Internet

Internet
The global TCP/IP public internetwork that originated in the ARPANET project of the U.S. Department of Defense in the 1970s. The original purpose of ARPANET was to create a wide area network (WAN) that would allow researchers at various defense and civilian research agencies to communicate with each other and to collaborate on projects. When ARPANET grew larger and an increasing number of civilian agencies such as universities and networking companies wanted access to it, administration of the network (now called the Internet) was given to the National Science Foundation (NSF) and then to Internet Network Information Center (InterNIC).

The backbone networks that make up the Internet are owned and managed by private companies, including MCI WorldCom and Sprint. These companies often share physical lines and often lease lines from Regional Bell Operating Companies (RBOCs). Backbone lines on the Internet are linked at points called Network Access Points (NAPs), where Internet service providers (ISPs) can exchange traffic. Examples of NAPs include MCI WorldCom’s "MAE West" NAP in San Jose, California, and the company’s "MAE East" NAP in Washington, D.C. An ISP leases a point of presence (POP) connection to a backbone’s network in order to supply individual users and companies with Internet services. See the Web link in this entry for topological and descriptive views of the architecture of the Internet.

The Internet is not owned by any one group; it is a collection of networks and gateways that run a common TCP/IP protocol and that all evolved from ARPANET. Nevertheless, various administrative bodies oversee various aspects of the Internet. These groups include the following:

· Internet Society (ISOC), which coordinates a number of other bodies and gives advice and direction to them.
· Internet Architecture Board (IAB), which is responsible to the ISOC and oversees the architecture of the Internet.
· Internet Engineering Task Force (IETF), which is responsible to the IAB and develops Internet protocols that define the TCP/IP protocol suite, the Domain Name System (DNS), and so on.
· Internet Assigned Numbers Authority (IANA), which is soon to be replaced by the Internet Corporation for Assigned Names and Numbers (ICANN). IANA is responsible for coordinating the registration of DNS names and assigning IP addresses.
Although a large number of Internet protocols currently support applications for users of the Internet, these services are constantly evolving, and many are rapidly disappearing as new services emerge. By far the most popular business uses of the Internet are the World Wide Web (WWW) and e-mail. Usenet newsgroups and Internet Relay Chat (IRC) are also popular.

Internet protocols
A term that generally refers to application-layer TCP/IP protocols commonly used over the Internet. The following table shows many of the standard Internet protocols in use today. Some of these protocols, such as Gopher, are rapidly waning in popularity. To access a protocol such as Hypertext Transfer Protocol (HTTP) with a Web browser such as Microsoft Internet Explorer, you would use a Uniform Resource Locator (URL) beginning with http://

Standard Internet Protocols
Protocol
Protocol Name
Description
http
Hypertext Transfer Protocol
Used for Web pages that contain text, graphics, sound, and other digital information stored on a Web server on the World Wide Web
ftp
File Transfer Protocol
Transfers files between two computers over the Internet
gopher
Gopher protocol
Displays information stored on a network of Gopher servers
wais
WAIS protocol
Used for accessing a Wide Area Information Servers database
file
File protocol
Opens a file on a local hard disk or a network share
https
Secure Hypertext Transfer Protocol
Establishes an encrypted HTTP connection using the Secure Sockets Layer (SSL) protocol
mailto
MailTo protocol
Starts a Simple Mail Transfer Protocol (SMTP) e-mail program to send a message to the specified Internet e-mail address
news
News protocol
Opens a Network News Transfer Protocol (NNTP) newsreader and the specified Usenet newsgroup
nntp
Network News Transfer Protocol
Performs the same function as the News protocol
mid
Musical Instrument Digital Interface (MIDI) protocol
Plays MIDI sequencer files if the computer has a sound card
telnet
Telnet protocol
Starts a Telnet terminal emulation program
rlogin
Rlogin protocol
Starts an Rlogin terminal emulation program
tn3270
TN3270 protocol
Starts a TN3270 terminal emulation program
pnm
RealAudio protocol
Plays RealAudio streaming audio from a RealAudio server
mms
Microsoft Media Server (MMS) protocol
Plays .asf streams from a Microsoft NetShow server

Secure attention sequence (SAS)

The secure attention sequence (SAS) offers protection against Trojan horse programs that masquerade as common system applications. For example, it is impossible to write a Trojan horse program that presents the user with a phony Windows Security dialog box in an attempt to steal a user’s credentials, because this program cannot be activated by the SAS. The most that a hacker can do is write a Trojan horse program that displays a Windows Security dialog box at random times while the user is already logged on. To guard against such an event, you should educate users to always use the SAS keystroke sequence even if the computer they are using already displays what appears to be the Windows Security dialog box.
The SAS also kills any logon scripts that are running and can be used to terminate scripts that have stopped responding.

Secure Hypertext Transfer Protocol (S-HTTP)
An Internet protocol for encryption of Hypertext Transfer Protocol (HTTP) traffic. Secure Hypertext Transfer Protocol (S-HTTP) is an application-level protocol that extends the HTTP protocol by adding encryption to Web pages. It also provides mechanisms for authentication and signatures of messages. S-HTTP provides broad support for implementing different types of cryptographic algorithms and key management systems. Although S-HTTP systems can make use of digital certificates and public keys, messages can also be encrypted on a per-transaction basis using symmetric session keys.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

A protocol for the secure exchange of e-mail and attached documents originally developed by RSA Security. Secure/Multipurpose Internet Mail Extensions (S/MIME) adds security to Internet e-mail based on the Simple Mail Transfer Protocol (SMTP) method and adds support for digital signatures and encryption to SMTP mail to support authentication of the sender and privacy of the communication. Note that because HTTP messages can transport MIME data, they can also use S/MIME.

Secure Sockets Layer (SSL)
A handshaking protocol for communication over the Internet that provides secure authentication and data encryption. Secure Sockets Layer (SSL) was developed by Netscape Communications for the secure transmission of information over the Internet. SSL works between the application and transport layers on a TCP/IP host to provide encryption of data for data security and encryption of user credentials for secure authentication. SSL uses the Rivest-Shamir-Adleman (RSA) public key cryptography method and is dependent on the implementation of digital certificates and a supporting public key infrastructure (PKI). Both the client and the server must support SSL. Because SSL is application independent, it can be used to encrypt data transmission for many application-layer Internet protocols, including Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), and Network News Transfer Protocol (NNTP).

Security Account Manager (SAM) database

The database of user and group account information stored on a domain controller in a Microsoft Windows NT–based network. The Security Account Manager (SAM) database is also known as the domain directory database, or sometimes simply the directory database.
The SAM database occupies a portion of the Windows NT registry. All user accounts, group accounts, and resource definitions such as shares and printers have their security principals defined in the SAM database. Because the entire SAM database must reside in a domain controller’s RAM, it cannot exceed about 40 MB in Windows NT, which works out to about 40,000 user accounts, or 26,000 users and Windows NT workstations combined. (The following table lists the size of common objects in a SAM database.)

Security Administrator Tool for Analyzing Networks (SATAN)

A free tool developed by Dan Farmer and Wietse Venema in 1995 for remotely analyzing the security of networks. Security Administrator Tool for Analyzing Networks (SATAN) consists of a variety of routines that probe a network for security holes in a similar way that hackers do. SATAN tests the vulnerabilities of TCP/IP hosts using common TCP/IP protocols, such as File Transfer Protocol (FTP), Network File System (NFS), and Network Information System (NIS), and analyzes how the host responds to requests based on these protocols. The results are stored in a database and can be displayed using a Web browser.
SATAN runs on machines running UNIX and needs the Perl interpreter to operate. Typically, SATAN identifies weaknesses in the setup and configuration of network software; network administrators can use it to check the configuration of their network software. SATAN can also identify the network services that are running and provide information about the types of hardware and software and the topology of the network.

Security descriptor

A unique header for an object stored in Active Directory of Microsoft Windows 2000. Security descriptors contain security identifiers (SIDs), which are discretionary access control lists (DACLs) or system access control lists (SACLs) that specify the access permissions for the object. Specifically, the security descriptor for an object contains the following:
· The owner SID:
Identifies the security principal (the owner of the object)
· The group SID:
Used only by Services for Macintosh and the POSIX subsystem
· The DACL:
Contains the access permissions and rights for the object and its attributes, along with the SIDs of the security principals who can access the object
· The SACL:
Contains system-wide security policies such as the auditing policy

Security group
One of two types of groups in Microsoft Windows 2000 that are created and stored in Active Directory; the other is distribution groups. Security groups are used for grouping accounts and for controlling access to resources, much in the same way that global groups and local groups are used in Microsoft Windows NT–based networks. (In other words, all groups in Windows NT are security groups.) Security groups are security principals that can contain other security principals such as user, group, and computer objects from Active Directory.
Security groups come in three types:
· Domain local groups:
Provide users with permissions to access resources; used only within the specific domain in which they are created
· Global groups:
Logically group users for administrative purposes and have visibility in the current domain and trusted domains
· Universal groups:
Similar to global groups but reduce global catalog replication traffic when they are used

Security identifier (SID)

An internal number in the Security Account Manager (SAM) database of a domain controller in Microsoft Windows NT or Windows 2000 that uniquely identifies a user, group, or computer account within a domain. Security identifiers (SIDs) are used internally by Windows NT and Windows 2000 to provide user accounts with access to network resources.

Security zone

A feature of Microsoft Internet Explorer that allows users to designate which intranets and portions of the Internet are trusted or distrusted. The more trusted a zone is, the broader the permissions it grants for executing scripts, Microsoft ActiveX controls, and Java applets, and for executing other potentially hazardous actions. Security settings for a zone can be high, medium, low, or custom.
Here are the zones you can configure and their default security settings:
· Internet zone (medium):
For sites on the Internet that are considered unsafe and for which access is restricted
· Local intranet zone (medium):
For internal sites that are connected to the local network
· Trusted sites zone (low):
For Internet sites that are considered safe for unrestricted access
· Restricted sites zone (high):
For sites on the Internet that have not been determined either safe or unsafe and are thus considered extremely dangerous

Security subsystem

· Local Security Authority (LSA):
Checks to see whether users have permission to access the system itself. The LSA manages the local security policy, generates access tokens, supports interactive logons, and manages auditing.

· Logon processes:
Display the Windows NT and Windows 2000 Security dialog boxes, in which a user can log on to the system interactively. Windows NT and Windows 2000 also include remote logon processes for pass-through authentication by remote users who want to access network resources.

· Security Account Manager (SAM) database:
The database in the registry that contains the user and group account credentials. The LSA uses the SAM database to determine whether to allow a user to log on to the network.

· Security Reference Monitor:
Checks to see whether users have permission to access a particular object, such as a file on an NTFS volume. The Security Reference Monitor enforces the access validation functions of the LSA and generates audit messages (if this feature is enabled).

Internet Protocol Security (IPSec)

A protocol for negotiating and controlling the security of transmissions over a TCP/IP internetwork. Internet Protocol Security (IPSec) defines standards for data encryption and data integrity at the level of Internet Protocol (IP) datagrams and can be used to encrypt transmission of data and ensure that the data originated from the sender and was not modified in transit. IPSec encrypts data at the IP level and uses tunneling to securely send information over the Internet and between intranets. IPSec is an emerging Internet Engineering Task Force (IETF) standard and is implemented in the Microsoft Windows 2000 operating system.
How It Works
IPSec is implemented at the transport layer of the Open Systems Interconnection (OSI) reference model and protects IP and higher protocols using security policies that can be configured to meet the needs of securing users, sites, applications, or the enterprise in general. IPSec essentially resides as an additional layer under the TCP/IP protocol stack and is controlled by security policies installed on each machine and by an encryption scheme negotiated between the sender and the receiver. These security policies consist of a collection of filters with associated behaviors. When the IP address, port number, and protocol of an IP packet match a particular filter, the corresponding behavior is applied to the packet.
In Windows 2000, these security policies are created and assigned at the domain level or for individual hosts using the IPSec Management snap-in for the Microsoft Management Console (MMC). IPSec policies consist of rules that specify the security requirements for different forms of communication. These rules are used to initiate and control secure communication based on the nature of the IP traffic, the source of the traffic, and its destination. These rules specify authentication and negotiation methods, tunneling attributes, and connection types.
To establish a security association (secure communication session) between two computers, a protocol framework called ISAKMP/Oakley is used. ISAKMP/Oakley includes a set of cryptographic algorithms but is also extensible to support user-defined encryption algorithms. During the negotiation process, agreement is reached on the authentication and security methods to be used, and a shared key is generated for data encryption. IPSec supports two different kinds of security associations:

Authentication Header (AH) protocol:
Provides user authentication and protection from replay attacks and supports data authentication and integrity functions. AH enables the recipient to be sure of the identity of the sender and that the data has not been modified during transmission. AH does not provide any encryption of the data itself. AH information is embedded in the IP packet’s header and can be used alone or with the Encapsulating Security Payload (ESP) protocol.

· Encapsulating Security Payload (ESP) protocol:
Encapsulates and encrypts user data to provide full data confidentiality. ESP also includes optional authentication and protections from replay attacks and can be used either by itself or with AH. ESP information is also embedded in the IP packet’s header.

Devices and software configured to support IPSec can use either public key encryption using keys supplied by certificate authorities (CAs) or preshared keys for private encryption.