|
||
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: |
HARDLY ANY SECURITY - A CONCERN FOR INDIAN SITESSource: The Times of IndiaPosted on May 12, 2001 The hacking of the Indian Ministry of External Affairs website and the Infosys banking site, within a space of few hours on Monday, exposed the vulnerability and lack of awareness among the Indian organizations about the importance of a compact security system. Industry leaders admit that no website is permanently or 100 per cent hack-proof at any given time. But they don't seem to be doing much about it. Both the MEA and Infosys shut down their servers immediately after they discovered the defacing of their websites. Though Infosys maintained that it could plug the point of intrusion and rectify it by Monday evening, it had already caused sufficient damage to the company's security image. According to the company release, "a security loophole in the web server system has been identified as the point of intrusion." A spokesman of the company admitted: "There is no permanent solution for hacking. We use specific tools for preventing hacking. Yet hackers find some other way to intrude." Is hacking so easy ?"Yes," says, Milind Dikshit, head, security solutions practice, Bangalore Labs, provider of Internet security solutions. "The hackers identify open ports, which are areas susceptible to intrusion. The intruder writes a programme which penetrates them, and replaces the site's content with malicious information." Breaking into a site by cracking its password is a simple thing, an industry source says, pointing out that "almost all the passwords are English-based and there are not too many combinations to baffle the intruder." Companies in the West, where hacking is a more serious threat with Internet crimes occurring once in every 20 seconds, have developed several mechanisms to prevent hacking. Some companies have an advanced security mechanism that can employ 'decoys' at various patterns as to distract the intruder with misinformation and even help the owners catch the culprit red-handed. However, there is not much awareness in India about security, feel the experts. "Hardly 20 per cent of the companies are security conscious," says Dikshit. Bangalore Labs has recently developed a security mechanism - vulnerability assessment - to demonstrate how susceptible companies' security systems are. "The companies need to have a security policy," says Atul Saran, managing director of Safescrypt, a city-based company focusing on providing security solutions to Net entities. However, having a one-time security policy in place is not enough, he says, adding, they need to monitor it regularly through audits and other means "since it is always a one-up situation with the hackers." Even with the numerous cases of hacking, you do not find many firms lodging a complaint with the authorities concerned. But why? "Two reasons," says an industry source. "First, hacking is not defacing one's website, it's rather defacing of one's brand image. Second, till now there is no efficient mechanism in the world either at the government or the industry level to prevent hacking." The government incorporated the IT law only in October last.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
ALERT WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |