Great development and work have already been done in the Internet security field, taking us to a very high level of complexity and/or sophisticated products, but what I find interesting to mention is that some basic and fundamental features of Internet transactions have to be included in and/or verified by the product we are to develop and/or acquire. Many other important characteristics of an electronic transaction could also be mentioned here, but I would like to emphasize the following ones: integrity, authenticity and confidentiality, which I think have to be gathered together and added to the group of the most wanted characteristics in an Internet safe connection.

INTEGRITY is directly related to the verification performed by the Internet security system against any kind of data loss, modification and/or damage, which may be caused by intentional or casual reasons, such as prejudicial actions of hackers or normal electrical interference during data transference. Thus, according to what was previously stated above, the Internet security system is expected to assure that data is being received exactly the same way it was delivered at the other side of the connection.

Regardless of the original cause of losing data integrity, this loss will certainly be catastrophic in many ways. System analysts and netware administrators would surely say that besides resulting one of the greatest cost and time consumption operation to analyze and recover the proper and original status of the system, such modification in the data content may cause errors during the data processing, which will lead us to improper and imprecise results.

Data integrity may be affected without being noticed during storage or transmission, ie. data may be altered due to inadequate access controls while located in one system, being then sent without any problem detection to the other end of the connection. Another fact to be considered is the possibility of having data being intercepted during its transference, putting its integrity and/or confidentiality in doubt. This problem may be easily found in Web transactions, e-mail services and file downloading, among many other examples that might be mentioned here.

Unix routines, specially those ones that are executed during system start-up, frequently access shared common libraries and/or files while being executed. There comes the point in which many of the hackers techniques may affect system security, due to the fact that those shared libraries and/or files may have been substituted and/or altered to provide the system invader any kind of illegal advantage. So, it should be mandatory to an Internet security system to verify and guarantee shared libraries and/or files integrity to deal with this peculiar item of vulnerability.

Fortunatelly, a great variety of tools have already been designed and constructed in order to verify the integrity of common files and/or libraries in the system, being even able to detect and notify netware administrators and/or system analysts about the presence of a hacker interference and/or problems with data integrity symptoms. Such tools basically detect non-authorized and/or unexpected data modification on those specific parts of the system.

We might be able to say that there is a good level of protection to data integrity inside a local net system, if we consider local transactions only, as it is quite understandable that we minimize the risks of external interference. But still we must not forget the possibility of having had loss of data integrity before information has entered our local system.

AUTHENTICITY verification is directly related to the procedures the security system performs in order to establish how and where the data package was created, thus trying to assure the message or data received was really originated where it says it is coming from and sent by the one mentioned on its label.

The organization and coordenation of operations in a net connection are ruled by protocols - or a group of them, which may unfortunately add some problems as far as system security is concerned. The most common group of protocols used in Internet transactions is the TCP/IP.

An important thing to be pointed out by now is that TCP/IP has an inherent characteristic that makes it quite simple to provide false identification about a connecting machine to the host in order to obtain access to the systems it holds. This technique, known as 'IP spoofing' interferes in the way a client-server connection is established. The whole process is a little bit more complicated, but let's keep it simple by now. Though some steps of the IP spoofing process are quite hard to be manually accomplished, there are some specific tools specially designed for that purpose that can execute it successfully in less than 20 seconds. Though IP spoofing is extremely dangerous to Internet security, it is not that difficult to create some efficient protection against it.

Some security techniques, such as SSL, which stands for Secure Sockets Layer, include as part of their normal routines, procedures that try to provide some enhanced protection to lower layers of TCP/IP. Netscape SSL tries to protect all TCP/IP stack and provides a security structure in which application protocols may be executed safely. Actually, SSL gathers two protocols together. One specifically designed for real data transmission registry and other dedicated to handshake tasks, which supervises the duties to be accomplished, including authenticity and confidentiality.

CONFIDENTIALITY is directly related to privacy, which means messages and data should only be shared by the sender and its respective receiver, but unfortunately (again!) TCP/IP has its own deficiencies. It is not able to guarantee data confidentiality while it flows in the system.

This occurs due to the fact that one of the basic TPC/IP protocols characteristics - remember we are talking about a group of protocols involved in an Internet connection, allows one specific equipment to monitor all data flow in the netware it is connected to, regardless data final destination. This can easily lead us to logins and passwords deviation during a telnet session, for instance.

Data interception during a home-banking, commercial or even a personal transaction may result in serious hazards and this kind of interference is easily observed in e-mail operations, Web commercial transactions and many other important data exchange.

Data flow cryptography is largely being used, researched and improved in order to assure greater security levels in Internet transactions. Such systems use long sequences of characters and complex algorithms to encode and decode information exchanged between computers with the appropriate application installed.

Many security solutions are being designed and studied in-depth, but the most appropriate ones will certainly be integrated to the technical structure of Internet applications without degradation of their performance, thus providing us adequate levels of authenticity, integrity and confidentiality.