Date sent: Thu, 09 May 1996 22:30:05 -0500 Business and the Internet Thesis: The Internet is a safe and profitable environment for companies to do business. I. History of the Internet. A. The beginning of the Advanced Research Projects Agency. B. The Advanced Research Projects Agency mission. C. Converting the Advanced Research Projects Agency’s network into the Internet. D. The introduction to the World Wide Web. II. Security Issues on the Internet A. Realizing the threat of computer hackers. B. Considerations for security systems. III. Securing financial transactions. A. Information flowing on the Internet can be susceptible to security problems. B. Larger corporations have endorsed Secure Sockets Layer as a secure means of transmitting financial transactions. C. Secure Courier is another alternative for securing financial transactions. D. Firewalls can be used to help with security within a businesses network. IV. Conducting business over the Internet. A. The Internet offers an abundance of possibilities for businesses. B. Considerations for businesses conducting business on the Internet. V. Connecting a business to the Internet. A. Connecting to the Internet using a dial-up account with a provider. B. Connecting to the Internet using SLIP/PPP. C. Connecting to the Internet using a leased-line connection. Business and the Internet What is the Information Superhighway? Is this some kind of road with an abundance of signs and billboards telling of important information? Actually, when people refer to the Information Superhighway, they are really talking about the Internet. The Internet is a massive web of computers that are connected together. This web of computers covers the entire world. Many businesses are intimidated by the Internet fearing that there is not enough security. These types of businesses will find that by following simple security rules and picking the correct type of connection, the Internet is a safe and profitable environment for companies to do business. President Dwight D. Eisenhower saw the need for the Advanced Research Projects Agency (ARPA) after the Soviet Union's 1957 launch of Sputnik (Baker 15). The organization united some of America's most brilliant people, who developed the United States' first successful satellite in 18 months. Several years later ARPA began to focus on computer networking and communications technology. In 1962, Dr. J.C.R. Licklider was chosen to head ARPA's research in improving the military's use of computer technology (Baker 17). Licklider was a visionary who sought to make the government's use of computers more interactive. To quickly expand technology, Licklider saw the need to move ARPA's contracts from the private sector to universities and laid the foundations for what would become the ARPANET (Baker 15). ARPA (now DARPA) is still one of the primary sources of research for the Department of Defense (Baker 18). Its mission statement reflects the commitment to technological advancement. The Advanced Research Projects Agency (ARPA) is the central research and development organization for the Department of Defense (DoD). It manages and directs selected basic and applied research and development projects for DoD, and pursues research and technology where risk and payoff are both very high and where success may provide dramatic advances for traditional military roles and missions and dual-use applications (Badget 10). Consequently, the ARPA mission is to develop imaginative, innovative and often high risk research ideas offering a significant technological impact that will go well beyond the normal evolutionary developmental approaches; and, to pursue these ideas from the demonstration of technical feasibility through the development of prototype system. In 1969, the United States Department of Defense assigned ARPA to experiment with the linkage between Department of Defense and military research contractors. The Department of Defense directed ARPA to develop a system of communication that could resist interruptions caused by enemy attacks. In the early 1970s, ARPA directed Stanford University to begin experimentation in multiple network packet-switching technology (Baker 16). Packet-switching technology was very effective when network connections were unreliable. An experiment in 1977 among four government networks demonstrated the feasibility of the technology. This research resulted in the development of the TCP/IP protocol suite. By January, 1983, the TCP/IP protocol had become the standard communications protocol. The National Science Foundation established the NSFNET program in 1985. The Foundation's interest in computer connectivity resulted from the inception of the Supercomputer Center's program. The Supercomputer Center program required the use of a high speed transmission backbone to connect researchers to the supercomputer centers. A variety of reasons prevented the ARPANET from serving in this capacity. Therefore, the National Science Foundation developed its own backbone with the help of the MERIT program (University of Michigan), MCI and IBM. The backbone included a large number smaller regional networks that connected many of the nation's research institutions. By 1990, the NSFNET had become the dominant network, leading to the downfall of the ARPANET. The regional networks using the NSFNET backbone created the foundation for the Internet as we know it today. The primary focus of the NSFNET was not-for- profit research and development. The NSFNET had an "acceptable use" policy that restricted the use of the Internet to non-commercial activities. In fact, until October of 1990, Internet identifiers were only granted to organizations that had a U.S. government agency as a sponsor. However, during the 1980s the National Science Foundation advised the regional networks that they would have to become self sustaining. In 1991 this pressure culminated in the creation of the first commercial Internet providers. The largest Internet service provider in the U.S. today, Performance Systems (PSI Net), spun off from the New York Educational Research Network. In March, 1991, PSINet along with two other independent providers, UUNet Technologies (AlterNet) and General Atomics (CERFnet), started the Commercial Internet Exchange (CIX) (Badgett 14). The CIX allowed access to the Internet without the NSFNet's restrictions for the first time. Commercial use of the Internet was finally possible. The next significant development for the Internet occurred on April 30, 1993, when CERN placed the software for the WWW in the public domain. Tim Berners-Lee developed the software at the European Laboratory for Particle Physics (Browne 10). The software, developed for use by high-energy physicists, was first used in 1989. In 1993 a group of graduate students from the University of Illinois at Champaign-Urbana developed Mosaic, a software package that used the WWW protocol. Mosaic used a graphical interface, much like Microsoft's Windows, to present the Internet in a unique user-friendly fashion. Mosaic was a major factor in the explosion of business interest on the Internet because it made the Internet accessible to inexperienced users. Many other browsers have evolved since Mosaic's development. These graphical-type interfaces appear to hold the future of the Internet. As business grows on the Internet, security is becoming one of the most important considerations businesses must make. Businesses with computers connected to the Internet that contain files full of confidential data certainly would not want the public to have access to these files. At the same time, they might want the public to have access to other parts of their systems. Another concern is hackers breaking into a system. If computers are connected to the Internet, a hacker may be able to find a way into it and do such things as vandalize the system and steal passwords (enabling them to log in as someone else). Businesses that offer services that require payment methods including credit card transactions also should be cautious. If these transactions are not somehow secured, hackers can access the user's account information. Recently, a hacker named Kevin Mitnick was arrested for stealing 20,000 credit card numbers (Cooper 24). Another example of poor security on the Internet is the United States Government. The Defense Department enlisted a team of hackers to attempt to break into its computer network that is attached to the Internet. The hackers succeeded 88 percent of the time. Of even more concern is the fact that 96 percent of the hackers' attempts were not detected. Hacking is apparently on the rise. A recent Rand Corporation study revealed that there were three times as many hacking incidents in the first six months of last year than in the entire previous year (Hughes 10). Poor security can discourage potential customers from using the Internet as a source of commerce. Before setting up security systems, businesses should consider the following: Would you be better off offering credit transactions over a more secure medium, like the telephone? If you decide to offer online financial transactions, how much security do you want to offer the customer? How valuable is the information on the computer system? Must the confidential data be accessible through the Internet? Who do you want to access the information? Who do you not want to access the information? The way that information flows through the Internet makes it very susceptible to security problems. The TCP/IP packets flow through many different nodes on the way to their intended destination. Any of these mid-points can be the source of a security breech. This can cause concerns for both businesses and their customers. A business should take the same precautions for Internet security as it does for any internal control. For example, few businesses would leave customers' credit card slips out in the open. At the same time, a business's customers want to make sure that their sensitive information is being handled responsibly. Mastercard and Visa, as well as many other large corporations, have endorsed Secure Sockets Layer (SSL) for financial transactions (Siyan 7). SSL uses a three-part process. First, information is encrypted, which prevents unauthorized access. Second, the information is authenticated, which makes sure that the information is being sent and received by the correct computers. Finally, SSL provides message integrity, which prevents the information from being altered during interchanges between the two computers. SSL is based on a two-key encryption system. A customer submits a request to purchase merchandise over the Internet. The company responds with a "public key" that the customer's computer uses to encrypt sensitive information. The information is sent to the company, which then uses a "private key" to decrypt the information. The process is invisible to the customer, so it is very easy to use. Imagine a locked chest that contains a mailbox. Customers are to place checks in the mailbox, but shouldn't be able to remove other customer's checks. A business would give customers a "public key" that could open the chest so that they could deposit their checks. The company would have the only key that could open the mailbox inside the chest, the "private key." Netscape Communications Corp., recently developed Secure Courier, which uses SSL to allow financial data to be transmitted in a secure digital "envelope." Information is encrypted from the time it leaves the user's computer until it reaches the financial institution. This ensures that only the financial institution will have access to the inputted financial information. Secure Courier also can verify the authenticity of inputted financial account information. Before the development of Secure Courier, an unscrupulous business could steal credit information just as easily as a hacker. Customers did not have the confidence that their financial information would fall into the right hands and be used appropriately. Secure Courier is based on a specification that Visa and Mastercard have developed for online commerce. With the newness of the Internet, one of the biggest concerns is making the customer feel comfortable using financial information. It is understandable that many potential customers will have reservations about sending sensitive information over an unfamiliar medium. With large corporations such as Visa and Mastercard endorsing Secure Courier, customers now can be more confident that their financial information will be secured. Financial transaction security is the biggest concern for businesses that offer products or services over the Internet. Firewalls deal with security within an organization's information network. Firewalls can be thought of as a security guard monitoring all traffic in and out of a network. A firewall allows a business to specify the level of access that will be afforded to network users. An example of this is "anonymous" FTP. An Internet site can set up an FTP site that allows any outside user to access files at the site. This FTP site will allow users to access files, but only at the lowest level of security. Anonymous FTP is very useful to companies that wish to place documentation in the public domain. It also can be used to allow users to download software. The Internet offers a multitude of possibilities for businesses. With its huge and quickly growing audience, the Internet provides a way to offer information, access information and transfer information. While the Internet, in many cases, can be a giant leap for businesses, some important points must be considered: An Internet site must be advertised for people to be able to find it. Users may be concerned with security. Setting up a business on the Internet requires some technical knowledge. Businesses must determine their own needs as well as the needs of the customer. Simply setting up a site on the Internet does not guarantee success. There are many different ways to connect to the Internet. These include dial-up accounts, Serial Line Interface Protocol (SLIP) or Point to Point Protocol (PPP), and direct connections through leased lines. Choosing a connection is like buying a car. You want something affordable that will accommodate all members of the family. Keep in mind, though, that each family member does not need his or her own stereo controls. Overdoing it can get expensive, and can cut into the value that the Internet can add to a business. Other things to consider are security, reliability, performance and customer support. The last thing you need is a connection that is frequently down with no customer service to help you out. Finally, you might want to make sure the provider has a local dial-up number. If not, long distance charges can add up. By answering the above questions, a business can determine which type of connection best suits it. A dial-up account provides an inexpensive (about $10 a month per account) connection to an Internet access provider (Manager 3). Dial-up accounts, also known as UNIX shell accounts, are not direct connections to the Internet, so speed is sacrificed to an extent. Also, each connection requires a separate account, so if you have many employees that need to be connected simultaneously, this option can get expensive. Many of these accounts contain many features of the Internet such as telnet, Archie, Usenet, e- mail, gopher, WWW and FTP. An inexperienced user may find this type of connection difficult and confusing because the applications typically must be run through UNIX. Another disadvantage of dial-up accounts is that everything must be done on line. For example, to compose an e-mail message, a user first must log in to the system. This can become very time consuming and inconvenient. While a little more costly (about $30 a month per account), a SLIP/PPP connection will allow a business's computer to communicate using the TCP/IP protocol (Manager 3). With this connection, many tasks can be performed simultaneously. For example, you can send e-mail while downloading a program from an FTP site. SLIP/PPP also supports World Wide Web browsers such as Netscape and Mosaic. These interfaces allow point-and-click mouse control and provide pictures, sounds and movies in addition to text. Unlike a dial-up account, the user can perform some tasks off-line, such as composing e-mail messages. Most dial-up SLIP/PPP accounts require that the user actually stay on the computer during the connection. To have a full-time connection, regardless of whether anyone is using the computer, a dedicated SLIP/PPP account may be established. This option is more expensive (about $300 to set up and $80 per month), and it assigns a certain number of IP addresses for a network. Software such as Trumpet Winsock can be used to establish the SLIP/PPP connection. The user must dial the server's phone number and enter a user name and password. A modem at the server's location picks up the signal and connects to a "black box" that routes the information typed from the user's computer to the Internet by using an IP router. Leased-line connections are the best option for businesses that want to provide large amounts of information and allow many employees to access the Internet. This option also provides a much faster connection with either a 56 kilobyte line, a T1 line operating at speeds up to 1.5 megabits per second (or about 100 times faster than a 14, 400 baud modem) or a T3 line that goes up to 357 megabits per second (Manager 5). The more speed, the more expensive it gets. A business should decide what it can afford and what is practical for its purposes. As a rule of thumb, high speed connections are worth it if transmitted data exceeds one gigabyte a day. It is also worthwhile if speed is a major concern, for example the quick transmission of important documents. A dedicated T1 connection costs anywhere from $1,000 to $6,000 to have it set up, and about $1,000 per month thereafter. This provides many more IP addresses for a network than a SLIP/PPP connection. Set-up and monthly fees for a 56K connection are about half as much as a T1 connection. This option also allows for a greater number of IP addresses. For many businesses today, the Internet is the correct medium to conduct business. With limited cost and world wide exposure, a company can’t go wrong. The speed that the Internet has to offer will make even the most impatient manger smile with satisfaction. As long as a business chooses the correct connection as well as sets up some common security stops, the Internet experience should prove to be a rewarding and profitable venture. Works Cited Badgett, Tom. Welcome to-- Internet : From Mystery To Mastery. New York, N.Y. : MIS Press, 1993. Baker, Steven. “The Evolving Internet Backbone; History of the Internet Computer Network”, Unix review, Septemeber 1993, 15-21. Cheswick, William R., and Steven M. Bellovin, Firewalls and Internet Security : Repelling the Wily Hacker. Reading, Mass. : Addison-Wesley, c1994. Cooper, Fredric J. Implementing Internet Security. Indianapolis, Ind. : New Riders Pub., 1995. Cronin, Mary J. Global Advantage On the Internet : From Corporate Connectivity to International Competitiveness. New York : Van Nostrand Reinhold, 1996. Fisher, Sharon. Riding the Internet Highway. Carmel, Ind. : New Riders Pub., 1993. Hughes, Larry J. Actually Useful Internet Security Techniques. Indianapolis, Ind. : New Riders Pub., 1995. Kahin, Brian, and James Keller. Public Access to the Internet. Cambridge, Mass. : MIT Press, 1995. Lent, Max, Government Online. New York : HarperPerennial, 1995. Liu, Cricket. Managing Internet Information Services. Sebastopol, CA: O'Reilly & Associates, 1994. Manger, Jason J. The Essential Internet Information Guide. New York : McGraw-Hill, 1995. Siyan, Karanjit. Internet Firewalls and Network Security. Indianapolis, Ind. : New Riders Pub., 1995.