Internet attacks and the need to step up security
By Dr Khairuddin Hashim
23rd March 2001 (New Straits Times)

INTERNET security needs are dynamic in nature. Once a threat is managed, another new threat will probably surface. Security procedures have to be tightened to reduce the possibility of intrusion or virus attacks.

In managing viruses, it must be noted that the development of virus antidotes is reactive in nature. As such, organisations should take effective preventive steps to ensure that confidential and strategic data is not accessible.

Cases of cyber attacks on websites have become quite common nowadays.

In the United States, Yahoo, eBay, CNN and ZDNet have had their share of attacks and disruptions.

The recent spate of cyber attacks employs the distributed denial of service strategy.

What this means is that co-ordinated bombardment of sites based on submission of inquiries or information is done at a preset time, clogging the line and denying services due to overload.

This is possibly done by accessing into computers and installing time-triggered attacks to identified target sites.

Recently, a number of Malaysian web sites were compromised. If information is required to be made available on the Web and the information is not critical and confidential in nature, a copy could be made available to visitors of the web sites.

To ensure data integrity, access, transfer or updates should be done through "read only" media and equipment.

A simple but effective approach is to isolate the server or network from systems connected to the Internet.

If data is critical, strategic and confidential, it should not be put on a system or a network environment that is physically connected to the Internet.

A stand-alone local area network accessible internally from within the organisation can be implemented. This will ensure that critical and confidential data cannot be accessed at all from the Internet.

In conclusion, steps must be put in place to ensure security policy and procedures are adhered to. Latest and effective security technology must be employed.

In cases where data is critical and highly confidential, steps must be taken to remove the possibility of having it accessed externally or through the Internet.

Malaysia, being a country devoted to using information technology for current and future development, should consider Internet and system security seriously.