Product guide

ManualsBrandsMcafee ManualsOtherINTERNET SECURITY 5.0

101

102

103

104

105

106

107

108

109

110

Internet Security and Privacy

102 McAfee Internet Security 5.0

Snooping and Sniffing

Since its inception, the Internet has been (and largely remains) an open

network. Openness means that information on the Internet travels without

any special security: Anyone who can monitor network traffic can intercept it.

This sort of monitoring is called “sniffing,” and is easy to perform using

“sniffers.” Sniffers are programs (or hardware devices) designed to monitor

data traveling over a network. Originally, sniffers were designed to help

network administrators track down networking problems. Unfortunately, the

same tool can also be used to steal information. Sniffers are insidious and

difficult to detect.

Sniffing often begins when a hacker breaches the security of a local Internet

Security Provider (ISP). A hacker does not need physical access to the ISP’s

premises—sometimes a telephone line is sufficient (although it is also possible

to sniff with physical access to network cables). Once a hacker compromises

an ISP’s system, the network traffic that travels through the ISP is no longer

secure.

Web Servers and Firewalls

Secure transactions are only one part of the problem. When an ISP’s Web

server receives information, the ISP must be able to keep the information safe.

Hackers like to attack the security of Web servers because Web server security

is still in its infancy. As a consequence, Web administrators assume that a Web

server is open to attack, and try to keep them separated from other,

mission-critical computers. Some Web applications must, however, interact

with corporate databases, an open door to a clever hacker. One form of

security technology called a “firewall” can close the door, however, cannot

safeguard certain services.

What can I do to keep my stuff safe?

With sniffer in place, a hacker can intercept credit card numbers and other

private information by capturing data transmissions, and then using pattern

matching algorithms to filter out the valuable information. Intercepted credit

card info can be sold to criminals, intent on committing fraud.

To avoid this problem, Web browsers incorporate encryption technology that

cloaks information and makes it difficult to get at. Encryption is the basic

technique that the Web uses to guarantee information security.

The current encryption standard is called “Secure Sockets Layer” (SSL),

supported both by Microsoft and Netscape, and incorporated in their

browsers. An icon in the browser changes to indicate that SSL is active. When

you make a transaction with SSL active, you can be fairly comfortable that the

transaction is safe.