Business and the InternetThesis: The Internet is a safe and profitable environment for companies to do business. I.History of the Internet. A. The beginning of the Advanced Research Projects Agency. B. The Advanced Research Projects Agency mission. C. Converting the Advanced Research Projects Agency s network into the Internet. D. The introduction to the World Wide Web. II. Security Issues on the Internet A. Realizing the threat of computer hackers. B. Considerations for security systems. III. Securing financial transactions. A. Information flowing on the Internet can be susceptible to security problems. B. Larger corporations have endorsed Secure Sockets Layer as a secure means of transmitting financial transactions. C. Secure Courier is another alternative for securing financial transactions. D. Firewalls can be used to help with security within a businesses network. IV. Conducting business over the Internet. A. The Internet offers an abundance of possibilities for businesses. B. Considerations for businesses conducting business on the Internet. V. Connecting a business to the Internet. A. Connecting to the Internet using a dial-up account with a provider. B. Connecting to the Internet using SLIP/PPP. C. Connecting to the Internet using a leased-line connection. Business and the Internet What is the Information Superhighway? Is this some kind of road with anabundance of signs and billboards telling of important information? Actually, when peoplerefer to the Information Superhighway, they are really talking about the Internet. TheInternet is a massive web of computers that are connected together. This web of computerscovers the entire world. Many businesses are intimidated by the Internet fearing that thereis not enough security. These types of businesses will find that by following simplesecurity rules and picking the correct type of connection, the Internet is a safe andprofitable environment for companies to do business. President Dwight D. Eisenhower saw the need for the Advanced Research ProjectsAgency (ARPA) after the Soviet Union’s 1957 launch of Sputnik (Baker 15). Theorganization united some of America’s most brilliant people, who developed the UnitedStates’ first successful satellite in 18 months. Several years later ARPA began to focus oncomputer networking and communications technology. In 1962, Dr. J.C.R. Licklider was chosento head ARPA’s research in improving the military’s use of computer technology (Baker 17). Licklider was a visionary who sought to make the government’s use of computers moreinteractive. To quickly expand technology, Licklider saw the need to move ARPA’s contractsfrom the private sector to universities and laid the foundations for what would become theARPANET (Baker 15). ARPA (now DARPA) is still one of the primary sources of research forthe Department of Defense (Baker 18). Its mission statement reflects the commitment totechnological advancement. The Advanced Research Projects Agency (ARPA) is the central research anddevelopment organization for the Department of Defense (DoD). It manages and directsselected basic and applied research and development projects for DoD, and pursuesresearch and technology where risk and payoff are both very high and where success mayprovide dramatic advances for traditional military roles and missions and dual-useapplications (Badget 10). Consequently, the ARPA mission is to develop imaginative,innovative and often high risk research ideas offering a significant technological impactthat will go well beyond the normal evolutionary developmental approaches; and, to pursuethese ideas from the demonstration of technical feasibility through the development ofprototype system. In 1969, the United States Department of Defense assigned ARPA to experimentwith the linkage between Department of Defense and military research contractors. TheDepartment of Defense directed ARPA to develop a system of communication that couldresist interruptions caused by enemy attacks. In the early 1970s, ARPA directed StanfordUniversity to begin experimentation in multiple network packet-switching technology (Baker16). Packet-switching technology was very effective when network connections wereunreliable. An experiment in 1977 among four government networks demonstrated thefeasibility of the technology. This research resulted in the development of the TCP/IPprotocol suite. By January, 1983, the TCP/IP protocol had become the standard communicationsprotocol. The National Science Foundation established the NSFNET program in 1985. TheFoundation’s interest in computer connectivity resulted from the inception of theSupercomputer Center’s program. The Supercomputer Center program required the use ofa high speed transmission backbone to connect researchers to the supercomputer centers. Avariety of reasons prevented the ARPANET from serving in this capacity. Therefore, theNational Science Foundation developed its own backbone with the help of the MERIT program(University of Michigan), MCI and IBM. The backbone included a large number smaller regionalnetworks that connected many of the nation’s research institutions. By 1990, the NSFNET hadbecome the dominant network, leading to the downfall of the ARPANET. The regional networksusing the NSFNET backbone created the foundation for the Internet as we know it today. Theprimary focus of the NSFNET was not-for- profit research and development. The NSFNET had an”acceptable use” policy that restricted the use of the Internet to non-commercialactivities. In fact, until October of 1990, Internet identifiers were only granted toorganizations that had a U.S. government agency as a sponsor. However, during the 1980s theNational Science Foundation advised the regional networks that they would have to becomeself sustaining. In 1991 this pressure culminated in the creation of the first commercialInternet providers. The largest Internet service provider in the U.S. today, PerformanceSystems (PSI Net), spun off from the New York Educational Research Network. In March, 1991,PSINet along with two other independent providers, UUNet Technologies (AlterNet) and GeneralAtomics (CERFnet), started the Commercial Internet Exchange (CIX) (Badgett 14). The CIXallowed access to the Internet without the NSFNet’s restrictions for the first time. Commercial use of the Internet was finally possible. The next significant development for the Internet occurred on April 30, 1993,when CERN placed the software for the WWW in the public domain. Tim Berners-Leedeveloped the software at the European Laboratory for Particle Physics (Browne 10). Thesoftware, developed for use by high-energy physicists, was first used in 1989. In 1993 agroup of graduate students from the University of Illinois at Champaign-Urbana developedMosaic, a software package that used the WWW protocol. Mosaic used a graphical interface,much like Microsoft’s Windows, to present the Internet in a unique user-friendly fashion. Mosaic was a major factor in the explosion of business interest on the Internet because itmade the Internet accessible to inexperienced users. Many other browsers have evolved sinceMosaic’s development. These graphical-type interfaces appear to hold the future of theInternet. As business grows on the Internet, security is becoming one of the most importantconsiderations businesses must make. Businesses with computers connected to theInternet that contain files full of confidential data certainly would not want the public tohave access to these files. At the same time, they might want the public to have access toother parts of their systems. Another concern is hackers breaking into a system. Ifcomputers are connected to the Internet, a hacker may be able to find a way into it and dosuch things as vandalize the system and steal passwords (enabling them to log in as someoneelse). Businesses that offer services that require payment methods including credit cardtransactions also should be cautious. If these transactions are not somehow secured, hackerscan access the user’s account information. Recently, a hacker named Kevin Mitnick wasarrested for stealing 20,000 credit card numbers (Cooper 24). Another example of poorsecurity on the Internet is the United States Government. The Defense Department enlisted ateam of hackers to attempt to break into its computer network that is attached to theInternet. The hackers succeeded 88 percent of the time. Of even more concern is the factthat 96 percent of the hackers’ attempts were not detected. Hacking is apparently on therise. A recent Rand Corporation study revealed that there were three times as many hackingincidents in the first six months of last year than in the entire previous year (Hughes 10). Poor security can discourage potential customers from using the Internet as a source ofcommerce. Before setting up security systems, businesses should consider the following: Would you be better off offering credit transactions over a more securemedium, like the telephone? If you decide to offer online financial transactions, how much security do youwant to offer the customer? How valuable is the information on the computer system? Must the confidential data be accessible through the Internet? Who do you want to access the information? Who do you not want to access the information? The way that information flows through the Internet makes it very susceptible tosecurity problems. The TCP/IP packets flow through many different nodes on the way totheir intended destination. Any of these mid-points can be the source of a security breech. This can cause concerns for both businesses and their customers. A business should take the
same precautions for Internet security as it does for any internal control. For example, fewbusinesses would leave customers’ credit card slips out in the open. At the same time, abusiness’s
customers want to make sure that their sensitive information is being handledresponsibly. Mastercard and Visa, as well as many other large corporations, have endorsedSecure Sockets Layer (SSL) for financial transactions (Siyan 7). SSL uses a three-partprocess. First, information is encrypted, which prevents unauthorized access. Second, theinformation is authenticated, which makes sure that the information is being sent andreceived by the correct computers. Finally, SSL provides message integrity, which preventsthe information from being altered during interchanges between the two computers. SSL is based on a two-key encryption system. A customer submits a request topurchase merchandise over the Internet. The company responds with a “public key” thatthe customer’s computer uses to encrypt sensitive information. The information is sent tothe company, which then uses a “private key” to decrypt the information. The process isinvisible to the customer, so it is very easy to use. Imagine a locked chest that contains amailbox. Customers are to place checks in the mailbox, but shouldn’t be able to remove othercustomer’s checks. A business would give customers a “public key” that could open the chestso that they could deposit their checks. The company would have the only key that could openthe mailbox inside the chest, the “private key.” Netscape Communications Corp., recently developed Secure Courier, which usesSSL to allow financial data to be transmitted in a secure digital “envelope.” Information isencrypted from the time it leaves the user’s computer until it reaches the financialinstitution. This ensures that only the financial institution will have access to theinputted financial information. Secure Courier also can verify the authenticity of inputted financial accountinformation. Before the development of Secure Courier, an unscrupulous business couldsteal credit information just as easily as a hacker. Customers did not have the confidencethat their financial information would fall into the right hands and be used appropriately. Secure Courier is based on a specification that Visa and Mastercard have developed foronline commerce. With the newness of the Internet, one of the biggest concerns is making thecustomer feel comfortable using financial information. It is understandable that manypotential customers will have reservations about sending sensitive information over anunfamiliar medium. With large corporations such as Visa and Mastercard endorsing SecureCourier, customers now can be more confident that their financial information will besecured. Financial transaction security is the biggest concern for businesses that offerproducts or services over the Internet. Firewalls deal with security within anorganization’s information network. Firewalls can be thought of as a security guardmonitoring all traffic in and out of a network. A firewall allows a business to specify thelevel of access that will be afforded to network users. An example of this is “anonymous”FTP. An Internet site can set up an FTP site that allows any outside user to access files atthe site. This FTP site will allow users to access files, but only at the lowest level ofsecurity. Anonymous FTP is very useful to companies that wish to place documentation in thepublic domain. It also can be used to allow users to download software. The Internet offers a multitude of possibilities for businesses. With its huge andquickly growing audience, the Internet provides a way to offer information, accessinformation and transfer information. While the Internet, in many cases, can be a giant leapfor businesses, some important points must be considered: An Internet site must be advertised for people to be able to find it. Users may be concerned with security. Setting up a business on the Internet requires some technical knowledge. Businesses must determine their own needs as well as the needs of thecustomer. Simply setting up a site on the Internet does not guarantee success. There are many different ways to connect to the Internet. These include dial-upaccounts, Serial Line Interface Protocol (SLIP) or Point to Point Protocol (PPP), anddirect connections through leased lines. Choosing a connection is like buying a car. You want something affordable thatwill accommodate all members of the family. Keep in mind, though, that each familymember does not need his or her own stereo controls. Overdoing it can get expensive, and cancut into the value that the Internet can add to a business. Other things to consider aresecurity, reliability, performance and customer support. The last thing you need is aconnection that is frequently down with no customer service to help you out. Finally, youmight want to make sure the provider has a local dial-up number. If not, long distancecharges can add up. By answering the above questions, a business can determine which type ofconnection best suits it. A dial-up account provides an inexpensive (about $10 a month per account)connection to an Internet access provider (Manager 3). Dial-up accounts, also known as UNIXshell accounts, are not direct connections to the Internet, so speed is sacrificed to anextent. Also, each connection requires a separate account, so if you have many employeesthat need to be connected simultaneously, this option can get expensive. Many of theseaccounts contain many features of the Internet such as telnet, Archie, Usenet, e- mail,gopher, WWW and FTP. An inexperienced user may find this type of connection difficult andconfusing because the applications typically must be run through UNIX. Another disadvantageof dial-up accounts is that everything must be done on line. For example, to compose ane-mail message, a user first must log in to the system. This can become very time consumingand inconvenient. While a little more costly (about $30 a month per account), a SLIP/PPPconnection will allow a business’s computer to communicate using the TCP/IP protocol(Manager 3). With this connection, many tasks can be performed simultaneously. Forexample, you can send e-mail while downloading a program from an FTP site. SLIP/PPPalso supports World Wide Web browsers such as Netscape and Mosaic. These interfacesallow point-and-click mouse control and provide pictures, sounds and movies in addition totext. Unlike a dial-up account, the user can perform some tasks off-line, such as composinge-mail messages. Most dial-up SLIP/PPP accounts require that the user actually stay on thecomputer during the connection. To have a full-time connection, regardless of whether anyoneis using the computer, a dedicated SLIP/PPP account may be established. This option is moreexpensive (about $300 to set up and $80 per month), and it assigns a certain number of IPaddresses for a network. Software such as Trumpet Winsock can be used to establish theSLIP/PPP connection. The user must dial the server’s phone number and enter a user name andpassword. A modem at the server’s location picks up the signal and connects to a “black box”that routes the information typed from the user’s computer to the Internet by using an IProuter. Leased-line connections are the best option for businesses that want to providelarge amounts of information and allow many employees to access the Internet. Thisoption also provides a much faster connection with either a 56 kilobyte line, a T1 lineoperating at speeds up to 1.5 megabits per second (or about 100 times faster than a 14, 400baud modem) or a T3 line that goes up to 357 megabits per second (Manager 5). The morespeed, the more expensive it gets. A business should decide what it can afford and what ispractical for its purposes. As a rule of thumb, high speed connections are worth it iftransmitted data exceeds one gigabyte a day. It is also worthwhile if speed is a majorconcern, for example the quick transmission of important documents. A dedicated T1connection costs anywhere from $1,000 to $6,000 to have it set up, and about $1,000 permonth thereafter. This provides many more IP addresses for a network than a SLIP/PPPconnection. Set-up and monthly fees for a 56K connection are about half as much as a T1connection. This option also allows for a greater number of IP addresses. For many businesses today, the Internet is the correct medium to conduct business. With limited cost and world wide exposure, a company can t go wrong. The speed thatthe Internet has to offer will make even the most impatient manger smile with satisfaction.As long as a business chooses the correct connection as well as sets up some common security stops, the Internet experience should prove to be a rewarding and profitable venture. WorksCitedBadgett, Tom. Welcome to– Internet : From Mystery To Mastery. New York, N.Y. : MIS Press, 1993. Baker, Steven. The Evolving Internet Backbone; History of the Internet Computer Network , Unix review, Septemeber 1993, 15-21. Cheswick, William R., and Steven M. Bellovin, Firewalls and Internet Security : Repelling the Wily Hacker. Reading, Mass. : Addison-Wesley, c1994. Cooper, Fredric J. Implementing Internet Security. Indianapolis, Ind. : New Riders Pub., 1995. Cronin, Mary J. Global Advantage On the Internet : From Corporate Connectivity to International Competitiveness. New York : Van Nostrand Reinhold, 1996. Fisher, Sharon. Riding the Internet Highway. Carmel, Ind. : New Riders Pub., 1993. Hughes, Larry J. Actually Useful Internet Security Techniques. Indianapolis, Ind. : New Riders Pub., 1995. Kahin, Brian, and James Keller. Public Access to the Internet. Cambridge, Mass. : MIT Press, 1995. Lent, Max, Government Online. New York : HarperPerennial, 1995. Liu, Cricket. Managing Internet Information Services. Sebastopol, CA: O’Reilly & Associates, 1994. Manger, Jason J. The Essential Internet Information Guide. New York : McGraw-Hill, 1995. Siyan, Karanjit. Internet Firewalls and Network Security. Indianapolis, Ind. : New Riders Pub., 1995.