[ISN] Is Your IT System Secure? (reliability/redundancy)

From: mea culpa (jerichoat_private)
Date: Thu Nov 26 1998 - 11:36:20 PST

  • Next message: mea culpa: "[ISN] New System Battles Computer Hackers"

    Forwarded From: Nicholas Charles Brawn <ncb05at_private>
    
    25Nov98 EASTERN EUROPE: COMPANY - IS YOUR IT SYSTEM SECURE?  COUNTRY
    BRIEFING
     
    FROM THE ECONOMIST INTELLIGENCE UNIT
     
    For nights of sleep lost, few problems rival the loss of vital corporate
    information. And in few places around the world is the potential for data
    going missing higher than in Eastern Europe. Though the largest foreign
    companies long ago put secure and reliable communications systems in
    place, many have not. It's a large risk to be taking. 
     
    Reliability is the key to smooth corporate communications, and that means
    back-up systems. "Any network manager worth his salt wants bullet-proof
    back-ups," says Tom Newbold, managing director of Metrotel, the
    Prague-based regional distributor for Orion Systems, a US-based satellite
    service. "You can't rely on one pipe." It also means coping with the
    fragmented nature of the regional market. Says Mark Dennehy, country CFO
    for ABB (Sweden/Switzerland) in the Czech Republic: "Whereas in Western
    Europe we negotiate a pan-[regional] deal with AT&T (US), [in Central and
    Eastern Europe] we work with the local operators." 
     
    Unsurprisingly, many companies prefer one-stop shop IT solutions. Take
    Infonet Services Corporation (US), which creates partnership agreements
    with telecoms firms (not necessarily the monopoly PTTs), thereby enabling
    the company to offer a seamless service across all markets. Billing is
    easier, too: Infonet customer Volkswagen (Germany) can be charged in
    D-marks for its regional telecoms needs, for instance, replacing dozens of
    invoices denominated in koruna, zlotys or roubles. 
     
    Satellite-based systems are another option: Orion's customers in the
    region include Colgate-Palmolive, Westinghouse, PepsiCo (all US) and
    Creditanstalt (Austria). Reconfiguration of a firm's network can take
    hours, not the days or weeks common with local fixed-line operators. And
    with construction commonplace in most East European capitals, land lines
    are still susceptible to an errant pickaxe or shovel. Or a well-aimed one.
    Mr Newbold tells of one potential customer in Moscow which is convinced
    that "construction" in front of the office is undertaken on the orders of
    a competitor, eager to interrupt business. The firm's communications
    network has been cut three times in the last several months. 
     
    If security is a concern, companies can do a lot to help themselves. "I
    can't tell you how many companies send unencrypted contracts, acquisition
    models or pricing schedules over the Internet," says Mr Newbold. The risks
    are very real-Mr Newbold tells of one hacker who tapped into a circuit
    running from New York to Washington DC. Telling his computer to look for
    any e-mail with the words "acquisition" and "merger", he was able to tap a
    rich vein of commercial gold: the correspondence of investment banks and
    law firms working on deals worth tens of millions. The menace is
    aggravated in Eastern Europe by the variety of languages-encrypting the
    word "acquisition" in English-language contracts is not enough if Czech or
    Hungarian translations are also floating through the ether. 
     
    Security problems are far less common on dedicated terrestrial networks. 
    Virtual private networks based on leased lines and/or frame-relay
    technology are far safer than the Internet (where each firm shares
    bandwidth with thousands of others). On the software side, distributed
    database tools like LotusNotes offer an acceptable level of security for
    most firms. 
     
    For peace of mind, follow a few simple rules: 
     
    * Under no circumstances should off-the-shelf Internet applications be the
    sole means of sending information. At the very least use a distributed
    database tool. When using the Internet, employ encryption on all
    Internet-borne messages. 
     
    * Back-ups are a must-not only of data, but of the infrastructure used to
    transport the information. If your terrestrial circuit occasionally goes
    haywire, investigate using satellite technology as a fall-back. 
     
    * Train your staff. Loquacious employees can be far worse enemies than
    flawed systems. Teach them to keep potentially sensitive material out of
    everyday intra-firm e-mails. You never know who's listening. 
     
    SOURCE: Business Eastern Europe.  EIU COUNTRY BACKGROUND 25/11/1998
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:12:32 PDT