Reflections

The internet is one of the fastest growth markets of all. The presence of companies on the Internet is taken for granted and is of central importance for companies in order to offer, market and sell their goods. There are also a variety of services that are offered on the Internet. Social media, banking services and medical appointments are just a few of the many aspects that take place in cyberspace.

Since “for every action to store, secure, and use data, there is an equal or greater reaction to steal data ”(Vansyckel, 2018), the security of both users and providers must be made possible. A legal framework for the responsibility of companies towards their customers on the Internet is defined in Europe by the General Data Protection Regulation (GDPR). However, companies are not only obliged to protect the information of their customers because of the law. Cyber security is also to be considered under the aspect of ethical responsibilities. A cyber breach can cause damage at various levels of actors, on the private, corporate, but also on the national or even international level.

Basically, it must first be stated that there is no absolute protection against a cyber breach (Vansyckle, 2018). However, general approaches can be identified that contribute to a secure cyber space. This includes the no trust and minimise risk approaches, as well as the CIA triangle. In order to become aware of cyber attacks, it makes sense to first determine which possibilities occurred in the past. The STRIDE method helps here. The abbreviation stands for spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege.3

With the help of the Unified Modeling Language (UML), complex cyber threats can be reduced to simple aspects. This is useful to convey potential threats to people in companies who do not have in-depth knowledge of programming and / or cyber security. Attack and protection trees are ideal for examining systems with regard to their vulnerabilities. Hazard potentials and an assessment of their potential damage can be categorized using the threat risk assessment matrix. Use case or abuse case diagrams can be used to show intentional or avoidable behavior by, for example, users, administrators or hackers in order to show the respective perspective. Class diagrams, on the other hand, show assignments and structures. They can be used to visualize the function of programs. Sequence diagrams show potential weak points in systems.

The Institute of Electrical and Electronics Engineers (IEEE) has published 10 guidelines for security design, these are:

• Earn or give, but never assume trust.
• Use an authentication mechanism that cannot be compromised.
• Authorize after you authenticate.
• Ensure all data are explicitly validated.
• Use cryptography correctly.
• Identify sensitive data and mechanism to handle.
• Users must always be considered.
• Understand the effects of changes to integrating external components and attack surface.
• Flexibility required when changing objects and actors.
• Separate data and control instructions; never process control instructions received from untrusted sources.

(Arce et al., 2014)

Firewalls are used to secure individual end devices (e.g. computers) and local area networks LAN. These are divided into personal firewalls and network firewalls. While personal firewalls protect an end device, the task of network firewalls is to protect against infiltration of the LAN (see Collaborative Discussion 2).

In addition to firewalls, there are fundamental aspects to be considered with regard to the structure of the LAN. Networks can experience greater protection through segmentation, since an infection does not affect the entire system, but only a limited part. This approach goes hand in hand with the “No Trust” approach, which is based on the fundamental assumption that every system is already potentially infected and therefore cannot be classified as trustworthy. This approach is very important as it takes into account one of the most important factors, the human factor.

Even if a system is optimally protected, it is still not completely secure. Because human error and mistakes are an option in all areas where humans play a role, also with regard to cyber security. As already noted with the STRIDE, access data can be inadvertently transmitted to the wrong person, be it through spoofing, tampering, information disclosure or elevation of privilege. As a result, tracking systems that log the course and usage behavior of the respective users are of great importance. With the help of it, weak points in the system can be identified and attackers can be traced back (based on the threat of repudiation). A sensible implementation in systems can therefore represent a "honey pot". This is understood to be a specially designed weak point in the system, which should appear particularly attractive to attackers, so that this point is preferentially infiltrated by a hacker. However, there is no system-relevant, meaningful or incorrect information in the “honey pot”. However, tracking software is implemented here, which records and can trace attacks. In this way, weak points are identified and, in the best case, the hacker can be found via the IP address.

Object-oriented programming (OOP) is a programming paradigm based on the concept of object-orientation. The basic idea is to align the architecture of software with the basic structures of that area of reality that affects the given application. A model of these structures is set up in the design phase. It contains information about the occurring objects and their abstractions, their types. Implementing this mindset requires the introduction of various concepts, especially classes, inheritance, polymorphism, and dynamic binding. Programs are written using programming languages. This includes python. In contrast to other programming languages that work with copmiler, Python is an interpreted language. This means that the source code runs and is executed via an interpreter. A program ultimately consists of variables, expressions and statements, as well as functions, conditions, iterations, lists, tuples, dictionaries, files, stacks, queses and classes. Databases can be used to manage data. SQL is a database language for defining data structures in relational databases as well as for processing and querying databases based on them. Databases and tables can be created and managed with the commands CREATE, SELECT, INSERT, UPDAE and DELETE. Access and authorization to change the database can be controlled with privileges. The privileges can be assigned at all levels of the database.

Internet applications include various components that are required for functional use and therefore also represent attack surfaces for potential cyber attacks. The components can be divided into hardware, the OS (operating system), the scripting language (depending on the server-side or client-side), the database and the http server. While the client-side scripting language differs little, different scripting languages such as Python, Java, C, C ++, PHP etc. are used on the server-side. Various software components can be combined and available as a single software or framework, Linux operating system (LAMP) or Windows operating system (WAMP).

The structure of a web application is the same regardless of the scripting languages used. The MVC Architecture can be used for this. MVC stands for Model, View, Controller. The Model defines database and updates data items. The View is changed by the updates.View defines user interface. The View is linked to user requests and the feedback sent back by the Controller. The Controller defines business logic and influences the model through data manipulation.

In addition to the hardcoded pages, development frames offer a set of features, functions and capabilities beyond the programming language. Frameworks can provide the ability to create a significant component of a system by a single command. One such development framework is Django, which is a high-level Python-based framework for rapid web application development. Other development frameworks are: Smarty, Yii and Zend.

The future of the Internet is shaped by better networking of end devices, which include devices for daily use. Under the aspect of the Internet of Things (IoT) and Internet of everything (IoE) we understand that vehicles, apartments and their furnishings can communicate via networks in order to provide a multitude of possibilities. Some examples are: autonomous driving, remote-controlled heating of buildings, intelligent refrigerators and kitchen appliances. Better planning of infrastructure and networking within and between cities, as well as the availability and provision of necessary resources such as water and electricity, can also be better coordinated by smart cities.

In order to realize many of the aspects, a new internet standard is needed, the 5G. This enables greater data transmission with a lower latency, which is a prerequisite for autonomous vehicles, for example. Since computers can be made smaller and smaller, the networking of the human circulation with sensors that monitor the activities has to be named with regard to medical progress. Under the aspect of the Internet of Nano Things (IoNT) with micro gateways and nanosenosors, human functions should be monitored in the future in order to be able to diagnose potential dangers to people at an early stage.

All of these possibilities go hand in hand with potential dangers from cyber attacks. Apartments can be monitored and break-ins can be planned based on electricity and water consumption, vehicles can be hacked and people can be monitored and spied on using IoNT.

Cyber security will therefore not only increase in importance in the future, but will also continue to diversify in terms of fields of application.