Security touches us all

commentary Security -- both virtual and physical -- has reasserted its place at the forefront of business and community concern after the tragic events in London and a raft of developments in Australia and overseas.In a week dominated by news of the bombings and loss of life, other events have exemplified the need for businesses to be mindful of their security, locking down their systems to prevent intrusion and damage to their operations.

commentary Security -- both virtual and physical -- has reasserted its place at the forefront of business and community concern after the tragic events in London and a raft of developments in Australia and overseas.

In a week dominated by news of the bombings and loss of life, other events have exemplified the need for businesses to be mindful of their security, locking down their systems to prevent intrusion and damage to their operations.

In the United Kingdom, a hacker is desperately fighting extradition to the United States on charges of accessing critical defence systems. In an interview with ZDNet UK this week, Gary McKinnon claimed his activities exposed some basic flaws in security procedures and processes in the US' most vital systems. He said in one system he found that the local administrator's password was blank. Those in charge of the system had used "an image based installation technique where most of the machines have the same BIOS, the same hard drive, the same hardware specification" just applied across different systems, he said.

"So you don't even need to become domain administrator. That's 5,000 machines all with a blank system level administrator password".

In Australia, the federal government is moving to ensure the systems protecting our most critical infrastructure contain no such flaws. Attorney-General Philip Ruddock this week announced two utilities - Brisbane Water and Yarra Valley Water - would conduct security assessments of their systems as part of the AU$8 million Computer Network Vulnerability Assessment program.

However, the positive nature of Ruddock's news pales against a welter of news indicating the pervasiveness of security problems and the determination with which malware writers, hackers, criminal gangs and other miscreants are fighting for an edge in their arms race against vendors, consumers and corporate information technology staff.

Oracle, the Mozilla Foundation (developer of the Firefox browser) and Microsoft (as usual) were among those who either saw flaws exposed or acted to beef up the security of their products. In addition, an Internet security forum warned that ensuring compliance with the Sarbanes-Oxley Act's corporate accountability rules was diverting business spending from security, while spammers were finding ways of bypassing filters and the incidence of botnets and spyware is continuing to rise.

One could draw from the news of the week the conclusion that an elevated awareness of physical security must pervade our every move. From an IT managers' perspective, the lessons are merely a reinforcement of what should be second nature; making sure the right anti-spam and anti-virus software is installed throughout the enterprise, the right level of user authentication is required and staff are made aware of their obligations.

What do you think? Do we need to change our attitudes to security, both personally and at work? E-mail us at edit@zdnet.com.au and let us know.

Iain Ferguson is the News Editor of ZDNet Australia.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All