The Hindu : Security, privacy issues haunt net users

Online edition of India's National Newspaper
Monday, July 31, 2000

Front Page \| National \| Southern States \| Other States \| International \| Opinion \| Business \| Sport \| Entertainment \| Miscellaneous \| Features \| Classifieds \| Employment \| Index \| Home

Business \| Previous \| Next Security, privacy issues haunt net users NEW DELHI: As e-commerce is growing leaps and bounds, so are security related frauds which experts say are bound to occur due to huge interconnectivity on the world-wide web. Also appearing in big numbers is malicious and buggy software, not to mention special sites teaching you how to gate crash into others sites - all of which have raised serious concern about privacy and security issues on the Internet. With over 400 million users, security on the net is an important issue which needs to be addressed urgently and laws concerning them need to be put in place quickly, say information technology experts. ``In India, we do not have a computer frauds act. There exists only the Information Technology Bill which defines and deals with the menace of hacking, providing only civil remedies by way of compensation ... There is no criminal prosecution of those who indulge in such activities," says Mr. Pravin Anand, a Supreme Court advocate. ``In such circumstances, the best strategy for managing the risk of security breach is through proactive network administration. "Most security breaches can be attributed to employee complicity or negligence... Effective supervision can to a large extent avoid a significant portion of security breaches," notes Mr. Anand. "Humans - both inside and outside the organisation are a threat. Outsiders could try and compromise your network - for fun or for profit - as could people inside. At the end of the day any security breach, whether from inside or from outside compromises either on confidentiality or integrity," says Mr. Neville Bulsara of N&N Systems & Software. But instances show that the major threat is from people inside the organisation rather than those outside, he says. In the Internet world, however, there is no term as absolute security. Such a policy has to be continuously evolved based on changing conditions, says Mr. Hanif Sohras, product manager, network security, HCL Comnet. New software and technology comes up every now and then, and with it come new threats which make it increasingly difficult to define a security network. Threats are based on vulnerabilities in the system and it is these which need to be checked, notes Mr. Sohras. According to Mr. Sohras one of the major problems Indian companies face is on the awareness front. "The level of awareness among Indian companies is pathetic. The attitude is - let's buy a product, install it and forget it.'' "But that does not work that way - the security issue cannot be addressed by products, it can only be addressed by people," says Mr. Bulsara. "Security should in fact be viewed as a never ending process that needs to be worked upon all the time, rather than a problem that can be addressed by installing a product and becoming complacent," he says. Too many companies have fallen prey to this complacency only to find the rug being pulled from under their feet. "It security thus is all about taking steps to ensure confidentiality, integrity and availability of information is catered to - that right information is available to the right people in an acceptable time-frame," Mr. Bulsara says. In fact, a whole range of security issues crop up when an organisation enters the cyber world. It is possible to have an unwritten security code in the physical world, but it is not possible in the cyber world where new threats keep on emerging, says Mr. Sohras. ``With thousands of websites training in the art of hacking, unauthorised intrusions, service denial attacks and data eavesdropping have all become the order of the day," he says. "E-commerce transactions are the most susceptible to security breaches and can cause losses to companies as well as customers. Security concerns are greatest when it comes to online banking and passwords." "In business to business transactions, avoiding leak of information to unintended parties is another major issue that needs to be addressed. "In the electronic global village, fraud is a real time event -in fact a major risk to online trading," says Mr. Anand. However, encryption technologies are available which the companies especially financial houses can use to protect their data. In India we do not have any specific legislation on encryption except for a dot guideline, he says. "At present the law enforcing agencies have insufficient tools to protect consumers and companies from web frauds. Thus there is need for evolving new laws and regulations to provide more guidance and security to consumers. "It is the responsibility of the industry also to prevent fraud in the interests of the consumers. The industry should develop a code of conduct, promote public education and inform the enforcement agencies about such frauds," he says. Some companies have come up with hacker teams - white hat hackers - which hack into the systems of their clients to highlight their weaknesses and suggest remedies. - PTI Send this article to Friends by E-Mail
Section : Business Previous : Autodesk to cater to enterprise GIS Next : SEBI for relaxation of RBI norms on FIIs to boost derivatives trade
Front Page \| National \| Southern States \| Other States \| International \| Opinion \| Business \| Sport \| Entertainment \| Miscellaneous \| Features \| Classifieds \| Employment \| Index \| Home
Copyright © 2000 The Hindu Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu

Front Page \| National \| Southern States \| Other States \| International \| Opinion \| Business \| Sport \| Entertainment \| Miscellaneous \| Features \| Classifieds \| Employment \| Index \| Home

Business \| Previous \| Next Security, privacy issues haunt net users NEW DELHI: As e-commerce is growing leaps and bounds, so are security related frauds which experts say are bound to occur due to huge interconnectivity on the world-wide web. Also appearing in big numbers is malicious and buggy software, not to mention special sites teaching you how to gate crash into others sites - all of which have raised serious concern about privacy and security issues on the Internet. With over 400 million users, security on the net is an important issue which needs to be addressed urgently and laws concerning them need to be put in place quickly, say information technology experts. ``In India, we do not have a computer frauds act. There exists only the Information Technology Bill which defines and deals with the menace of hacking, providing only civil remedies by way of compensation ... There is no criminal prosecution of those who indulge in such activities," says Mr. Pravin Anand, a Supreme Court advocate. ``In such circumstances, the best strategy for managing the risk of security breach is through proactive network administration. "Most security breaches can be attributed to employee complicity or negligence... Effective supervision can to a large extent avoid a significant portion of security breaches," notes Mr. Anand. "Humans - both inside and outside the organisation are a threat. Outsiders could try and compromise your network - for fun or for profit - as could people inside. At the end of the day any security breach, whether from inside or from outside compromises either on confidentiality or integrity," says Mr. Neville Bulsara of N&N Systems & Software. But instances show that the major threat is from people inside the organisation rather than those outside, he says. In the Internet world, however, there is no term as absolute security. Such a policy has to be continuously evolved based on changing conditions, says Mr. Hanif Sohras, product manager, network security, HCL Comnet. New software and technology comes up every now and then, and with it come new threats which make it increasingly difficult to define a security network. Threats are based on vulnerabilities in the system and it is these which need to be checked, notes Mr. Sohras. According to Mr. Sohras one of the major problems Indian companies face is on the awareness front. "The level of awareness among Indian companies is pathetic. The attitude is - let's buy a product, install it and forget it.'' "But that does not work that way - the security issue cannot be addressed by products, it can only be addressed by people," says Mr. Bulsara. "Security should in fact be viewed as a never ending process that needs to be worked upon all the time, rather than a problem that can be addressed by installing a product and becoming complacent," he says. Too many companies have fallen prey to this complacency only to find the rug being pulled from under their feet. "It security thus is all about taking steps to ensure confidentiality, integrity and availability of information is catered to - that right information is available to the right people in an acceptable time-frame," Mr. Bulsara says. In fact, a whole range of security issues crop up when an organisation enters the cyber world. It is possible to have an unwritten security code in the physical world, but it is not possible in the cyber world where new threats keep on emerging, says Mr. Sohras. ``With thousands of websites training in the art of hacking, unauthorised intrusions, service denial attacks and data eavesdropping have all become the order of the day," he says. "E-commerce transactions are the most susceptible to security breaches and can cause losses to companies as well as customers. Security concerns are greatest when it comes to online banking and passwords." "In business to business transactions, avoiding leak of information to unintended parties is another major issue that needs to be addressed. "In the electronic global village, fraud is a real time event -in fact a major risk to online trading," says Mr. Anand. However, encryption technologies are available which the companies especially financial houses can use to protect their data. In India we do not have any specific legislation on encryption except for a dot guideline, he says. "At present the law enforcing agencies have insufficient tools to protect consumers and companies from web frauds. Thus there is need for evolving new laws and regulations to provide more guidance and security to consumers. "It is the responsibility of the industry also to prevent fraud in the interests of the consumers. The industry should develop a code of conduct, promote public education and inform the enforcement agencies about such frauds," he says. Some companies have come up with hacker teams - white hat hackers - which hack into the systems of their clients to highlight their weaknesses and suggest remedies. - PTI Send this article to Friends by E-Mail
Section : Business Previous : Autodesk to cater to enterprise GIS Next : SEBI for relaxation of RBI norms on FIIs to boost derivatives trade
Front Page \| National \| Southern States \| Other States \| International \| Opinion \| Business \| Sport \| Entertainment \| Miscellaneous \| Features \| Classifieds \| Employment \| Index \| Home
Copyright © 2000 The Hindu Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu