County council turns guns on itself...
Published: 26 May 2005 08:30 BST
Hertfordshire County Council has signed a deal with security firm NetSec to run penetration testing on its systems - a process of replicating hacking techniques to test the robustness of security measures in place.
NetSec, recently acquired by MCI, will run testing on all the council's websites, systems and networking resources as well as applications developed in-house and by external third parties.
Dave Mansfield, telecoms services manager at Hertfordshire County Council, told silicon.com NetSec will be running two levels of 'attack'. One involves an automated system of vulnerability testing, the other, a more manual approach, involves an off-site team running social engineering-based, and the latest physical hacking, techniques.
Councils are increasingly having to adopt more secure methods of communication as more and more functions and facilities move online.
"Because we are local government we tend to adhere to all edicts which are handed down. A lot of the information we handle is very sensitive such as the at risk kids register," added Mansfield. "We're probably a little paranoid but I think paranoia is a good starting point for good security."
'Ethical hacking' and penetration testing is becoming an increasingly important aspect of security with companies and organisations not willing to wait until somebody with criminal intent comes knocking before they discover where their vulnerabilities may exist.
Rob Chapman, founder of the Training Camp which runs a certified ethical hacking course, told silicon.com demand is definitely growing for skills in this area.
One of the most important issues is that "too many people trust the vendors to tell them whether their software is secure," said Chapman. And while no vendor would deliberately ship insecure software it doesn't mean vulnerabilities don't exist in a great many applications used widely.
Mansfield agreed. "I personally think people have to look more and more at the application side. Application testing is the next big thing."
"We might buy the latest Microsoft product and roll it out but we know from attacks such as Blaster and the like that it doesn't stop there. We're now trying to pre-empt that."
"You can have all the firewalls and antivirus in the world but if you're running insecure systems then those defences might as well not be there."
Our clients are experts for the provision of Penetration Testing and as part of their on-going expansion programme they are seeking Penetration ...
To undertake the strategic review of the existing property portfolio and align it to better support the current and future County Council? ...
The Programme and Projects Group is managing a programme of work to realise Warwickshire County Council's ICT Strategy and Corporate ICT Development ...
Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Naked CIO Naked CIO: Should you monitor staff? Somebody's watching you
Elinor Mills Why 1970s hackers had 'whiz kid' status Q&A: Kevin Mitnick - blackhat hacker turned good guy