S 2.459 Overview of Internet services

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Head of IT, Specialists Responsible, IT Security Officer

The Internet is a world-wide computer network which provides an infrastructure in which various services can be offered and used. Two of the most important and oldest services are the World Wide Web and e-mail. In addition, there is a large number of other services. The most important and most popular Internet services include:

World Wide Web (WWW)

The WWW was developed as a hypertext system in which distributed information is linked to each other. Web browsers can be used to access the information. Links allow navigation from term to term or from document to document. The WWW offers various types of information such as text, images, graphics, applications, games, sounds, and videos on a world-wide level. In addition to obtaining information in a time-saving manner, private users and organisations can use the WWW to represent themselves, publish their own publications, and offer services. However, it must always be assumed that some of the information may be incorrect. Moreover, there is a risk of malware being spread via the websites which, for example, intercepts or forges sensitive data.

E-mail

E-mail is used for world-wide transmission of electronic messages from a sender to numerous recipients. In this context, unencrypted and unsigned e-mails can be compared to a post card as their content is transmitted openly and can therefore be relatively easily modified. E-mail is one of the frequently used ways for spreading malware.

Discussion forum/Internet forum

In most cases, an Internet forum is a website which is dedicated to a particular subject and where anyone interested can post, reply to or read contributions on this subject. Many Internet forums require the users to log in or register before they are allowed to participate in the forum. The behaviour in a forum is determined by the forum netiquette, i.e. the codes of conduct specified by the operators of the forum. Users who do not abide by the forum rules can be banned by the administrators of the forum. The posts in Internet forums usually remain available for reading for a long time. Among other things, discussion forums can be misused by deliberately publishing incorrect information or abusive posts. The option to include links in the posts, for example, in order to refer to additional information is often used to link to websites containing malware.

News servers/net news

News servers can be used to exchange and access net news. News groups allow like-minded people to communicate with each other on a world-wide level. Depending on the intention, they are used to find information on certain subjects or help in solving problems. The news groups are used to organise the subjects and to provide them with a systematic structure of enquiries and replies.

News is usually subscribed to. However, there is no authority to verify or approve the subscribers, making it possible for anybody to participate, also anonymously or with a false identity. To read news, it can be stored locally or retrieved from a news server. Depending on the subject area and the news found, local storage requires large amounts of storage space but on the other hand can speed up work and in particular full-text search.

Chat

Chatting refers to the synchronous exchange between two to several communication partners via the Internet in real time. Popular Internet versions are Internet Relay Chat (IRC), Webchat and Instant Messaging. Chats are often operated in public chat rooms of a chat provider. Many chats require previous registration, although in most cases the users can freely choose their identity. For this reason, there are chats which are only open to a particular group of participants, and participation is not possible without previous registration or approval by an administrator. It is also possible to disclose the chat URL only to a particular user group or to establish private areas within a chat to limit misuse by unauthorised persons. In addition, an administrator can monitor the posts, caution users, and ban them from the chat. The posts can be logged in their entirety.

Blog/web log

A blog is a diary which is published on a website and is available to a restricted group of readers or to the general public. The term web log, or blog for short, is derived from the words World Wide Web and log. A blog is used by private individuals or persons commissioned by an organisation to report their experiences in life or aspects of a particular subject. Depending on the settings selected by the person responsible for the blog, each entry can be commented on and discussed by readers.

Under certain circumstances, blog entries may have a wide distribution and be archived for a long time. As they reflect opinions, it should be considered early on whether these are intended for the general public. If blogs are to be used for an organisation, a person in charge should be appointed who uploads and regularly maintains coordinated content. As comments and messages are not always necessarily positive, and the deletion of negative comments could be perceived as manipulation, it should be considered how the comment function should be handled.

Twitter

Twitter is a micro blogging service which can be used to publish short messages with a maximum length of 140 characters. Twitter is used to exchange information in real time. Many users use Twitter via mobile phone (anywhere, any time). Users are required to register, but the selected identity is usually not checked. Registered users can comment on and reply to posts. Unregistered users can only read posts. In addition to private individuals, organisations also provide information via Twitter.

Every post (tweet) can be marked with a keyword, the so-called hash tag, in order to be found quicker in a keyword search. The hash tag can also be used to analyse which subjects are particularly popular on Twitter. Security recommendations for Twitter can be found in S 5.156 Secure use of Twitter.

Online banking

Online banking is used to carry out bank transactions over the Internet. All transactions are carried out electronically with access to the corresponding bank computer. The access is either browser-based via the bank's website or carried out using a corresponding online banking application. An advantage for the users is that many bank transactions are not dependent on location and bank opening times.

The most significant risk in online banking is that attackers can access customer accounts. An attacker typically attempts to obtain authentication information, e.g. by means of phishing, or to divert the customers to manipulated websites, e.g. by means of Trojan horses.

Instant messaging

Instant messaging is a chat variant. In this variant two or more participants communicate via an instant messaging service. Instant messaging can be used as an cost-effective and quick alternative to telephone, text messages or e-mail. In addition to just text transmission, many services offer additional functions such as, for example, transmission of files or special chat channels. In an instant messaging session it is not necessarily required to read and to reply to messages immediately, although real-time interaction is possible.

The use of instant messaging requires registration, however, the details provided are normally not checked. The messenger ID, which can consist of a user name, messenger number or messenger ID, must first be communicated to potential communication partners. The communication partners are then added to a contact list. It is often also possible to communicate the user's status, for example, if he/she is absent, busy or particularly interested in a communication. In many instant messaging services the public status display can be switched off. Sent links should only be followed if it has been ensured that the link was sent by the known communication partner and that it does not lead to malware. Likewise, a file that was sent without being requested should not be opened.

A major disadvantage when using instant messengers is that there are various providers that use different protocols. Potential communication partners must ensure that they use the same system in order to be able to communicate with each other.

Internet telephony

Internet telephony or IP telephony refers to voice transmission via public IP networks, especially the Internet. The application scenarios for voice transmission via IP networks vary and different security requirements apply accordingly (see S 4.7 VoIP for more information on this) Internet telephony is a variant of Voice over IP (VoIP).

Softphones can be used for Internet telephony, which are usually registered using central directors in a similar way to messaging services. Compact and economical VoIP gateways allowing for the use of Internet telephony services on conventional telephones are becoming increasingly popular. In addition, there are special end devices for Internet telephony (hardphones). For Internet telephony, the IT system used as a gateway must be switched on and connected to the Internet. In addition, instant messaging systems and mobile devices can be integrated.

Skype

Skype is a software for Internet telephony with instant messaging functionality. For example, Skype can be used to make phone calls, to transfer data, or to hold video conferences.

As soon as the communication partners go online with their computer, they can be reached under their Skype number. Therefore, in order to be permanently available, the computer would need to be running all the time. In case of a failure of the Skype provider, the use of Skype becomes entirely impossible.

Social networks

Social networks are platforms made available on the web which are used for communication and exchange of data between the users. Depending on the orientation of the platform, in addition to personal data, pictures can be uploaded there and different applications can be used. The content is the responsibility of the users themselves.

The identity used in a social network can be fictitious, used incorrectly, or created by an unauthorised person without the knowledge of the actual owner. The networking of the users results from the social interactions between the users and is stored in the software database using special platform functions.

Security recommendations for use of social networks can be found in S 5.157 Secure use of social networks.

Internet television/web TV

Internet television refers to the transmission of television programmes and films as broadband applications via the Internet. Internet television does not guarantee any transmission quality. The quality is solely determined by the user's Internet access and the corresponding end device.

In addition, there are also services in the Internet which allow recording of television programmes. The recorded programme can either be downloaded as a video file or viewed directly in the browser window.

Internet radio/web radio

The internet-based offer of radio programmes is also referred to as Internet or web radio. Transmission usually takes place as streaming audio the use of which requires corresponding software. Many stations use this type of alternative transmission in order to reach listeners who cannot receive the corresponding program via satellite or terrestrial means.

The reception of web radio offers is not restricted to PCs connected to the Internet. Web radio receivers which are connected to the Internet via a router can also be used for this purpose as well as numerous other devices (mobile phones, games consoles).

Web storage space

Web storage space (also referred to as online hard drives) can be used to store information in the Internet. Various IT systems can be used to access the stored information. For example, a user can access the information from different IT systems or share the information with other users. In order to use web storage space, the users are generally required to register. Depending on the service used, it may be necessary to install an application on the user's IT system to be able to use the web storage space like a local drive (hence the name online drive). Some services support open standards such as WebDAV (Web-based Distributed Authoring and Versioning) which are supported by many operating systems without the need to install additional applications. In general, web applications can also be used to access the information. Folders must be explicitly released for other users or are reserved for this purpose ("public folder").

If the password usually required for authentication is known to thirds parties, then they will be able to access all stored information.

Web shops

Web shops are used to purchase products. Web shops can often be accessed via the World Wide Web. Using a browser, goods are selected, placed in a virtual shopping card, and then ordered.

With mobile end devices in particular, additional applications can be selected directly via a separate application and installed on the end device. If an attacker succeeds in offering a software containing malware to the users in web shops or modifying the software during transfer he/she can compromise the user's IT system.

Security aspects

Examples of some typical security aspects in connection with Internet services are listed in the following: