As the call for high-speed Internet and broadband is making waves among
enterprises, hackers and fraudsters are having a ball of a time finding exciting
opportunities to access vital documents in bandwidth-intensive unprotected
networks of organizations. The network, according to experts is no longer
delineating a physical network perimeter, people using the system-employees,
customers, and partners constitute the new boundaries.
It started as a joy ride on the cyber highway, but has turned into something
constituting more violence than could be easily accepted. Cyber criminals who
for financial and monetary gains feel no diffidence in exploiting network
vulnerabilities are now using the Web as one of the biggest areas of attack to
launch and spread into the mainstream. Although there are various security
solutions available today, but despite all promises, they are ineffective to
secure the varied vulnerabilities in the networks.
“By targeting CEOs, criminals are trying to gain access to larger bank
accounts, login credentials or email addresses to spam an entire organization,”
says Niraj Kaushik, country manager, Trend Micro, India and Saarc.
Moreover, an unsecured broadband connection provides a rattling opportunity
to cyberpunks who, with the help of efficacious software, can successfully hack
in to unearth account details, steal cash, use email for illegal means, and make
the system defunct for use.
“While virus attacks are becoming a common occurrence in all consumer
segments, data theft has emerged as a growing concern for enterprises. But for
an Internet user in common, the phishing, hacking, and online fraudulent
activities are becoming a menace,” says Venu Palakirti, sales director,
F-Secure, India & Saarc region.
The changing parameters have also opened up a new discourse for thinking
minds who believe that besides perimeter security, an enterprise has to deal
with application security if it has opened its wireless networks for its
workforce.
Changing Scenario
With the continuous rise in cellular subscriber base, the enterprises are
now jumping into the bandwagon of smart phones to keep their workforce
connected. Thereby the entire ecosystem of broadband security has matured into a
new silhouette where the path to designing the right solution starts with
recognizing the changing scenario of Web attacks and its impact on the security
needs for the organization.
|
|
“By targeting CEOs, criminals are trying to gain access to larger bank accounts, login credentials, or email addresses to spam an entire organization” Niraj Kaushik, country manager, Trend |
“There are concerns raised by middle and large enterprise on security threats through Wi-Fi LAN. And for the same we propose the 802.1X authentication in Wi-Fi LAN” PK Saji, VP, technology, Sify |
“This is particularly relevant to broadband, which is an 'always-on'
connection, which means that people can access your information even when you're
not surfing the Web,” says Col HS Bedi, CMD, Tulip Telecom.
According to recent findings on the state of the Internet by Akamai, the
trend of distributed denial of service (DDoS) attacks, continues to target
exploits that were identified years ago, suggesting there is still a significant
population of insufficiently patched systems connected to the Internet. Also,
enterprises, with various forms of security solutions may have the perception of
full protection, but they are not devoting proper attention to the wireless
devices that could lead to crucial information becoming available to outsiders.
Experts also believe that India's unsafe security environment could be
costing its BPO industry an estimated $500 mn annually.
This clearly indicates that many organizations are living in a false sense of
security, with none or lack of proper IT framework. And the dilemma is the way
in which cyberpunks work; it is difficult to nab them as they always keep
themselves ahead in this 'catch me if you can' game.
Also, with the lack of security framework, it is difficult to trace them as
they can operate from anywhere and everywhere. High-speed Internet connections
are more prone to attacks, as cyberpunks can use port scans to check if a user
is online; and hence can takeover the user's computer.
Wire-based networks offer an inbuilt component of security, as it requires
someone to physically tap into the communication medium to access data. It is
also noteworthy that physical tapping is more vulnerable to detection as
compared to tapping Wi-Fi/WiMax signals.
While the surfacing of new technologies certainly brings expediency and
flexibility, enterprises and individuals also need to be vigilant about the way
they transmit their precious information on these technologies.
|
|
“As enterprises look for AK Sekhar, CTO, YOU Telecom |
“When attackers run a port scan they're looking for ports that are open. They can see that there's a live computer at a certain IP address. And while dial-ups often connect using different IP addresses, broadband IP addresses are more likely to be static, which makes it easier for a hacker to penetrate” Vishal Dhupar, MD, Symantec India |
“Enterprises need to assume that they're not protected and provide the
security that enables them to interact and connect with the organization safely
and to have confidence in that connected experience is a must,” says R
Subramaniam, senior solution architect, Microsense.
The organizations are also finding it complicated to deal with the growing
number of known and unknown threats in a complex business environment where
endpoint costs are rising and the entire ecosystem of Internet security is
getting more and more multifarious.
“As network connectivity becomes more pervasive and bandwidth increases, the
spread of worms and viruses can happen at a faster pace, further compounding the
problem,” says Mahesh Gupta, business development manager, network security,
Cisco India & Saarc.
Surpassing Wired Networks
The emersion of wireless technologies such as Wi-Fi, WiMax, 3G, etc has
fashioned a new meaning to communication. With mobility as the foremost priority
among business users; WiMax and Wi-Fi technologies are expected to be very
popular and crucial for the penetration of broadband services in India.
As compared to dial-up users, broadband users, according to experts are
nearly five times more likely to be targeted, with attackers looking to hijack
the hosts to use as stepping stones for further attacks, for storage of illegal
copied software, and to launch new waves of spam mails. Although, a properly
secure wireless network could be a great asset and provide free mobility and
access at difficult points that are not easily reached by wireline networks.
“The organizations should not compromise on performance while going wireless.
Besides security, the productivity of performance should also be taken into
account while deploying any wireless solution,” says Balakrishnan Anantharaman,
country manager, Blue Coat, India.
To assure easier connectivity over air, enabling larger mobility for
professionals, the adoption of Wi-Fi has gained colossal recognition among
enterprises in recent years. However, it is interesting to note that a large
number of users are oblivious to the fact that they are actually transmitting
crucial information over the air, which can be effortlessly viewed by others.
“It is better to be safe than sorry, and in the dark world of security it
pays to be paranoid. Unless the CIO's get comfortable with the Wi-Fi technology
they must keep the Wi-Fi and wireline networks isolated from each other which is
a good rule to follow in any case,” says Rana Gupta, business head, Safenet,
India & Saarc.
While some experts believe that there is no risk to wireless connectivity if
one has a normal security plugged in the device, others are of the opinion that
the risk of Internet crime increases with the use of wireless connection.
|
|
“We would prefer wired network over wireless for our enterprise because of its reliability, speed, performance, scalability, and flexibility” Upendra Patel, Chief technology |
“Wireless networks with apposite security infrastructure and measures in place can become a much more valuable asset than a wireline network” Amuleek Bijral, country manager, RSA, |
Concerning wireless security, Amuleek Bijral, country manager, RSA, India and
Saarc, the security division of EMC, says, “In the plain vanilla format a
wireless network is prone to more kinds of attacks than wireline. But wireless
networks with apposite security infrastructure and measures in place can become
a much more valuable asset than a wireline network.”
Vulnerabilities of a wireless network were recently witnessed when terrorists
hacked the Wi-Fi network and sent terror mail to various media organizations in
the country. The initial investigations revealed that the attackers hacked the
Wi-Fi capacity of a college in Mumbai and sent the mail through remotely
accessed logs. On similar lines, the terrorists used an unprotected Wi-Fi
network of a US national at his Mumbai residence to send emails to various media
channels few minutes before the recent blasts in Ahmedabad.
The incidents visibly illustrate the high intensity of hackers who in order
to materialize their illegal objectives, can go to any extent. The cyber attacks
are now expected to cause maximum damage and there are various professional
tools being used by the criminals to fulfill their means.
“As wireless networking works by sending information over radio waves,
signals from it can easily be intercepted.”
Echoing similar insights, Captain Raghu Raman, CEO, Mahindra Special Services
Group (MSSG), says, “Attackers can easily exploit vulnerabilities in a wireless
network to hack into secure networks, if not monitored. It is important to
educate users on the use of wireless technologies such as Wi-Fi.” It is
therefore imperative for enterprises to first understand the benefits that
accrue to the organization by virtue of deploying wireless networks before
getting worried about security aspects.
“Wi-Fi and WiMax security, although looks good on paper, when it comes to
reality, it is not trustworthy. Wireless connectivity will take some more time
to gain confidence among masses,” says Ajay Masur, CIO, HIRCO.
Upendra Patel, CTO, eInfochips, says, “We would prefer wired network over
wireless for our enterprise because of its reliability, speed, performance,
scalability, and flexibility. Wireless can only be used optionally for indoor
use within the premises of LAN, confined to restricted usage for roaming users.”
It is indispensable for service providers and vendors to prevent the flaws
that exist in the system. Further, while the level of awareness is quite high in
large enterprises it is below par in SME's in India. The CIO fraternity strongly
believes that there is a critical need for an awareness drive to install
confidence about wireless security among customers.
“As enterprises look for integrated solutions, broadband security providers
have come up with a single application that can combine all these solutions in
addition to bandwidth and multiple ISP link management,” says AK Sekhar, CTO,
YOU Telecom.
The biggest challenge is to implement security without making technology
implementation complex, without generating too much administrative overheads,
and without compromising the security of information which is going to flow
across the enterprise.
“There is now more concern about Web 2.0 applications due to different types
of API's. These new interfaces are potential sources for emerging threats that
cannot be handled by earlier security measures. Nobody really knows what kinds
of vulnerabilities are created by these new APIs,” says Rama Subramanium, head,
systems engineering, Juniper Networks.
As the security architecture is being engrossed throughout enterprise- wide
systems, an enterprise requires diversity of expertise to administer security at
different levels. With servers and processors becoming more and more powerful,
the architecture will change to allow for several applications to run on virtual
machines on the same hardware server.
The Way Out
The growing wigwag of Internet security threats has initiated a plethora of
security concerns among enterprises. Banking on the new emplacement of
connectivity, escalating economy, lack of proper legal system, and unremitting
rise in Internet usage among enterprises and common users, cyber criminals are
eyeing India as one of the most beloved destinations for illegal activities. And
with increased HSPDA and Wi-Fi availability, mobility is becoming more feasible.
This combined with the Web 2.0 escalation there would be an appearance of new
applications, new APIs and, correspondingly, new security concerns.
In the current threat milieu, there are myriad ways in the form of cookies,
firewall, phishing, spam, spyware, Trojan horses, viruses, etc, through which a
hacker can monitor each and every step of an individual on the Web.
According to Prosenjeet Banerjee, head, global security services, HCL Comnet,
“The awareness level among many enterprises is still very low. Though wireless
adoption is to bring more openness among connectivity, confidential integrity of
the organization should not be compromised. Enterprises should be aware of what
they are getting into before deploying any solution or service.”
Although the industry has seen considerable improvement in the broadband
security segment during the last few years, there are various issues that need
to be resolve. Service providers, device vendors, and security vendors need to
work together to offer end-to-end secure solutions to customers, and to
exterminate insecure implementations.
“Essentially, ports are doors that an application goes through to communicate
through the Internet, so when attackers run a port scan they're looking for
ports that are open. They can see that there's a live computer at a certain IP
address. And while dial-ups often connect using different IP addresses,
broadband IP addresses are more likely to be static, which makes it easier for a
hacker to penetrate them,” says Dhupar, of Symantec India.
One has to move ahead with the technology and not limit them from using a new
technology. For a CIO or CTO, understanding the security concerns and
evaluations such as installing patches, employing firewalls, regular updates on
anti-virus solutions, use of intrusion detection systems, etc, can play a very
crucial role to safeguard the interests of an organization.
Given the cornucopia of wireless access devices coupled with competitive
prices and mobile work culture, the Internet security challenges are only going
to worsen. Wireless networks provide an easy accessibility to hackers who, for
instance, can park a car outside the campus or office and clasp into the
wireless network of the enterprise. While WEP encryption can protect the network
to an extent, other security measures such as 2factor authentication should be
employed to protect wireless networks.
Also, experts believe that protection of layers is important, as a solitary
breach could affect the entire network through cascading attacks. It is also
important to verify the mobile computing devices, data encryption through a
variety of encryption methodologies, and to have standard VPN solutions for the
wired world or optimized TCP/IP protocol for wireless networks before sending
any data.
To overcome various Internet security challenges enterprises need more
comprehensive policies and solutions that would be proactive rather than
reactive.
To effectively avoid disruptions caused by Internet security threats,
organizations must adopt end-to-end security solutions to address domains such
as network endpoints from attack, and network admission control and protection
from threats emerging from guest/non-corporate assets. In addition, content
security (for threats emerging from mail and Web) and configure management is
also pivotal.
“There are concerns raised by middle and large enterprise on security threats
through Wi-Fi LAN. And for the same we propose the 802.1 authentication in Wi-Fi
LAN, and hence don't allow any foreign devices to have access to the LAN,” says
PK Saji, VP, technology, Sify Technologies.
Considering the variety of applications that an enterprise uses to accomplish
its business activities, a unified key management solution is very crucial. The
security concerns are dramatically rising, and, as organizations are going
digital, the security architecture is being engrossed throughout enterprise wide
systems.
Jatinder Singh
jatinders@cybermedia.co.in