Security in the information technology sector remains a high priority, with emerging threats targeting all manner of IT from custom web-based applications through to mobile devices.
Security in the information technology sector remains a high priority, with emerging threats targeting all manner of IT from custom web-based applications through to mobile devices.
According to Alphawest senior security engineer David Taylor, the custom-built web-based applications used by many organisations pose security problems.
“Most organisations are going to be running in-house applications,” he said. “However, there is little consideration placed on security during development.”
Mr Taylor said some of the types of threats to custom web applications included SQL injection and manipulation, a technique that can be used to hack websites.
“The data looks up database queries,” he said. “So it could pick up the password and get into that application.
Mr Taylor said companies using custom-based web applications should focus more on security in the software development lifecycle.
There also were security threats emerging when businesses decided to exchange their old phone systems for new, internet-based calling gear.
Mr Taylor said Voice over Internet Protocol (VoIP) and IPTel were proving to be susceptible to security attacks.
He said VoIP threats included man-in-the-middle (MITM) attacks, whereby hackers could eavesdrop on conversations between the parties by inserting themselves into the communication channel.
“They hack through over the IP network and are able to gain access to voice calls,” Mr Taylor told WA Business News.
He said there were also attacks on business clients, with companies facing email, IM and macro viruses, and ‘phishing’ – a program that lures victims to malicious internet sites.
“It’s about exploiting the server and there is vulnerability in servers, resulting in attacks which are going after people connected to the server and attacks to web browsers,” Mr Taylor said.
Earlier this year, more than one million users were infected with adware, which inundates users with pop-up ads, from online banner ads running on MySpace.com.
Mr Taylor said mitigation strategies to stop such attacks on the client included regular patching through updating security codes, behavioural host intrusion prevention systems (HIPS), personal firewalling and security awareness training.
Emerging threats in security are also of concern among mobile devices, with theft possibly the most prevalent of these.
“With PDAs and laptops, there is an amount of information stored locally and something as simple as theft means that others can get access to this important information,” Mr Taylor said.
He said other threats to mobile devices included IP-based attacks and Bluetooth attacks.
“There are security problems with Blackberry handheld devices whereby hackers can access internal networks through leveraging off someone’s Blackberry connection.”
Mr Taylor said it was important not to store confidential information on mobile devices and in situations where the use of filesystem encryption was required.
Further risks will become more evident in the future as the technology becomes more available.
