Internet usage is growing by leaps and bounds. More and more businesses are jumping on the Internet to enhance customer service and to market their wares. Just how safe is the information you’re placing on the Internet? There’s no need for frenzied fear, but if you’re using the Internet in your business, there is the potential for security breaches…ranging from the small to the serious. I-tech’s John Schrock (www.itech.net/itech) says many companies “think it can’t happen to them…until it does.”

Many Internet users believe that information transmitted via the Internet is secure, but that’s not necessarily so. According to Micro-E’s Tod Shedlosky (www.microe.com), the rule of thumb is that the more features a server offers, the more likely it is to contain security holes. Mr. Shedlosky says Unix systems are more vulnerable because of the numerous ports of entry hackers can exploit. Macintoshes and MS-Windows are less easy to exploit, but also offer far fewer capabilities.

The basic goal of Internet security is to keep prying eyes away from your information. This is crucial, especially if you’re allowing clients to access their company’s proprietary information. “Eavesdropping” is a common phenomenon which may not be of great concern to the casual user, but should be a serious concern to businesses using the capabilities of the Web.

Micro-E has identified three basic types of risk Internet users face:

1. Bugs or misconfiguration problems in the Web server that allow unauthorized remote users to steal confidential information, modify the server’s system, and gain information allowing them to break into the system.

2. Browser side risks including active content that can crash the browser, damage the user’s system, breach the user’s privacy, or allow misuse of personal information.

3. Interception of network data sent from browser to server or vice versa via network eavesdropping.

How does a small business owner begin to understand Internet security and what security measures to undertake? Initially, you should familiarize yourself with some of the general vocabulary.

There are two basic ways to secure your website: proxy servers and firewalls. Proxy servers are exactly what the name implies. They are an intermediary between your system and the Internet, meaning information from or to the Internet from your server is screened as it goes in or out. Proxy servers mean your server doesn’t speak directly to the Internet.

A firewall serves the same purpose as a proxy server, but is a bit more sophisticated. When using a firewall, information traversing to and from your server is scrutinized, not just communicated (as is the case of a proxy server). Mr. Schrock says everyone with a dedicated line should institute a firewall system.

Firewalls provide more stringent security than a proxy server, although a strong proxy server is more beneficial than a poor firewall. If you are using the server of an Internet provider, be sure to check what types of firewalls they provide. If they offer firewalls, your site and information is protected by their firewalls. (To determine the caliber of any of these security features, check out the website of the International Computer Security Association (www.ncsa.com.)

A secured socket layer (SSL) is the new standard by which banks and Internet commerce operate. Mr. Shedlosky calls it “the milleniums de facto security standard.” A SSL complements a firewall, and takes security one step further by encrypting the information coming to and from your site. An understandable illustration of a SSL is that of keys: the key on the server end must match the key on the browser end. If they don’t match, access is denied.

Beyond proxy servers, firewalls, and SSLs, you can secure accessible information in two ways. First, and most obvious, is a log-in password authentication. Most systems require this basic tenet of security. To add another layer of security, consider setting up a digital signature (also called a certificate). Digital signatures identify computers the same way your driver’s license does every day. Digital IDs allow the intended recipients to know that the communication is coming from you. Digital IDs also allow people to send encrypted communication to you.

You can obtain a digital ID from a certifying authority, an organization that issues and verifies the validity of digital IDs. Be sure to obtain your digital ID from a true certifying authority (verify the authority on the ICSA website). It’s not difficult to establish a certifying authority, and some unscrupulous individuals use this technique to gain access to private information.

How much does adequate Internet security cost? It depends on two things: what you need and the quality of the security features you purchase. Mr. Schrock says it’s much less expensive than you may anticipate, but as with anything, you get what you pay for. Gauge your needs carefully and purchase accordingly.

Internet security may appear daunting, but it doesn’t have to be. The best way to start winding your way through the maze of Internet security is to educate yourself. Peruse some on-line or printed material to become familiar with the basic terms of and latest developments in Internet security. If you understand the basics, you’ll be able to better understand your needs.

Next, talk to several service providers to gauge your comfort level with their abilities and integrity. As with any service provider…ask for references. Careful research and education will increase your confidence in the services offered to your clients and provide your clients with the security they seek.

Elizabeth A. Thomas is a marketing consultant and business writer in Mechanicsburg. For assistance with your next communications project, contact her at 796-1393.

Many resources are available to help you navigate your way through the labyrinth of Internet security. Check out the International Computer Security Association’s website (www.ncsa.com) for news alerts, product comparisons, security guides, and risk reduction services. Micro-E, Inc. recommends the following resources.

- www.webcommpare.com/ (a definitive guide to http server specs)

- www.iss.net/sec_info/addsec.html (FAQ of Internet Security Systems, Inc.)

- Unix System Security: A Guide for Users and System Administrators (David Curry)

- Practical Unix Security (Simson Garfinkel and Gene Spafford)