Monday, January 30, 2012

GOVERNMENT WEBSITES AND SYSTEMS SHOULD BE ‘HARDENED’

Over 100 government websites were defaced by an Indonesian hacker in January 2012. This is a harbinger of things to come. As more organizations get online hackers will test their hacking skills and the government is a target like everyone else.

This incident informs us that government websites need to be hardened. The government should ensure that its websites are well protected from any intruder who might try to hack and steal data contained therein.

Apart from defacing websites, hackers usually move on to the next stage by attempting to penetrate the database(s) that sit behind websites.

Securing the data in these websites is a basic but another fundamental is that this data should be encrypted. Most of the government sites that were defaced have a user login feature that allows authorized users to log in and for instance check their mails. This kind of sensitive data is what should be encrypted.

Government web developers should also make sure they are using the right coding methods. Web developers can unknowingly leave their websites at risk in various ways. One way is by leaving ‘open doors’.

An open door could be an administrator password that has been left as a comment in the source code. By looking for these commented codes a hacker will be able to log in and access valuable data.

Where you host your site is crucial in determining the security of a website. Websites are hosted on servers. A ‘weak’ server is a vulnerability waiting to be hacked. Evidently the server in which the government domain is hosted in was not secure.

This episode should be a wake-up call. As more and more Kenyans embrace the internet, the subsequent development and adoption of e-commerce will ensue. It will soon be possible to pay for government services online. Instead of going to a supermarket we shall be able to shop online and have the shopping delivered to our homes.

The monetary motive for sophisticated hackers to target our systems will then exist. Opportunity is already present because most of our websites and systems are note secure. This will leave many Kenyans vulnerable to online scams and fraudsters.

It is imperative that Government takes up the gauntlet and develops a fully fledged High Tech Crime Unit in the Kenya Police. This unit should be the first responder and of more importance should aim at mitigating threats to our national ICT security.

No comments: