It is predicted that within the next five years, e-business will account for over 30 per cent of the global economy. To compete in this environment, companies will have to open their computer network to business partners and customers. However, this will make the business far more vulnerable to data theft and sabotage.

To study the new trends in IT security, Worldwide SCM had organised ‘Network Security 2001’ in Mumbai. Arun Pathak, COO, Texport Technologies Pvt Ltd, one of the sponsors to the event, explained to indiamarkets in lucid terms the concept of IT security and why Indian businesses need to consider it seriously.

indiamarkets: What is the concept of IT security?
Pathak: An IT security system like any other security system protects valuables. One of the company’s valued item is the information on customers, inventory and financial transactions. In the automated world this data is stored in a central computer called a server. A network of computers is connected to this server through which this information is accessed. Access to this information can be given to internal entities such as the employees or to external entities like suppliers and customers.

Also the company’s internal network of computers gets connected to the outside world via the Internet. Hence the internal networks become open and are therefore no longer safe. The company needs to protect its stored data as well as data travelling on the open network.

A good security system prevents unauthorised access to the company’s information either by internal or external entities. The key concern is to maintain the security, integrity and confidentiality of information.

indiamarkets: How does an IT security system work?
Pathak: An IT security system has the following components:

1. Anti-virus solution- this protects the data from being damaged or wiped out by destructive software programs, generally known as viruses.

2. Firewall- this is a software that follows a set of instructions to permit/ disallow access. This sits at the beginning of the company’s network and is programmed to follow the company’s policy regarding access. For example customers of a bank are allowed to access account details but not employee data. A firewall is available as an off-the–shelf product but different technologies are available to meet the company’s need for security versus its need for speed of access.

a. Packet Filter technology- this technology provides speed but is less secure
b. Application proxy technology - this is more secure but offers less speed
c. Adaptive proxy technology - offers speed and security

The firewall also checks the nature of information received before allowing it inside the network. Now advanced programs are also available that include hardware and software.  It has a firewall, anti-virus and a Virtual Private Network A VPN allows a company to encrypt the data it is sending out on the network to ensure it is not tampered with.

3. Intrusion Detection System (IDS) – Companies must remember that 90 per cent of hacking attempts take place within the network since employees are most familiar with the company’s systems. The firewall is like a watchman disallowing unauthorised access but it is ineffective once an intruder gets into the system. For this purpose there is the IDS. It sits inside the network and tracks any suspicious activity.

Also available now is an active security system that allows the various components of the security system like the anti-virus solution, the firewall, the IDS and the decoy server to communicate. For example if the IDS detects an intrusion it informs the firewall which in turn will try and break the intruder’s connection to the network. Hackers when they get into the network go the server with the maximum traffic. A decoy server is a dummy generating artificial traffic. Decoy servers deflect attention from real targets and help identify the intruder and points of entry.

Once the company has its security in place it can test the system through special hacking software that attacks the security system and finds areas of vulnerability.

indiamarkets: Is there a need for security in India?
Pathak: Yes very much so. The most notorious hackers in the world come from Pakistan. A Pakistani developed the first virus in the world. Many Indian sites like VSNL and Zee have already been attacked. Even if a breach happens only once a year, the loss is ten times greater than the cost of implementing a security system

Virus attacked 99 per cent of Indian companies in the year 2000. Companies lost millions because of the ‘Lovebug’ virus. Why did this happen? Viruses need a medium to travel. If they are detected and eliminated they cannot spread. This means security systems in India are very poor. Basic security software like the anti-virus is not implemented. Companies using lease lines or an Internet Protocol (IP) connection should look at security seriously since they are more likely to face attacks.

It is important to kept in mind that security systems be purchased from a company with worldwide operations because only such a company will have the reach to keep tracking new viruses and hacking techniques. The company should also keep providing updates to handle new attacks. Also companies should consider what technology would meet their needs best before going in for any program.

Going to a multi-product vendor or using the services of an IT consultant may help. Texport Technologies, which is the strategic partner of Network Associates Inc. USA, an IT security company also provides free consultancy on IT security related issues via email. Companies can send their queries to arun@texporttechnologies.com.

indiamarkets: Are financial transactions safe over the Internet?
Pathak: If there is proper security then the answer is yes. But nothing is fully secured. Indian banks are taking a lot of precautions. But even abroad there have been breaches and money has been lost.

Many B2C sites have only loosely secured servers, as speed is important. No security is full proof. This is a war between the good and the bad. The bad are the hackers and virus creators. They keep inventing new ways to damage or breach the security.

indiamarkets: What is your feeling about Internet security in India?
Pathak: It is very poor. Like I said there is not sufficient protection from hackers and viruses.  Also most organisations do not have content filtering software to monitor the content being viewed via the Internet and sent by email. Many employees use the company’s Internet connection to view pornographic sites and send emails containing bio-data and jokes.