http://www.ottawabusinessjournal.com/293455348167773.php By Michael Hammond Special to the Ottawa Business Journal Nov 1, 2006 Experts are advising governments to beat hackers at their own game. Government records are becoming the next big target of cybercriminals, which has technology experts urging public servants to thwart the increasingly bold bandits before they become a problem. One way to protect a network is to hack into it and find the gaps before the criminals do, tech experts advised government officials at last week's GTEC government technology trade show at the Congress Centre. While most technology experts agree that Canada's federal government is one of the most wired in the world, the steady march of technology is also providing larger targets for online criminals. At last week's conference, most technology companies showcasing their products focused on how to secure vital government documents and data. So far this year, most technology security experts have noticed a large spike in host intrusions, said Brian O'Higgins, chief technology officer of local IT security firm Third Brigade Inc. Gone are the days when a software patch was enough to deter hackers, he added. "You can't patch (a network) fast enough," he said. "You need a shield." Hackers often prowl around government networks to search for an area of vulnerability. When they find one, they like to take over the network, insert their own lines of code and use the data. Mr. O'Higgins said government departments can save themselves a lot of headaches by investing in the services of an ethical hacker. "Where you're getting your biggest bang for your buck is the vulnerability scans," Mr. O'Higgins said. Third Brigade has focused its efforts on protecting corporate servers. Since more hackers are attacking servers rather than individual computers, the stakes are much higher for governments, he said. Marc Maiffret, a 25-year-old hacking wiz, said doing a penetration test against your network is a good way to ensure your data is protected at all points of a network. However, the so-called pen test is no substitute for having the right technology in place from top to bottom. "When it comes to doing a pen test, it should be the icing on the cake," he said. Mr. Maiffret, the founder and chief hacking officer of eEye Digital Security, said hackers are looking to break into government servers just like spies once tried to get military documents during the Cold War. Although a number of government departments in both the United States and Canada are well protected with closed networks, Mr. Maiffret said new wireless networks and Blackberry-like devices are opening new gateways into government networks. "It used to be like the castle and the moat," he said, meaning there was usually few ways to penetrate a network. "Now there are just too many ways to get in." Tyler Cashion, managing director of FirstComm Wireless, said technology companies are creating the technology to solidify wireless networks. "I keep hearing that the Blackberry is the only thing safe enough for government use," he said. "That's absolutely false." Although Blackberries run on a network that operates like a virtual private network out of Research In Motion's Waterloo headquarters, Mr. Cashion said more tools are being developed to shore up the vulnerable gaps in wireless networks. Still, he said many government executives fear what will happen if one of their employees turns on their laptop in a hotel over an unprotected wireless network. If an employee doesn't make sure their virtual private network is turned on and that all connections to other laptops are severed, the prospect of a nightmare hacking scenario is very real, Mr. Cashion told a gathering at last week's conference. Mr. Maiffret said governments are beginning to invest in the same security measures for their wireless networks as they have for their conventional networks. He said Canadian government departments have done a particularly good job arming themselves against threats. However, he said Canada's close ties to the U.S. mean our government networks may be susceptible to back-door attacks on the States. Since both governments share so much information and network links, Canadian IT officials must be mindful that this makes Canada a prime target, he said. _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Nov 02 2006 - 03:19:19 PST