The New Threat to Internet Information Security:
The threat to information security for government, corporations and
even individuals has changed dramatically in the last 24 months.
With motives shifting across politics and profit, internet based hackers are going
after corporations and the public sector with new vigour.
This has important implications for information security managers, but more broadly
it requires a totally new approach from both business and government leaders.
In the past a slower Internet speed has provided a level
of protection as the web server was usually fast enough to handle the incoming data.
However with the advent of much faster world-wide internet connections, DOS attacks become much easier to achieve.
Hence the ability to totally swamp multiple web servers anywhere and any time becomes much easier.
When a computer becomes overwhelmed it is unable to operate normally unless the programmer has specifically allowed for this, which is rare.
- Fundamentally unless the computer can handshake the data to stop, this causes I/O buffer failures resulting in an unstable, unreliable and untested operation, and hence DOS based hacking has become
- The desktop culture has always been that most computers rely heavily in the fact that they are able to run faster than the data-driven applications require.
An External Web server is a Dangerous Place to store your
Highly Confidential Mission Critical Strategic Data.
There are some website providers who are offering to host & store
your strategic data on their Web Server using their software.
If you pay a recurring cost, you can access your data using web browsers such as
Internet Explorer, Firefox or Google Chrome.
This is absurd as in most cases the following applies:
1. You have little or no security guarantee.
2. You are not able to establish website staff access or usage rules for your data.
3. You do not know who has written the software, nor any of the staff that work
with the website, nor what their qualifications and backgrounds are.
4. You will not be advised should the web site with your data, be hosted at a different
site or moved to any overseas country.
5. You do not know if the website is hacker proof, and you will never be advised
if the security is changed or breached.
6. You do not know what monitoring equipment is listening to and recording your
website data traffic.
7. Unless the website is using the https:// secure protocol, your data is transmitted
on the wire using clear text.
8. You will never know if any website staff have sold your confidential strategic
data to your competitors or to a statistics bureau.
Even if the above items are not an issue for you,
Web Server Security Breaches from Internet Hackers can and will occur.
- You do not want this happening with your private Strategy Maps and Balanced
- You do not want outsiders to ever read this data.
1. They can steal your precious Mission-Critical Strategic Data.
2. They can change the data thereby effectively changing the performance
and direction of your organization.
In general terms, using a Web Server and Internet Browser
for all your data means:
- with complex software, your user interface is much inferior and hence harder
- your time-spent-at-the-keyboard is always dictated by the quality of the
User Interface, plus the Internet and Remote Server round-trip-refresh-delay-time.
- A much better solution is to use a secure corporate thin client facility.
Your Local Computer is protected from the Internet:
Our software is Windows mode software.
This means that it exists only on Your Local Computer, similar to MS-Office (Word,
If you have a company with a Terminal Server or PC Network then it can exist there
Your local computer is not open to hacker attacks via the internet.
It is protected by:
1. Your Router: Hides your PC from the Internet,
2. Your Firewall: Prevents unauthorised access and
3. Your Windows Vista/7 UAC.
The User Access Control (UAC) system ensures that everything on your computer which
needs administrator privileges requires your approval.
Strategic Plan Security Needs:
The very nature of the Strategy Map and Balanced Scorecard system is to expose your
intangible assets to strategic scrutiny via a visibility and feedback framework.
This means it is a system that peels back all the layers leaving the heart exposed
for anyone to read.
Only the highest level of security is good enough.
If you need a wide area solution, then you should use a system such as Windows Terminal
Server or Citrix Terminal Server.
These systems are both safe and fast, offering state-of-the-art security, reliability
and execution speeds.
(Windows 2000 WTS is adequate and inexpensive).
The other type of software exists on a Remote Web Server, it is displayed using
web browsers such as Internet Explorer or Firefox.
- Your data is located on some other companies computer/s.
Your critical Strategy Map and Balanced Scorecard data should never be located on
remote external web servers.
External Website Security Concerns:
Several Sony Websites were severly hacked in April/May 2011, with thousands of credit
card and identitly details stolen.
Internet Website Crime has become a fact of life and the serious nature of this
attack caught everyone by surprise.
With the second hack into Sony, the personal information
from 24 million SOE accounts was stolen, along with full details of 12,700 credit
card and debit cards.
The effect of this on the Credit Card industry and many people
use use Credit Cards has been profound, whilst the effect on the Illegal Credit
Card industry has been to drive down the price of stolen credit cards from $10 down
to only $2.
This year security warnings have been published by security agencies such as
Bürger-CERT in Germany.
These vulnerabilities will be fixed with the release of new versions, however new
security issues are continually being exposed.
Dire warnings have been given to all public web sites that they should expect internet
hacking or denial of service attacks at least every 2 years.
In 2010, our state electric train network was hacked forcing trains to stop and
others to go slow. Fortunately there were no accidents.
Web servers are open to the Internet:
Public Web servers must sit exposed on the Internet, without Router Address Translation
and without Firewall Protection.
They are not protected from hacker attacks and these can be launched from anywhere
in the world.
Only the server's own access rules prevent illegal access. These rules can be broken
and in many cases the server security updates are allowed to lapse.
Every time a web server vulnerability is reported, the system manufacturers have
to rush to release an update.
With many web servers the update process lapses which is why approx 1 in every 1000
web servers has been hacked and is infected.
Often the owners are totally unaware that their website is being exploited by hackers.
needs administrator privileges requires your approval.