Acting against intrusions
By Anuja Ravendran
Computimes (5th June 2001)

COMPANIES need to place more emphasis on securing their information systems to protect business data from illegal intrusions which are reported to be on the rise. They should be able to source new technology in securing their systems as perpetrators of illegal intrusions are becoming more sophisticated, said Hee Keen Keong, director of Computer Associates Southeast Asia field services group.

"We come up with security features and hackers will find ways to crack them. We come up with more features to stop these intrusions and again they try to break through. Such is the situation," he said in Kuala Lumpur last week.

Hence, companies need to deploy a security solution which can protect their information systems by detecting and stopping intrusion, he added.

Illegal systems intrusions come in many forms, including destructive viruses, forged transactions and distributed denial of services attacks.

Hee said hackers break into a company's system, interrupt its services and steal valuable information, and some do not even have a malicious intent as they just want to experience the thrill of treading on dangerous grounds.

"It is also getting increasingly easier to hack these days. It doesn't take a genius to create codes and scripts, and these programs can be downloaded from the Internet," he said, adding that several of these programs can be used to penetrate even firewalls, placing confidential information vulnerable to attacks.

According to Hee, the level of awareness on hacking used to be low in Malaysia as compared to countries like the United States, but this is slowly improving due to an increasing number of attacks in the country and efforts from vendors to educate the market.

He said Computer Associates is offering companies a software called e-Trust to deal with hacking incidents. The software offers security capabilities to secure a company's environment, including secure Internet communications, access control, user administration, malicious-code and virus protection, intrusion detection, centralised auditing, data encryption, digital certificate validation and enterprise security compliance, among others.

Hee said companies have a choice of implementing the whole range of e-Trust's integrated solutions or individual components from the suite.

Targeted at banks and companies which aim to take their business online, the software can be implemented on platforms such as Windows NT, Solaris, Linux and Unix, he added.