Rediff Logo Infotech The Rediff Music Shop Find/Feedback/Site Index
HOME | INFOTECH | HEADLINES
September 23, 1999

HEADLINES
SHAREWARE
DISCUSS
POLICY POLICE
JOBS
ARCHIVES


Search Rediff

Indian ISPs need to secure their services

Email this story to a friend. Neena Haridas at Pragati Maidan

Back to IIW '99 index Whenever Uday Om Pabrai visits India and logs on to the Net for a shopping spree, he quits midway. He is paranoid about entering personal details over a connection from an Indian ISP.

Pabrai, vice-chairman, Prosoft, USA, is Web security whiz and, according to him, the greatest flaw with Indian ISPs is that they do not provide a foolproof security system.

Says he, "Its not just important to know the threats. It is important to know the technology of these threats too and of course the solutions to these threats.

He said, to begin with, ISPs and the clients must understand vulnerabilities of their networks by using methods of risk assessment and vulnerability scanning.

The impact of threat is the disruption they cause to your business and the potential loss of assets. Vulnerability scanners may be used to find system and network vulnerabilities.

These threats could be passive or active and accidental or intentional. Passive or accidental threats may not necessarily be insider attacks because both forms of threats can be either from an insider or an outsider.

Citing examples of some of the risks, Pabrai said masquerading or spoofing is a major threat on many networks. Another common attack is that denial of service attack that is used by hackers and crackers with the objective of taking over the network or utilising the disk space. This could lead to not only loss of data, but even business, says Pabrai.

Similarly, Unix and Solaris often face the trapdoor security hassle. "The system administrator thinks that he has put a smart password and it is secure within his brain. But that may not be the reality, it could be easily cracked and the entire network loses the integrity and the corporation loses money and data."

Another risk prone area is the 'trivial file transfer protocol'. Here no authentication is required to enter the network, anyone anywhere can enter the network.

The key thing is to identify the vulnerability and then implement the tools and their combinations to counter the menace.

Says he, "I feel risk assessment is equal to getting the fingerprints of your network so that you keep track of what is happening within your own network."

ISP security becomes extremely important when we look at the e-commerce infrastructure in the country.

Says Pabrai, "Consider a scenario like this: You conduct a transaction on the Net and then later that guy comes and says that nothing of the sort ever happened. What security do you have in this scenario because you have already revealed your details to the fake guy?"

Back to IIW '99 index "The point I am making is that every protocol is different and every protocol has a different threat. Hence it is the ISPs responsibility to identify the risks and take corrective measures," concludes Pabrai.

Tell us what you think

HOME | NEWS | BUSINESS | SPORTS | MOVIES | CHAT | INFOTECH | TRAVEL | SINGLES
BOOK SHOP | MUSIC SHOP | GIFT SHOP | HOTEL RESERVATIONS | WORLD CUP 99
EDUCATION | PERSONAL HOMEPAGES | FREE EMAIL | FEEDBACK