Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Web security back on HK businesses' radar

Computerworld Hong Kong staff | May 6, 2013
Experts on Web application security gathered recently at a seminar organized by Dimension Data and Check Point to discuss serious business implications of Distributed Denial of Service (DDoS) attacks if not properly addressed by enterprises.

Another reason for attacks on Web applications are becoming prevalent is due to the proliferation of smartphones and devices such as tablets in the market today, according to Ng.

"Previously users only have one device to access the network, today they have up to four devices -- smartphone, tablet, laptop and another device -- to connect to enterprise network, hence hackers have more opportunities to attack," Ng said.

"Yesterday's technology will not be able to protect you today,' Ng added, citing what happened to companies like Amazon.com and Yahoo -- which both use Web applications to interact with online users. Both experienced DDoS attacks causing them to lose huge amounts when their systems went down for about 10 hours.

Ng said Check Point sees Web traffic challenges today originating from two areas -- Web sites and applications. While enterprises in the last five years were able to traditionally control their applications, it is no longer the case today.

This is because Web applications today can be accessed through mobile gadgets that don't require a browser to access the Web.

Ng said that they had a client who previously had to develop Web applications every two years. With the Web 2.0's advent, they need to develop Web applications every six months to keep pace with the changing needs of the market.

"For us we can protect them in the next 6 months, but not in the future, that is the big challenge that we face," Ng said.

Unknown enemies

DDoS initiated by hackers can be detected but when an unknown attack from other external source such as CD or USB that is accidentally plugged in one of the network's workstation, it can quickly populate and infect the whole network, Ng explained.

"We do not know what will attack us in the future. We are fighting the unknown that is why we need to do something in advance," Ng added.

Citing a case study during his presentation, Ng said that a client who had a DDoS attack sought their help last year and within an hour, they were able to find the cause of the attack and created a patch for the application to prevent further attacks.

The advent of cloud computing also makes it easier for Check Point to keep their customers protected from DDoS attack. "The beauty of cloud is we can do collaboration work in helping customers update their patches," he added.

Understanding DDoS vulnerabilities

Ng from Dimension Data said that there should be a security level embedded on Web applications during its production stage to block unauthorized access or attacks.

One way of ensuring security level of Web application is to refer to OWASP's report on the top ten mobile security risks, which discusses vulnerabilities that enterprises should look into in developing Web applications to protect against DDoS attacks.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.