Information Security History
This exhibit gives a history of the evolution of users, key technologies, threats, concerns, and security techniques in information security since 1960. Click on the links in the pre-web computing (1960s-'90s), open web (1990s-2000s), and mobile and cloud (2000s-future) section. What were the threats and concerns of each time period? How did security technology or techniques develop in response to those threats?
The Open Web (1990s-2000s)
Threats and Concerns
Threats and Concerns in the Open Web
As the Web opened its doors for eCommerce, one motivating security concern was whether and how users could safely provide credit card numbers and related information to sites across the Internet. As users connected to this new resource, they were also concerned about malware infiltrating their computers.
What were the threats and concerns?
Malware: Viruses, Trojan Horses, and Botnets
Malware proliferated, and it became expected practice (at least on Microsoft Windows platforms) that scanning programs with current signature subscriptions should be installed and running on users' machines as a defensive measure. Later in the era, it became increasingly common for attackers to infect users' machines with malware that enabled the attackers to control the infected systems, not only compromising their sensitive information but also assembling victims into botnets to attack other targets.
Users became concerned that their financial or other personal information would be stolen from them, enabling miscreants to impersonate them. Beginning in 2002, U.S. states enact laws requiring detected security breaches to be disclosed.
Phishing and Social Engineering
Users were misled into accessing impostor sites that appear like legitimate sites but are actually malicious. Initially, this was most commonly achieved via links sent in email messages. Site names may confuse users by appearing similar to those of sites they intend to access.
Government Control of Cryptography
In the security community, there were major debates through the 1990s about use, strength, and export of cryptography, a fundamental building block for distributed security, as the campaign button suggests. Participants included Government officials, technology developers, and an emerging cypherpunk movement. In 2000, US restrictions on export of cryptographic technology were relaxed significantly.
Remote Command Security
The Internet's early Telnet protocol was widely used for login sessions to remote systems, but transferred passwords and other data without encryption. Increasingly, and particularly for remote server management, the newer Secure Shell (SSH) protocol supplanted its use.