INFORMATION SAFETY IN THE INTERNET

	Introduction With the development of science and technology for business, marketing, advertisement and communications, not only in Russia the importance of the global InterNet grows. Developed in the Pentagon military space complex, the Internet communications network was initially intended solely for military purposes. In 1969, after introduction of the Internet as an experimental model in the United States research institutions in order to ensure high-speed communication between the computers of local network, there appeared a unified global technology development project. This technology could provide connection of computers worldwide which are not actually attached to each other. At the same time, a special Transmission Control Protocol (TCP/IP) was developed for a general hypertext system, WWW (World Wide Web), and high-speed long-distance data transmission technology. Thereafter, applied layer transport protocols, FTP and TELNET were created. Beginning from 1993, mass clients start to gain Internet access through the On-line Internet Providers. Currently, according to various opinions, the Internet has about 100 million clients. According to the data of the Input Macroeconomic Institute, before the start of 2000, the Internet will have at least 250 million clients. (Computer Zeitung, 05.10.1999, p. 9). As the Web-technologies gradually develop, there appeared a brand new method of holding virtual business conferences, entering into agreements, closing transactions, providing pay services, and clearing settlements through credit cards between actual counterparts. Since the Internet resources can be directly involved in business, a number of issues related to the safety of information resources transmitted long distances through e-mail and Internet teleconference programs (Internet Chat Relay - IRC) inevitably arise. They are engineering and legal issues, as in order to protect clients from computer espionage, it is necessary not only to ensure program safety of commercial data within the Internet, but to create statutory guarantees of Datenhighway legal protection as well. The most recent example of the topicality of this problem in Western practices is the case of an employee of a German computer service company, who got into the local network of Commerzbank International S.A., Luxemburg, from his office, took the bank's commercial data (account numbers, names, cash amounts of bank clients) and claimed one million from the bank, since the information had to do with certain methods of reducing tax payments of its clients (Datenklau trifft Anleger, 28.08.1995, p. 1). Russia knows V. Levin's case, who penetrated the City Bank's electronic system of bank transfers through the Internet and by more than 40 money transfers tried to transfer 10 million dollars to the accounts of false Russian, German, Dutch, Finnish, American, Israel and Swiss banks (Russische Hacker, Suddeutsche Zeitung, 21.08.1995). Russian laws related to information space is not noted for abundant regulatory activities. There is no single law in Russia directly referring to relations connected with the use of the Internet. An entrepreneur has to take care of certain arrangements to ensure computer safety all by himself. Therefore, we would like to point out some technical opportunities of data protection software to protect the data transmitted through the InterNet and IntraNet communication networks:
	Program codes which enable us to read financial communications only if the applicable deblocking code is available to unpack the data packet (Public Key, Private Key). As you know, any voice or text information can be digitized, i.e. converted into digital language, and it can be transformed back into sound or text only if the respective code is available (Secret Key, 128-Bit-IDEA code, 40-Bit-RSA code). One of the recent widely spread ciphering programs in the West is - PGP (Pretty Good Privacy) ciphering program. Today no case of deciphering the PGP ciphered data is known. As Director of the National Security Agency W. Crowell noted, "If you make all PCs worldwide (260 million) work on a single PGP-ciphered communication, deciphering of such communication will averagely take 12 million times more time than the age of the universe (Computer Zeitung, 05.04.1998, p.4). In Russia, the issues related to information ciphering programs are governed by the Ordinance No. 334 of the President of the Russian Federation dated April 3, 1995 "On the Measures to Maintain the Rule of Law in the Sphere of Development, Production, Sales and Operation of Ciphering Means, and Providing Services related to Ciphering of Information". Pursuant to the President's Ordinance, no production, application and spreading of the ciphering programs shall be allowed without state license. The ciphering programs are under an entire monopoly of a state and special services. The PGP program is banned. The use of program codes does not always provide a good protection. In Western practices, there were some cases when in order to obtain information on a client of a credit institution computer profies sent them a letter from a "central representative office" or a bank notifying them of an error of the provided code. In response, a "new" credit card PIN-code would be issued. Thereafter, the bank's client would find that all cash moneys had been withdrawn from his account. Then it would be quite difficult to prove that it was not the client himself who withdrew the moneys from the account.
	Basic Authentification Service In this case information transfer safety is ensured as follows: Network owner (Internet provider) gives his client an identification name (account) with the possibility of entering his own password necessary for access to the network. Though, it is rather a warranty measure, since the InterNet provider himself has direct access to the information available on the server.
	Network Protocols Of late, special transport SSL and PCT protocols (Connection Security) came into use, which cipher the contents of the text or voice dialogue after a short contact with the InterNet provider.
	Software tools, Web-browsers Web-browser is a WWW-pages' scanning program. The Internet Explorer or Netscape Communications can provide various protection levels against computer viruses and Internet spy programs ("Trojan Horses"). They are submitted to the Internet to the client's address during the on-line work mode, copy all the data from the hard disc and imperceptibly leave the operating system upon completion of the Internet connection. Web-browser is not reliable though, since major Web-browser producers, Microsoft and Netscape, have intentionally left some gaps in provision of information safety. Thus, in the event of modem connection through CompuServer MSN (Microsoft Network) a remote Microsoft computer obtains the direct opportunity to prompt within the on-line mode an individual user's hard disc information. ActiveX-Program library of the Internet Explorer's browser allows - as "cool websites" to invite "controllers" from the Internet in the form of amusing "toys". Through programs built into system files, they can serve as an open channel for industrial espionage through the Internet. Microsoft's reasoning: "Each Internet-Explorer user must clearly understand the risk related to the choice of programs from computer communication networks" (Thomas Baumgartner, Press Secretary, Microsoft, Schleusen geofnet, Spiegel 97, p. 7). The Microsoft's main competitor, Netscape, has also provided all people concerned with a lot of opportunities to obtain the required information. As you are aware, the IP address of the user who had visited certain Web sites can be determined through the so called Cookies electronic files. Computer profies use this opportunity in full in order to obtain information on credit card numbers and what not. Say, in Germany there was a case when an employee of a large German publishing house, using the Netscape's "Cookies" , copied about 700,000 e-mail addresses of the clients of the publishing house and was selling this information to his customers for 5 Pf. per offer (Computer Zeitung, 05.09.1996, p. 6). I cannot but mention that today business using local and corporate computer networks remains a risky way to transact business. According to the result of the research carried out by Ernst Young LLP, American analytical company, one US entrepreneur out of five, in whose activities the Internet is involved, has to face successful and unsuccessful attempts of unauthorized access to their local networks. According to a poll, about 12 % of companies incurred losses up to 1/4 million US dollars, and over 20 out of the 1300 respondents (entrepreneurs) incurred losses of over 1 million US dollars (Computer Zeitung, 30.11.1995, p. 2). According to the Federal Bureau of Investigation (FBI), about 85 % case of unauthorized access to computer networks remain unexposed, annual financial losses on the economic space of the USA amounting to about 7.4 billion US dollars (Open Computing Cover Story, Maxibit, 23.03.1996). Therefore, if an entrepreneur wants to ensure information safety, he should use the Internet communication channels only in the event that his local networks are provided with safe protection through InterNet filter controllers or protection screens (firewalls).