TSI 2002 Logo

International exhibition and conference
Le Meridien Hotel, New Delhi
23 September 2004
 
 
 
PRESS RELEASE
  
 


Take Care, Your Mobile World May not be Secure, warn experts

Your GPRS mobile may not be secure against data hacking. Networks across the world might be leaking. Even if you have installed some security system, hackers are just a step ahead of any system. Experts at the 3rd Telecom Security India conference here today sketched many such scenarios and called for a national security policy and awareness movement to protect data flowing on the networks.

The Universal Service Fund Administrator and former Telecom Commission chairman Shri Shyamal Ghosh described the security problem as a 'cat and mouse game'. "The situation is a dynamic one and therefore no one can remain complacent," he added. Users also need protection against uncalled for intrusions like spam and telemarketers.

Pointing out how some of the content in networks can be dangerous, Shri Shyamal Ghosh referred to the news item about an IIM Lucknow student committing suicide after watching an Internet website on suicides. Dangerous content is a threat to personal security and present social problems, he said.

SMS has almost reached the dimensions of spam, said N. K. Mangla, Director - Commercial, of BSNL. Calling for a comprehensive solution to the problems of network security both for the user and the operator as well as needs of the Government to protect the country, Mangla referred to a national policy involving all stakeholders for the Government to act upon.

"BSNL has to issue 30 crore bills: we would like this entire process of bills issue and collection to be done on the network to save the huge cost of issuing bills and then collecting the money," said Dr. S.D.Saxena, Director - Finance of BSNL. "But all this depends upon how secure such transactions could be," he said. According to him, any investment in this area would be highly cost effective due to the high costs of transactions for companies like BSNL. He revealed that the outstanding for BSNL was Rs. 3,500 crores and therefore BSNL would definitely like to have some way of collecting this money and preventing revenue leakage.

Panelists at the conference including Telecom Commission Members, K L. Jain and Arun Kumar Saxena focused on the "threat cycle" and societal responsibility to ensure security, and the societal responsibility extending to the user. "Security systems are like bodyguards: they need a constant review on their effectiveness," Jain said. The day-long international conference, third in the series, has been organized by Convergence Plus journal in the context of rapidly changing technologies and expanding networks linking to global networks like the Internet.

Computer Associates consulting director Rajendra Dhavale cautioned about the practice of operators taking care only of external threats and forgetting internal threats like those in business support systems. People who were working in one company could know of the internal access points of business systems and once they left the company they could still be able to access the systems unless care was taken to change the access code with each employee departing. Even complicated passwords themselves were a threat as people have to write it down somewhere to remember them and that, compromised security. A single sign was called for to access multiple systems.

Cyber cafes were another leakage points in the security systems of networks, warned Sanjeev Nikore, Chief Operating Officer of HCL-Comnet Systems. Pointing out how a single virus entry once choked the entire system of a large enterprise he called for making it mandatory to install a 24x7 security monitoring system to protect networks. "Any investment in this regard is worth the money considering what it would cost the enterprise if there was a loss of data or downtime of even ten minutes," Nikore said.

According to industry analyst IDC, worldwide-managed security business would rise to 21.7 billion US dollars by 2007. In the US over 60 per cent of the large and 40 per cent of the medium companies were expected to install such systems by 2007, according to Infocentis. Almost 100 per cent of large businesses were already working their networks with firewalls and 90 per cent would have some system of authentication and virus scanning in place by 2007.

Pointing out that "anything could go wrong" in security systems, Pankaj Mittal , Chief Technology Officer of ClearTrail Technologies suggested defence in depth through putting together several security systems . "There have to be defined standards in security and these need to be implemented, he said. "Security management is as crucial as installing different levels of security systems " added Dhavale. "Threat could be anywhere along the lines," said Prem Behl, editor of Convergence Plus journal, calling hacking and virus infiltration "new type of terrorism" threatening the emerging "young people's world" of digital devices.

On the demand for a data protection legislation Telecom Commission member K.L.Jain said there was no concensus even in an international forum like ITU. However, ITU has evolved certain standards in data protection. There is a need for a mechanism that ensured compliance. The rapid spread of mobile handsets would force that standard adoption, he hoped.

Admitting at least minimal steps should be mandatory for data protection, Shyamal Ghosh said that people had to learn network protection behaviour. He endorsed the plea of Dr. S.D Saxena for a "culture of not breaking the law".

"New services and applications are converging on the Internet, adding complexity in security. Applications and protocols grow in complexity, and are developed with best-effort security although these applications and products continue to be shipped with insecure defaults. At the same time, the number of attacks and vulnerabilities continue to grow." These observations were made by Chandan Mendiratta, principal consultant, India and SAARC, Cisco Systems India Pvt. Ltd., during the "IP-based network security" session of the show.

According to Mendiratta, telecom operators running disparate networks, building capacities for parallel networks, redundant investments and the system's inability to run new and future services, is adding to security concerns. He added that SP security is a real issue, and needs an integrated system. Every organization must define security policies and related procedures. "Security should be deployed following a multi-layer modular design. Nearly 90 percent of Internet runs on Cisco platforms," he concluded.

Discussing the Internet security drivers of 2004, V. Pradeepan, technical consultant, network security, Select Technologies Ltd., said that worms and viruses are winning the war, followed by secure remote access and connectivity systems, and multi-layered security options. He added that one in every six PCs has no protection from hackers. Also, worms and virus attacks cost US $12.5 billion in 2003. "Deploy secure architecture to block known and unknown vulnerabilities. In addition, increase focus on SSL VPNs for connection flexibility," he suggested. Elaborating on the trends for security, he noted that 3-4 percent of the total IT budget is spent on security. This is likely to increase to 8-10 percent through 2006.

Citing today's network security challenge, Sandeep Gupta, vice president, engineering, iPolicy Networks, noted that enterprise networks are becoming high speed, and organizations face fast-moving, blended, sophisticated threats. Exploring the challenges, he noted that high bandwidth is the norm in the enterprise, and bandwidth hungry multimedia applications are commonplace for intrusion. In addition, WAN connections are becoming fatter pipes. Broadband DSL/Cable is replacing 64K/256K-leased lines.

"Threats are no longer just from hackers attempting to break in from the "untrusted" public network. Sophisticated attacks easily traverse conventional firewalls. Computer mobility, including wireless, is leading cause for infection, defeating strong perimeter," he added. He also informed that biggest threat is from inside -- malicious worms spreading at phenomenal speed and transforming internal systems into attack zombies. Many attacks are blended threats, which propagate like worms, act like viruses, install Trojans and launch co-coordinated attacks.

"Nearly 90 percent of organizations say information security is of high importance for achieving their overall objectives. Around 78 percent say reduction of risk is their top influencer of information security spending. However, over 34 percent of organizations rate themselves as less than adequate in their ability to determine whether their systems are currently under attack. Over 33 percent say that they are inadequate in their ability to respond to incidents, and 56 percent cite insufficient budget as the number one obstacle to an effective information security program," informed Devendra Parulekar, manager, e-security services, risk and business solutions, Ernst & Young Pvt. Ltd. He concluded that highly effective security cultures are chief executive-driven, maintain a heightened sense of awareness, utilize a digital security guidance council, establish timetables for success and monitor progress and drive an enterprise-wide approach.

"In developing and refining our approach to security over the past few years, the largest set of stakeholders that have influenced us is YOU and other CUSTOMERS. Security sometimes seems too simple a term for the many aspects of business and information technology that it touches. Even just looking at security from an IT viewpoint, we want to protect networks, systems, data, processes and users," noted Vickey Rodrigues, solutions specialist, Microsoft India. Adding that Microsoft is taking steps toward an ambitious vision -- computers that are resilient in the presence of worms and viruses and isolates them from unsafe networks. "Greater computer resiliency will enable customers to communicate and collaborate in a more secure manner. Microsoft is focusing on the development of security technologies designed to make this vision a reality. This vision begins with new security enhancements in Windows XP Service Pack 2 including technologies to address threats from port-based attacks, malicious email attachments, malicious web content, and buffer overruns," he said.

  

 

  

Organiser