While the internet has increasingly become an important and essential tool for communication and a path for globalization, it presents several challenges to users. The fact that personal information about internet users can be easily accessed and utilized by various third parties whenever they access a specific site is a scary thing for most internet users who are concerned about their privacy and security (Kruegel 90). Therefore, most browsers allow for incognito browsing or private browsing. This is a privacy feature in some popular browsers, which allows users to disable web cache and browser history whenever they access the internet in the private or incognito mode (Bugliesi, et al. 509). Therefore, one can easily access the internet ad browse various websites without storing their local data that may be retrieved later on for other purposes. Privacy browsing also disables the storage of personal data in the form of cookies ad flash cookies.
If you need assistance with writing your essay, our professional essay writing service is here to help!Essay Writing Service
Over the past decades, mobile devices have become more popular and their growth in the market has been very significant. In particular, android based smart phones have dominated the markets, and consequently, a large number of android applications in their hundreds if not thousands have been developed and put on the various android application markets like the play store (Kruegel 90). The emergence of these new applications has led to the quest of understanding application traffic generated by these new applications (Kern, and Phetteplace 211). This data is very important especially for the purpose of malware detection and application traffic analysis.
For the purpose of writing this paper, android URL risk assessor, identifying user actions on applications using traffic analysis, network profiling, characterization of smartphone usage patterns and generating application signatures from data traffic to each application will be used (Kern, and Phetteplace 212). This is because once applications are installed in a mobile device, they are in constant communication with various sources from the internet and this possess an obvious risk to data security to the people using such applications. It is common for android applications to request for permission to access the internet especially during installation of the applications. This is however not common with other platforms such as iOS applications for the apple devices like the iPhones and iPods.
Lack of information is a major shortcoming of the incognito browsing that should not be overlooked. A research conducted by German and American web researchers revealed how such misconceptions and lack of information can be detrimental. The study entailed a survey of four hundred and sixty volunteers on the application of private browsing. The researchers, in their survey, sought to establish from the volunteers if the use of the incognito or private browsing would affect collecting of data in various hypothetical scenarios. Additionally, the 460 volunteers were also supplied with various versions of disclosure agreements.
The research results revealed that despite all the resources supplied to the study population, they still overestimated the capabilities of incognito browsing. For instance, the study results showed that more than fifty percent of the participants believed that private or incognito browsing would help prevent trails of their activities online. Furthermore, forty percent of the research population believed that their locations would not be revealed if they used incognito browsing. Finally, thirty percent of the volunteers believed that internet service providers would not track their browsing history while in the incognito mode. Perhaps the wildest misconception is that incognito browsing prevents virus infection.
While this appears to be a great move in assuring users of their privacy and personal security when accessing the internet, there are a broad range of critical security issues that are pertinent when using the incognito m ode to access certain websites. For example, information such as the IP address and some personal information can still be accessed even when one is in the private browsing mode (Bugliesi, et al. 509). Recent developments in computer forensics have shown that a broad range of information such as the browsing activities of users can still be accessed even when they are in the incognito mode. For instance, computer forensic scientists can still establish the specific websites that one visits while in the incognito mode. This shows that private browsing capabilities in top browsers are not able to fully secure users by hiding their personal or private information such as the websites their browsing activities (Bugliesi, et al. 510). Thus, there are still many security vulnerabilities when it comes to the implementation of incognito browsing in most of the leading browsers such as Internet Explorer, Mozilla Firefox, Chrome, and Safari (Kern, and Phetteplace 213).
One of the top most challenges in private browsing is the fact that the browser extensions are potential sources of threats to the privacy and security of users. By their very design, browsers often elect to allow the use of extensions by default even while in the incognito mode. Therefore, some installed extensions are able to secretly collect and store data such as the browsing activities of the user like the specific websites they visit (Bugliesi, et al. 512). This often takes place without the knowledge of the users who are led to believe that private browsing fully protects them.
Furthermore, the element of data erasure in browsers that is activated in the incognito browsing mode has been proven to be insufficient in protecting users. For instance, the records of the websites visited while in the private session can still be retained in the computer’s memory for a long time even after the private browsing session has been closed (Kruegel 90). Furthermore, the records of the visited website are usually kept by the operating system within the local DNS cache.
The other critical issue is the presence of software bugs. Most browsers have software bugs, which often degrade the security of the private mode (Bugliesi, et al. 523). For example, as seen in some of the earlier versions of Safari browser, the browser still retained records of private browsing history in circumstances where the browser program was not closed normally.
Threats to information security often gain access to the information stored in computer systems and manipulate the data and information rendering it meaningless and useless to the owners of the information while in some cases benefiting the sources of the information security threats. As technology advances with time, so does the various threats to information security. There is therefore great need to develop strong information security mechanisms to respond to the emerging threats (Grossman 69). This essay seeks to explain one of the most prevalent threats to information security that has been one of the main security problems since 2010. A research conducted in 2010 showed that malware infections were among the most notable security problems to computer information systems (Kruegel 90). This essay will describe the menace of malware infections and provide the various available ways of controlling it.
Development of information security strategies protecting complex data and information across a wide network while also improving system performance as well as ensuring easy data retrieval when necessary is one of the most challenging tasks in network design. This is even made worse by the porous and complex nature of modern transactions and the increasing demand for safe and secure information storage and retrieval mechanisms (Grossman 69). The process of securing and protecting information refers to defending data and information from unauthorized access, disclosure, modification, inspection, use or destruction. Information security includes protection of all forms of information and data including both physical and electronic forms.
Information security encompasses four main areas that aim at safeguarding the whole integrity of the information collected and stored for future retrieval. These are availability of the data and information on demand, confidentiality, accountability on the part of individuals charged with the responsibility of managing the information, and data integrity (Sufatrio, et al. 58.12). A security authentication process refers to the process of determining he individuals authorized to access, retrieve, alter and use information at specified times and in a specified manner. The authentication process involves putting in place measures to determine which individuals are ratified to access the information stored.
Phishing attacks, on the other hand, are programs that access systems and networks with the purpose of acquiring confidential information such as passwords and security information in order grant their sources access to systems of other institutions and organizations (Sufatrio, et al. 58.15). One of the most popular phishing methods is where someone sends an email to a victim posing as a representative of a trusted organization or business (Grossman 70). He asks for personal information such as the victim’s social security number, usernames and passwords as well as credit card numbers.
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.View our services
One of the most common information security problems that was very prevalent in 2010 is malware infection. Malware infections refer to attacks to information systems by malicious software applications that intrude the system and alter the data and information stored in it. There are several types of malicious software application that can intrude an information system. Some of them are very complicated to deal with once they get in to the system and can lead to complete loss of data in the system (Grossman 71). Some of the most common malware include rootkits and botnets. Botnets can be described as a collection of programs linked via internet, which communicate with other programs so as to perform certain tasks (Sufatrio, et al. 58.21). Botnets are usually used as malicious software programs across the internet to perform functions such as sending spam e-mails and participating in DDos attacks that can affect information systems.
Rootkits can be defined as stealthy software applications designed to hide the existence other processes, information and programs from being detected using normal methods. They are usually used to grant privileged access to information systems only to specific individuals. Rootkits can either be installed automatically in a computer system or manually by attackers who gain access to the information systems through computer network roots(Reis, et al 45). Once installed in the computer, rootkits access and crack the passwords used to grant access to the system. While in the computer, the rootkits take full control of the computer and can also access various applications and programs and modify them thus affecting their normal functioning (Reis, et al 44). Rootkits are very difficult to detect and control because they also attack programs that ought to control them.
How Forensics Can Leverage the Data Trail
Because of the constantly changing data that is needed for everyday use by the smart phone users, it becomes necessary for the phones to instead connect to a web service to access such data making the application light on the device saving device resources for use by other applications. Some constantly changing information might also need to be updated constantly like weather patterns and real time traffic data. This makes it necessary for apps to access a service to retrieve such data.
The use of such applications can be minimized if encryption is used to secure the communication channels. If the communication is not encrypted, it will be very easy for an eaves dropper to listen to data packets and capture them (Reis, et al 49). Most applications are now forced to use the secure sockets layer as well as the transport layer security to encrypt all application communication with other websites or servers that provide them with certain services.
Normally in an SSL or TLS encryption system, a server is configured with a certificate which contains a public key and a corresponding private key. as the communication between the SSL and TLS is established, the server is forced to sign its own certificate using the public key cryptography system (Reis, et al 49). This system is however not very secure because a man in the middle attack can be easily performed and the whole communication integrity compromised.
We can clearly see that in as much as various methods have been put in place to make sure that user data is protected at all levels, the methods above are not really effective to make sure that personal application user data is not leaked to adversaries (Browser Security: Appearances Can Be Deceiving 61). This calls for the development of better protocols to govern communication between an application and a service website of a web server. Application identification methods should also be put in place to trace the origin of an application through fingerprinting to minimize threats to data security as well making sure that personal data for the application users is not used for malicious purposes.
Ways Risks Can Be Mitigated
Various strategies can be relied upon for data Loss Prevention (DLP) to safeguard against malware infections. Since some of the malware applications such as rootkits are very difficult to control, one of the best ways of safeguarding ensuring information security is through having a backup system and remote storage techniques for the information stored in an information system (Browser Security: Appearances Can Be Deceiving 63). This may require some extra resources and redundant storage that will be used to provide backup to the information. The use of backups and remote storage can be very effective if it is used together with other authentication techniques that will prevent unauthorized access to the information system (Haibo Hu, et al. 18). The other authentication measures include mechanisms such as the use of usernames and passwords, biometric technology, single sign on systems (SSO), and public key infrastructure and digital certificates.
In conclusion we can see that in as much as SSL and TSL technologies have been deployed to protect user data, they are certainly not the best available options and they have their flows mentioned above. This can be prevented especially by using more secure protocols and implementing more complex and sophisticated cryptographic algorithms which do not allow third parties to monitor the activities of an application user.
- Browser Security: Appearances Can Be Deceiving.” Communications of the ACM, vol. 56, no. 1, Jan. 2013, pp. 60–67.
- Bugliesi, Michele, et al. “CookiExt: Patching the Browser against Session Hijacking Attacks.” Journal of Computer Security, vol. 23, no. 4, July 2015, pp. 509–537.
- Grossman, Jeremiah. “The Web Won’t Be Safe or Secure Until We Break It.” Communications of the ACM, vol. 56, no. 1, Jan. 2013, pp. 68–72.
- Haibo Hu, et al. “Privacy-Aware Location Data Publishing.” ACM Transactions on Database Systems, vol. 35, no. 3, July 2010, p. 18–18:42.
- Kern, M.Kathleen, and Eric Phetteplace. “Hardening the Browser.” Reference & User Services Quarterly, vol. 51, no. 3, Spring 2012, pp. 210–214.
- Reis, Charles, et al. “Browser Security: Lessons from Google Chrome.” Communications of the ACM, vol. 52, no. 8, Aug. 2009, pp. 45–49.
- Sufatrio, et al. “Securing Android: A Survey, Taxonomy, and Challenges.” ACM Computing Surveys, vol. 47, no. 4, May 2015, p. 58:1-58:45.
- Kruegel, Christopher. “Making Browser Extensions Secure.” Communications of the ACM, vol. 54, no. 9, Sept. 2011, p. 90.
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: