About Us  |  Search  | FAQ  | Contact Us
Computer Crime
Home
Banking
STP
Risk Management
BCM
CLS
Human Resources
e-commerce
Features
Smarts Cards
Interviews
Optimise CRM
Data Warehousing
Disaster Recovery
Swift Messaging
Securities
M-commerce
Africa
Finance
BPM & Workflow
Capital Markets
Global Custody
Outsourcing
 

 

 

 

From castle walls to firewalls; Rapid growth in computer crime

In the Middle Ages, it was the walls of castles that provided protection from enemies. In the information age, this function is performed by firewalls and encryption devices. Fuelled by massive increases in Internet usage, computer and telecommunications crime; so-called cyber terrorism is soaring.

To optimise communication and activities, today's commercial and political organisations use modern means of communication: telephones, fax machines, intranets, extranets, the Internet and video conferencing systems. According to researchers Global Reach 200 million people world wide surf the Web. By the year 2005 there will be one billion Internet users worldwide. As more and more sensitive information is transmitted via data lines, the risk of unauthorised access and data theft is becoming an increasingly dangerous threat to companies and government agencies. Security has emerged as a key issue over the last years. The emergence of e-commerce has not only provided decision-makers with new opportunities but has also increased risk. The enterprise information available to partners, suppliers and even customers will invariably mean that there is a risk of data theft and fraud.

The main threat comes from hackers; both external and internal; who have easy access to tools to crack IT systems to steal, damage or alter data.'Malware' covers the range of destructive programs that cause security threats. Trojan horses, for instance, masquerade as a valid application, but instead steal passwords from your computer system. They may even introduce viruses on the computer that replicate themselves, use all available memory and bring the system to a halt. Even skilled amateurs can easily break into a network, acquire access rights and destroy, falsify or view data. Research shows that the number of intrusions increases by 20 percent every year. According to the US Computer Security Institute's most recent annual computer crime survey (executed jointly with the FBI), an estimated 90 per cent of surveyed companies detected cyber attacks in the last 12 months. Last year the US Defence Department repelled more than 22,000 attacks; up 400 per cent in just two years.

At the start of the year, so-called denial of service sabotage brought both Yahoo! and Amazon.com down in two infamous attacks. In mid 2000, the much publicised 'I love you' virus infected hundreds of thousands of PCs around the world, causing an estimated US$ 8 billion worth of damage. And recently, Microsoft's hack brought worldwide attention. In the light of these events it comes as no surprise that research company Datamonitor reports the global IT security product market will continue its current 28 per cent per annum growth until 2003; taking it from its 1998 value of US$ 2.3 billion to more than US$ 8 billion.

The IT security market consists of a wide range of products and services aimed at protecting IT systems. Between them they seek to ensure confidentiality, authentication (that you are who you say you are), integrity of information (that it doesn't get tampered with during transmission) and non-repudiation (that the author can't deny he or she sent a communication). The market comprises different product segments. The main ones are firewalls, encryption, public key infrastructure, anti virus and authentication. Encryption secures the transmission of data packages along public telecommunication lines. Firewalls shield computer networks from unauthorised access.

In the IT security market, one of the leading companies worldwide is Biodata Information Technology. Its products build a network's 'fortress'; with walls, gateways, secret tunnels and guards patrolling inside and outside the castle (it is no coincidence that Biodata's global HQ is a medieval castle near Frankfurt, Germany). The company's core business is the development and marketing of encryption (communications security) and firewall (network security) solutions. Earlier this year it also entered the authentication market, after launching biometric software technology that reads face, voice and lip movements.

Encryption Products
Encryption devices; which form a network 'castle's' secret tunnels - are used to ensure information sent electronically remains confidential. They do this by sealing the information inside coded-language 'envelopes' which can only be opened by the intended recipient.

Cryptography has existed in one form or another for thousands of years. From intricate codes, comprising of numbers and text to forms of invisible ink, encryption has played a part in communication throughout the ages. Today is no different, with computers being the tools for communication. The only way to protect information from hackers is by using a method of encryption. With increasingly powerful encryption processors and the costs of computing power halving every 16 months, it is essential to always "update" cryptographic algorithms. Data Encryption Standard (DES) is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. DES evolved into a stronger form of encryption, called Triple DES, whereby the input data (in this case the single-DES key) is, in effect, encrypted three times. With Triple DES, there are 5, 100, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000 (5.1 quintilliard) or more possible encryption keys that can be used.

In cryptography, there is a continuous improvement in the development of new technologies and algorithms. Only recently, an international forum of experts in cryptography selected a successor for DES and Triple DES. The RJINDAEL algorithm will be the worldwide e-commerce standard for encryption of electronic data. In the last two decades, the Data Encryption Standard has become the most commonly used encryption algorithm. Cryptographers and encryption companies worldwide decided together with US administration which cryptographic algorithm is capable of extending this tradition. Building on the trust of DES and Triple DES, the Belgian encryption algorithm RJINDAEL has won against 14 competitors and will be known as the Advanced Encryption Standard (AES). The criteria behind AES was "to develop a Federal Information Processing Standard (FIPS) that specifies an encryption algorithm(s) capable of protecting sensitive (unclassified) government information well into the next century" (NIST 1997).

RJINDAEL is a substitution-linear transformation network with ten, twelve, or fourteen rounds, depending on the key size, and with block sizes of 128, 192, or 256 bits, independently specified. The algorithm runs fast on a wide range of processors, plus it is very flexible in hardware. RJINDAEL was submitted to the AES development effort by Joan Daemon and Vincent Rijmen.

One of the fastest growing business areas with the need for uncompromised security is the market for videoconferencing systems. Many businesses, including lawyers and banks, conduct important meetings using VC. Without costly travelling, company executives discuss strategies and coordinate activities in videoconferences. Videoconferencing systems are often overlooked by both the IT and security people within an organisation, because they do not allow hackers to connect to a company's private network. Therefore, VC systems are deemed "secure". However due to operational practices and lack of functionality on older systems, gaining information can be as easy as making a video or voice call. This problem exists because companies leave their VC systems 'open' to allow for callers to dial in, but if the television monitor is turned off, potentially anyone can dial in, without the knowledge of the host. It is easy for eavesdroppers to dial in to a VC undetected, and gain access to confidential information simply by dialling the access number.

According to a research by the Federal Bureau of Investigation (FBI) and the Computer Security Institute in the United States, 57% of organisations declared that their communications are a frequent point of attack. With 51% of survey respondents acknowledging financial losses, system penetration by outsiders increased for the third year in a row. The most serious financial losses occurred through theft of proprietary information and financial fraud (Federal Bureau of Investigation / Computer Security Institute, Issues and Trends: 1999 CSI/FBI Computer Crime and Security Survey). Strong encryption secures the transmission of data packets via public telecommunication networks. BabylonMETA devices have been successfully tested by all the leading video conferencing equipment manufacturers, including Sony, Tandberg, Polyscan (Polycom), VCON, VTEL, MotionMedia and PictureTel.

Firewall Products
Firewalls; which form a network's castle walls - are the first line of defence to keep unauthorised users out. The 1999 CSI/FBI, Computer Crime and Security Survey states that 163 organisations report financial losses of US$ 123,779,000 due to security breaches. 30% of respondents report system penetration by outsiders, 37% of respondents in 1996 to 57% in 1999 list their Internet connection as point of attack. Three-level firewalls (packet filter, application gateway and packet filter) are widely accepted as the most effective solution. Security is on the boardroom agenda. High-profile hacking events and transaction frauds have meant that security is critical to maintain customer confidence and corporate reputation.

Firewalls provide complete network protection by integrating application-level proxies, network circuits and packet filtering into a unique perimeter security architecture. This "full stack" packet inspection technology ensures that the data entering and exiting your corporate network is validated at all levels of the protocol stack. The changing nature of IT infrastructure is driving demand for security investment. In particular, B2B is a major influence in implementing new applications, and the risk of open networks and remote access, not only for employees but also for groups such as suppliers and customers, can place enterprises and banks in a vulnerable position. The drive for online banking and e-commerce environments means that corporations are looking to securely connect business partners and customers. Demand for security is based largely on awareness. Usually it is probably not until corporations experienced data piracy, network downtime or server crashes as a result of a network hack that they start thinking about implementing a security infrastructure.

Easy management of local and remote firewalls is of extreme importance in fast-growing companies with remote offices. Independent of technical specifications the benefit of a firewall is apparent in its easy-to-use design and manageability. Solutions that are hard to configure are also hard to secure. Firewalls that are easy to manage are also easy to secure. Corporate IT environments with multiple remote sites use a low cost telecommuting program to address a geographically disbursed customer base and support their core business with a mobile workforce. These are the most security conscious organisations because data and electronic information is their primary asset.

Virtual private networks (VPN) enable global companies with geographically diverse offices to work and share information as if they were in the same location. Remote sites can be connected cost-effectively. Employees are able to exchange documents, access databases, resources and communicate safely over public networks. The virtual private network (VPN) overlays what is in effect a private network on a public IP network. A secure connection (a 'tunnel') is created between the points of communication through which data are encrypted. In the past, companies hired private lines from telcos, but that has proved very costly. The data which are being transferred now travel through a tunnel. However, they are encrypted prior to this so that tampering while in transit is prevented. Authentication is also required at the point of access to ensure that the user is allowed to access the information. Normally, a tunnel is set up between two firewalls so that authorised data pass through the tunnel only.

Authentication Products
Authentication is a process where the user can only gain access by proving who he or she is; it is the castle's guards. Traditional devices include passwords and; more recently; smartcards. But these are vulnerable to theft, misuse and loss. Biometrics; which uses face, voice and lip movement to identify a person; is highly accurate and extremely secure.


 

 

Banking

Decision Cycle
Web Enabled
E-continuity!
Integration
Acronyms
Resilience
Drivers for STP
Personal Touch
Micro Finance
Self-service
Intelligent hub
Treasury Solutions
Mobile e-commerce
M-commerce
PKI
ZLE
Copy of Supplier Financing
Pan-European
Relationship Management
Data Management
Rise of e-commerce
e-continuity(tm)
e-payments
Computer Crime
FX deals
Intranet Problems
Operational risk
Successful e-commerce
Wireless payments
Data-agnostics
Authentication
Net Impact

 
 
 

 

Home  |  About Us  |  Search  | FAQ  | Contact Us