Reported By:
| Edited By: Sunny Waghela |Source: DNA |Updated: Feb 27, 2011, 11:06 AM IST
Having provided a solution to certain problems, we generally don't expect someone else to speculate over the whole question whether it is the right one or the wrong one that we are answering. Even we ourselves don't do that very often.
But in our case, where the technologies are getting upgraded within every 9 minutes, we need to be on the tip of our toes to secure ourselves from all those sitting hell bent on leaking any crucial information about the country. Well, to the say the least, the government is sure on their toes, not securing, but trying to run away from this stuff.
Reports have suggested that the NIC server, which hosts mainly the most operated and covert government websites, was found vulnerable and was duly reported. The penetration testing was neither official nor legal, but it was actually done co-incidentally in an effort to secure the same, by Indian Cyber Army.
The last attack as all of you had observed was also on a website hosted on the same server, and I need not point out the names of the website, as a lot of fuss seems to have been created already.
The government is launching and selling many of its security sensitive projects to private players, helping them provide some better solutions than what the government could. But again, the private sector companies who have been creating websites will not be able to satisfy the demands put forth by the government, as their own websites are vulnerable.
The problem lies here in the basics of the networking, which right now every student is being taught from very beginning. All lies in the basic OSI model of networking, very strangely!
The website publishers and the website developer will right now be laughing on my last statement, but really the vulnerabilities, which I have been exposing and reporting to all these guys, just include only the single layer of that model. If I go into the depth of all these, there may be many more, which still puts into question the development of the website that begs the question as to what actually these people are doing, while saying that they are making a website.
To state in clear words, the vulnerabilities lie in the application layer and the whole network and system gets exposed, due to its link with those vulnerabilities.
And very sadly, the government still has not got any clue about the authentication of applications and securing them first, rather than using some very huge system firewalls and wasting time and money in maintaining the same. Apart from that, the idea of penetration testing best suits all websites, that there may be errors in the coding.
Howver, their needs to be some testing and some check-up done on those error, because we won't like to supply our private information to a site, which is not capable of keeping it secure enough.
The author is a city-based ethical hacker and specialises in cyber crime investigations and forensics
