E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.		 LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


"DRIVE-BY" HACKING A REAL THREAT

Source: ZDNet UK

Posted on November 23, 2001

      Wireless networks are vulnerable to hacking - layers of security may be the best defence

      X-Force -- an Internet Security Systems anti-hacking team -- takes its job very seriously, even taking to the streets of Sydney for security threat analysis in the form of 'drive-by hacking'.

      A recent analysis conducted by the X-Force team in Australia tested the security of wireless networks operating within Pitt St, Sydney -- a major retail and business centre.

      The team discovered 12 wireless networks that were easily accessible and vulnerable to hacking.

      According to Kim Duffy, managing director, ISS, this type of test is a regular one for the X-Force team, and known in security circles as 'drive-by hacking'.

      Armed with the appropriate knowledge, tools of the trade and access to technologies, it is quite easy to hack into certain wireless networks without leaving the comfort of your vehicle.

      "You can wander along the street, see a target and try to penetrate their network, all without leaving your car," said Duffy.

      'Drive by hacking' is just one form of threat analysis conducted by X-Force for companies within Australia, and around the world. Based in Atlanta, and working with organizations such as the FBI and Interpol, as well as Queensland-based Australian Computer Emergency Response Team (AusCERT), X-Force is designed to expose vulnerabilities and security flaws before hackers have a chance to exploit, or expose these.

      X-Force offers two main types of threat analysis and security testing;

      Vulnerability assessment: Reviews procedures already in place, from policy level through to enactment. Penetration testing: The next level, which exposes weaknesses and potential areas of malicious penetration.

      A recent KMPG survey outlined the need for organizations to develop, and install, security solutions. According to the survey, 41 percent of 500 executives within multinational companies believe their company is susceptible to a serious security breach. Of this number, 60 percent believe that it can be solved with technology.

      Duffy believes that businesses continue to underestimate security as an issue for businesses working in the online space. While larger organizations are beginning to spend more money on ensuring the security of networks and systems, according to Duffy, they are not always successful.

      "We have seen some terrible (cases of poor security)," said Duffy. "There are some organizations where at administrator level, they still have their passwords set at 'password' (the system default)."

      This often happens at the "engine room level", because the technical staff believe "they are in control and therefore, they are safe", said Duffy. Another common belief in organizations is that one type, or level, of security is enough.

      "Some of these organizations are of the view (that) you just put in a firewall and you are safe," claimed Duffy. "But a firewall is like having a front gate but not having a fence."

      Layering security for maximum defence Duffy believes effective security involves layers of defence and offers the following layers as an example of a secure system.

      First level is the perimeter defence which should involve a firewall and/or authentication system. The second level involves intrusion detection, allowing administrators to recognize and track intruders.

      The third level relates to server security and involves scanning devices, active blocking and the like.

      Duffy added that PC-protection or desktop security -- in the form of authentication, scanning devices, and antivirus software -- is another element which should not be ignored. According to Duffy, another "area of defence" involves e-business. Organizations communicating or transacting over the Internet are exposed to the vulnerabilities present in the networks of their business partners.

      "You can have the best security system in place, but the minute you work with another company, you are vulnerable to their security measures...a chain is only as strong as the weakest link," said Duffy.

      The emergence of security auditing and certification is assisting in business partnerships by easing these concerns.



CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.