Guest Column

However things are changing rapidly. Networks and Internet works with remote access facilities are the order of the day and these are intrinsically insecure. More and more mission critical applications are being run on these systems and the value of the data on them is increasing exponentially and becoming too precious to lose. The internet is the biggest thing in many people8217;s lives today and incidents involving hacking on websites are legion.

E-commerce is the buzzword in the IT industry today. But without security, it could become a non-starter. Computer security has thus been catapulted to the forefront of the scene without which technology cannot marchonward.

So how do you start off to secure your environment? Firstly, you need a security policy. This document lays down several aspects such as 8212; what are the assets you are protecting and how; who is incharge of security, what are the rules etc. This document then becomes a blueprint for managing security in the organisation.

Virus protection is probably the first issue of computer security. With over 20,000 viruses in existence and 400 new ones coming up each month, the virus menace is increasing in proportion almost daily. Newer viruses have more damaging payloads. In India, the widespread use of pirated software, coupled with low levels of awareness and weak protection measures, means that viruses often get through the gate and cause havoc the prime example being the CIH virus that triggered off on April 26, 1999. Using good anti-virus software is only one part of the story. A proper anti-virus strategy would consist of preparation, prevention, detection, and containment and recoverymeasures.

Access control is the next area of concern. A PC is based on an open architecture with no file or memory protection. Unauthorised access of data is thus an issue of major concern. One way of dealing with the problem is to allow access only based on what you know passwords, what you have tokens or smart cards, or what you are biometrics. Recent episodes of cracking passwords on VSNL servers show that more than 80 per cent of passwords are easy to guess using dictionary attacks and other common hacking techniques.

Encryption is the next stage of security that protects your data even if unauthorised people get access to it. There are several methods of encryption, but the most popular is public key cryptography, which is based on each user having two sets of keys one private secret and one public known to everyone. Messages are encrypted and decrypted using a combination of these keys and are fairly secure.

Intrusion detection is another new technology that enables systemadministrators to scan their networks for known vulnerabilities, so that they can be fixed before hackers can exploit them. In India, organisations are just waking up to all these aspects of computer security. Progress is slow since expertise is limited and the basic infrastructure is non-existent. Laws against hacking, writing viruses and cyber-crime are yet to be enacted in India, though they have been on the anvil for some time.

But as India is leapfrogging into the new millennium via the Internet and embracing global trends such as e-commerce, the simple maxim that has to be followed is 8212; better safe than sorry!

The author is Managing Director, IT Secure Software Ltd, a computer security company