leakage and improper error handling, broken authentication and session management, insecure cryptographic storage, insecure communications and failure to restrict URL access. 

Emerging and future risks, according to ENISA, are likely to arise from the ubiquity of IT systems and unlimited reliance on them. This includes the increased automation of homes and the possibility of controlling home appliances remotely, such as heating or air conditioning over the internet and possiby even the use of vulnerabilities in home appliances to attack public infrastructures (e.g. distributed denial-of-service attacks on electricity networks using internet-controlled heating or air-conditioning). 

Major risks may also arise from invisible data collection in public places (e.g. toll collection systems, surveillance cameras and consumer tracking) as well as in private premises (e.g. the retention of telecommunications data and the storage of user data by internet search engine operators), and on portable devices such as mobile phones.