Contact Us | Feedback | Frequently Asked Questions | Event | Videos | Site Map
  CCAOI Invites you to a round table conference on “IANA Transition & ICANN Accountability Process and India's Position” on 30th May, 2015, at Silver Oak 1 Hall, India Habitat Centre, New Delhi | A study on the Indian Perspective on IANA Stewardship Transition.









News Letter



Exploring Cyber Security - The Open Source Way!
EFY Times News, 24 Aug, 2011

Most of us are familiar with cyber crime. From cyber hacking into an organisation’s computers, bank accounts to the most recent attack on the world’s largest search engine, or umpteen credit card frauds and other such criminal activities, cyber attacks in varied manifestations have become a mode of war that underscore the way in which the Web has shaped up human lives!

The growing crime rates paint a very dismal picture of the Web security across the world. According to a report last year by the U.S. based Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Centre, India ranks fifth in the world for cyber crime. To add more, under the Information Technology Act, a total of 420 cases such as hacking computer systems or forging digital signatures were reported in 2009, while the figure was 142 in 2006. Predictably, 97 of the 420 cases were reported from Karnataka, the state which has the IT hub of the country as its capital.

Cities like Bengaluru, Ahmadabad, Delhi, Ludhiana and Pune, among others, reported high incidence of cyber crime cases under the IT act with a total of 145 of the 178 cases--accounting for more than three-fourths of the total cases. Meanwhile, a total of 276 cases were registered under the Indian Penal Code (IPC) during 2009 as compared to 176 such cases during 2008, an increase of 56.8 per cent. Maharashtra reported the maximum cases at 108 followed by Chhattisgarh with 46 cases. Media reports suggest that majority of the crimes of total 276 cases fell under two categories--forgery and criminal breach of trust or fraud.
This goes on to show that cyber crime is big business, and how!

Cyber crime is mainly spread through the Internet, e-mail or rather a malware in the computer’s operating system. Spamming today is a big business and has resulted in a multi-billion dollar anti-spam industry. Virus writing is now a professional business, and criminals actually advertise jobs offering a few thousand dollars a month for this task. To track it down, antispam systems can be built from scratch using open source software. These systems can easily get rid of most of your spam, and keep your system safe of malware transported via e-mail. There are a number of software options for antispam work, notably the Thunderbird desktop client, SpamAssassin, CRM-114, DSpam, Procmail, Postfix, Exim, Sendmail, etc.

There have been many discussions and debates on how the security system in India has been a haven for cyber criminals. They easily find their way in our systems, do their job and benefit from the same. Hence the entire security system looks flawed and needs to be more secure. Numerous people lose their rights to the intellectual property as the thieves grab small amounts of data which goes undetected and scot free. However, every crisis holds a solution. Likewise, there are many pertinent solutions to the problem of cyber crime. One of them is open source software.

So how can open source software help you stay safe from malware? Open source is not a guarantee of security. You do need some knowledge of how to run computers to stay safe. What open source gives you is an entirely different approach to security: Auditing!

One of the best known techniques in the security world is auditing. It is a known technique for preventing fraud, and most of us would be familiar with audits from the financial world.

Popular open source software has been audited by a large number of people. Wietse Venema, a well known software author and security expert, estimates that a good programmer has a bug rate of 1 per thousand lines of code. Most software have millions of lines of code to support various features. This means that there will be thousands of bugs in software, any one of which can be a security hole.

Auditing helps in finding and fixing these bugs.

Cyber criminals exploit various attack strategies in trying to break into computers. Even simple home user machines can be used to send spam, participate in denial-of-service attacks, and do various other forms of damage. Malicious websites can run Javascript on your computer to cause you to see unwanted advertising.

On the client desktop, running the open source Firefox Web browser is a significant win for security. Firefox alone isn't sufficient, but it comes with a giant ecosystem of plug-ins which add to security. Adblock-plus is a plug-in which stops advertisements dead in their tracks. Scriptblock disables JavaScript and lets users enable it on a site-by-site basis. Some of the known flash plug-ins have been a source of security bugs; they are generally bad residents on your PC because they simply hog resources and make systems slow. Using flashblock will let you run flash site-by-site, and restrict them elsewhere.

In the Middle East, some countries try and run a man-in-the-middle attack against their own citizens to try and figure out their rebellious elements. This requires the country to spoof a SSL certificate for sites like Facebook, Gmail or Twitter. The Certificate Patrol plug-in will notify you of any such attempts at breaking SSL.

Some professionals prefer to run Linux on our desktops (and laptops). This adds to the security because they are running a non-standard OS. Most malware is targeted at Microsoft Windows, and it just doesn't run on Linux. Banking trojans which steal credit card information don't work on Linux.

On the server side, running Linux (or BSD servers) makes a lot of sense. These systems have been written from the ground up to be secure, and it shows. SE Linux is a Mandatory Access Control system for Linux which restricts what individual users or processes can do. Even if software has a security hole, SE Linux can be used to prevent any further damage being done to that system.

For systems like SSL, internationally renowned security technologist and author Bruce Schneier insists on having the algorithm and implementation public and audited. This is the only way to guarantee security.

In conclusion, secrecy is no guarantee of security. Secrecy serves to hamper security, by keeping information from the people who make things secure. Open source strips the veil of secrecy from software, and leaves it open to scrutiny. This helps in actually getting flaws fixed, unlike closed systems where the vendor has an incentive to leave systems insecure.

<< back

Posted Comments

Post your Comment :
Name *
Phone Number *
email Id *
Comment *
Enter Text