Print

Comment

Email

Digg

Del.icio.us

Reddit

As the call for high-speed Internet and broadband is making waves among enterprises, hackers and fraudsters are having a ball of a time finding exciting opportunities to access vital documents in bandwidth-intensive unprotected networks of organizations. The network, according to experts is no longer delineating a physical network perimeter, people using the system-employees, customers, and partners constitute the new boundaries.

It started as a joy ride on the cyber highway, but has turned into something constituting more violence than could be easily accepted. Cyber criminals who for financial and monetary gains feel no diffidence in exploiting network vulnerabilities are now using the Web as one of the biggest areas of attack to launch and spread into the mainstream. Although there are various security solutions available today, but despite all promises, they are ineffective to secure the varied vulnerabilities in the networks.

“By targeting CEOs, criminals are trying to gain access to larger bank accounts, login credentials or email addresses to spam an entire organization,” says Niraj Kaushik, country manager, Trend Micro, India and Saarc.

Moreover, an unsecured broadband connection provides a rattling opportunity to cyberpunks who, with the help of efficacious software, can successfully hack in to unearth account details, steal cash, use email for illegal means, and make the system defunct for use.

“While virus attacks are becoming a common occurrence in all consumer segments, data theft has emerged as a growing concern for enterprises. But for an Internet user in common, the phishing, hacking, and online fraudulent activities are becoming a menace,” says Venu Palakirti, sales director, F-Secure, India & Saarc region.

The changing parameters have also opened up a new discourse for thinking minds who believe that besides perimeter security, an enterprise has to deal with application security if it has opened its wireless networks for its workforce.

Changing Scenario
With the continuous rise in cellular subscriber base, the enterprises are now jumping into the bandwagon of smart phones to keep their workforce connected. Thereby the entire ecosystem of broadband security has matured into a new silhouette where the path to designing the right solution starts with recognizing the changing scenario of Web attacks and its impact on the security needs for the organization.

“This is particularly relevant to broadband, which is an 'always-on' connection, which means that people can access your information even when you're not surfing the Web,” says Col HS Bedi, CMD, Tulip Telecom.

According to recent findings on the state of the Internet by Akamai, the trend of distributed denial of service (DDoS) attacks, continues to target exploits that were identified years ago, suggesting there is still a significant population of insufficiently patched systems connected to the Internet. Also, enterprises, with various forms of security solutions may have the perception of full protection, but they are not devoting proper attention to the wireless devices that could lead to crucial information becoming available to outsiders.

Experts also believe that India's unsafe security environment could be costing its BPO industry an estimated $500 mn annually.

This clearly indicates that many organizations are living in a false sense of security, with none or lack of proper IT framework. And the dilemma is the way in which cyberpunks work; it is difficult to nab them as they always keep themselves ahead in this 'catch me if you can' game.

Also, with the lack of security framework, it is difficult to trace them as they can operate from anywhere and everywhere. High-speed Internet connections are more prone to attacks, as cyberpunks can use port scans to check if a user is online; and hence can takeover the user's computer.

Wire-based networks offer an inbuilt component of security, as it requires someone to physically tap into the communication medium to access data. It is also noteworthy that physical tapping is more vulnerable to detection as compared to tapping Wi-Fi/WiMax signals.

While the surfacing of new technologies certainly brings expediency and flexibility, enterprises and individuals also need to be vigilant about the way they transmit their precious information on these technologies.

“Enterprises need to assume that they're not protected and provide the security that enables them to interact and connect with the organization safely and to have confidence in that connected experience is a must,” says R Subramaniam, senior solution architect, Microsense.

The organizations are also finding it complicated to deal with the growing number of known and unknown threats in a complex business environment where endpoint costs are rising and the entire ecosystem of Internet security is getting more and more multifarious.

“As network connectivity becomes more pervasive and bandwidth increases, the spread of worms and viruses can happen at a faster pace, further compounding the problem,” says Mahesh Gupta, business development manager, network security, Cisco India & Saarc.

Surpassing Wired Networks
The emersion of wireless technologies such as Wi-Fi, WiMax, 3G, etc has fashioned a new meaning to communication. With mobility as the foremost priority among business users; WiMax and Wi-Fi technologies are expected to be very popular and crucial for the penetration of broadband services in India.

As compared to dial-up users, broadband users, according to experts are nearly five times more likely to be targeted, with attackers looking to hijack the hosts to use as stepping stones for further attacks, for storage of illegal copied software, and to launch new waves of spam mails. Although, a properly secure wireless network could be a great asset and provide free mobility and access at difficult points that are not easily reached by wireline networks.

“The organizations should not compromise on performance while going wireless. Besides security, the productivity of performance should also be taken into account while deploying any wireless solution,” says Balakrishnan Anantharaman, country manager, Blue Coat, India.

To assure easier connectivity over air, enabling larger mobility for professionals, the adoption of Wi-Fi has gained colossal recognition among enterprises in recent years. However, it is interesting to note that a large number of users are oblivious to the fact that they are actually transmitting crucial information over the air, which can be effortlessly viewed by others.

“It is better to be safe than sorry, and in the dark world of security it pays to be paranoid. Unless the CIO's get comfortable with the Wi-Fi technology they must keep the Wi-Fi and wireline networks isolated from each other which is a good rule to follow in any case,” says Rana Gupta, business head, Safenet, India & Saarc.

While some experts believe that there is no risk to wireless connectivity if one has a normal security plugged in the device, others are of the opinion that the risk of Internet crime increases with the use of wireless connection.

Concerning wireless security, Amuleek Bijral, country manager, RSA, India and Saarc, the security division of EMC, says, “In the plain vanilla format a wireless network is prone to more kinds of attacks than wireline. But wireless networks with apposite security infrastructure and measures in place can become a much more valuable asset than a wireline network.”

Vulnerabilities of a wireless network were recently witnessed when terrorists hacked the Wi-Fi network and sent terror mail to various media organizations in the country. The initial investigations revealed that the attackers hacked the Wi-Fi capacity of a college in Mumbai and sent the mail through remotely accessed logs. On similar lines, the terrorists used an unprotected Wi-Fi network of a US national at his Mumbai residence to send emails to various media channels few minutes before the recent blasts in Ahmedabad.

The incidents visibly illustrate the high intensity of hackers who in order to materialize their illegal objectives, can go to any extent. The cyber attacks are now expected to cause maximum damage and there are various professional tools being used by the criminals to fulfill their means.

“As wireless networking works by sending information over radio waves, signals from it can easily be intercepted.”

Echoing similar insights, Captain Raghu Raman, CEO, Mahindra Special Services Group (MSSG), says, “Attackers can easily exploit vulnerabilities in a wireless network to hack into secure networks, if not monitored. It is important to educate users on the use of wireless technologies such as Wi-Fi.” It is therefore imperative for enterprises to first understand the benefits that accrue to the organization by virtue of deploying wireless networks before getting worried about security aspects.

“Wi-Fi and WiMax security, although looks good on paper, when it comes to reality, it is not trustworthy. Wireless connectivity will take some more time to gain confidence among masses,” says Ajay Masur, CIO, HIRCO.

Upendra Patel, CTO, eInfochips, says, “We would prefer wired network over wireless for our enterprise because of its reliability, speed, performance, scalability, and flexibility. Wireless can only be used optionally for indoor use within the premises of LAN, confined to restricted usage for roaming users.”

It is indispensable for service providers and vendors to prevent the flaws that exist in the system. Further, while the level of awareness is quite high in large enterprises it is below par in SME's in India. The CIO fraternity strongly believes that there is a critical need for an awareness drive to install confidence about wireless security among customers.

“As enterprises look for integrated solutions, broadband security providers have come up with a single application that can combine all these solutions in addition to bandwidth and multiple ISP link management,” says AK Sekhar, CTO, YOU Telecom.

The biggest challenge is to implement security without making technology implementation complex, without generating too much administrative overheads, and without compromising the security of information which is going to flow across the enterprise.

“There is now more concern about Web 2.0 applications due to different types of API's. These new interfaces are potential sources for emerging threats that cannot be handled by earlier security measures. Nobody really knows what kinds of vulnerabilities are created by these new APIs,” says Rama Subramanium, head, systems engineering, Juniper Networks.

As the security architecture is being engrossed throughout enterprise- wide systems, an enterprise requires diversity of expertise to administer security at different levels. With servers and processors becoming more and more powerful, the architecture will change to allow for several applications to run on virtual machines on the same hardware server.

The Way Out
The growing wigwag of Internet security threats has initiated a plethora of security concerns among enterprises. Banking on the new emplacement of connectivity, escalating economy, lack of proper legal system, and unremitting rise in Internet usage among enterprises and common users, cyber criminals are eyeing India as one of the most beloved destinations for illegal activities. And with increased HSPDA and Wi-Fi availability, mobility is becoming more feasible. This combined with the Web 2.0 escalation there would be an appearance of new applications, new APIs and, correspondingly, new security concerns.

In the current threat milieu, there are myriad ways in the form of cookies, firewall, phishing, spam, spyware, Trojan horses, viruses, etc, through which a hacker can monitor each and every step of an individual on the Web.

According to Prosenjeet Banerjee, head, global security services, HCL Comnet, “The awareness level among many enterprises is still very low. Though wireless adoption is to bring more openness among connectivity, confidential integrity of the organization should not be compromised. Enterprises should be aware of what they are getting into before deploying any solution or service.”

Although the industry has seen considerable improvement in the broadband security segment during the last few years, there are various issues that need to be resolve. Service providers, device vendors, and security vendors need to work together to offer end-to-end secure solutions to customers, and to exterminate insecure implementations.

“Essentially, ports are doors that an application goes through to communicate through the Internet, so when attackers run a port scan they're looking for ports that are open. They can see that there's a live computer at a certain IP address. And while dial-ups often connect using different IP addresses, broadband IP addresses are more likely to be static, which makes it easier for a hacker to penetrate them,” says Dhupar, of Symantec India.

One has to move ahead with the technology and not limit them from using a new technology. For a CIO or CTO, understanding the security concerns and evaluations such as installing patches, employing firewalls, regular updates on anti-virus solutions, use of intrusion detection systems, etc, can play a very crucial role to safeguard the interests of an organization.

Given the cornucopia of wireless access devices coupled with competitive prices and mobile work culture, the Internet security challenges are only going to worsen. Wireless networks provide an easy accessibility to hackers who, for instance, can park a car outside the campus or office and clasp into the wireless network of the enterprise. While WEP encryption can protect the network to an extent, other security measures such as 2factor authentication should be employed to protect wireless networks.

Also, experts believe that protection of layers is important, as a solitary breach could affect the entire network through cascading attacks. It is also important to verify the mobile computing devices, data encryption through a variety of encryption methodologies, and to have standard VPN solutions for the wired world or optimized TCP/IP protocol for wireless networks before sending any data.

To overcome various Internet security challenges enterprises need more comprehensive policies and solutions that would be proactive rather than reactive.

To effectively avoid disruptions caused by Internet security threats, organizations must adopt end-to-end security solutions to address domains such as network endpoints from attack, and network admission control and protection from threats emerging from guest/non-corporate assets. In addition, content security (for threats emerging from mail and Web) and configure management is also pivotal.

“There are concerns raised by middle and large enterprise on security threats through Wi-Fi LAN. And for the same we propose the 802.1 authentication in Wi-Fi LAN, and hence don't allow any foreign devices to have access to the LAN,” says PK Saji, VP, technology, Sify Technologies.

Considering the variety of applications that an enterprise uses to accomplish its business activities, a unified key management solution is very crucial. The security concerns are dramatically rising, and, as organizations are going digital, the security architecture is being engrossed throughout enterprise wide systems.

Jatinder Singh
jatinders@cybermedia.co.in