Korea Strengthens Internet Security

[InfoSec News <isn () c4i org>]

http://times.hankooki.com/lpage/tech/200305/kt2003052518225511790.htm

By Kim Deok-hyun
Staff Reporter
kdh () koreatimes co kr 
05-25-2003
  
Anyone who thinks the Internet is just a convenient tool for the
coming information society, should take another look at its side
effects.

Despite growing concerns about online security, computer networks
remain more vulnerable than ever to cyber attacks, Internet worms and
unforeseen security breaches.

``As a result of increasing interconnectivity and communication
networks, the Internet is now exposed to a number of various threats
and vulnerabilities,'' Moon Kyung-il, country manager of Network
Associates' Korean unit, said.

Simply put, in a race between security measures and potential
vulnerabilities, the latter gain an upper hand since no perfect
solutions exist, he said.

``We're not improving fast enough to keep pace with foreseeable
security problems in cyberspace, but new and changing threats will be
continuously emerging,'' he said.

Ironically, because of its highly wired broadband Internet
infrastructure, South Korea is rapidly emerging as one of the targets
of international cyber attacks.

According to the National Police Agency, from August 2001 to March
2002, the country received a total of 4,376 reports on security
breaches and hacker attacks in computer servers, accounting for 39
percent of worldwide online attacks. The U.S., China and Taiwan ranked
second, third and fourth, respectively.

Early this year, the country's Internet networks were severely hit by
a new class of worm. Unlike computer viruses, worms do not need human
intervention to be spread.

The unprecedented Internet attack hit the U.S. first and Canada and
spread quickly, hitting Korea especially hard. Korea was in a
pandemonium, with almost all Korean Internet users experiencing
difficulties in gaining access to the Internet for almost half the
day.

The ``Slammer'' worm sent huge volumes of data randomly, exploiting a
well-known vulnerability of Microsoft's SQL server software. The huge
traffic caused disruption in information networking of Internet
service providers, paralyzing online shopping malls and Internet
banking services.

Korean civic groups, including the People's Solidarity for
Participatory Democracy, and Internet service providers filed a
lawsuit against Microsoft's Korean unit to seek compensation from the
damage.

``At that time, actual damage was relatively limited because the worm
attacked only servers,'' Moon said. ``If the worm attacks personal
computers, we won't be able to calculate the scope of damages.''

He pointed out the importance of periodical maintenances of computer
system such as frequent updating of anti-virus programs and checking
out potential security breaches at homes and workplaces.

``Individuals should incorporate security as an essential part of
computer systems and networks,'' he said. ``With computer networks
becoming increasingly wired, security breaches and online attack risks
will always be there in our everyday life.''

Computer security experts said an information society without online
security would face a distinct threat because the Internet has become
indispensable to national security and economic well-being.

An unsolicited e-mail advertising or ``spam'' has also posed a threat
to the coming information society. According to the Korea Information
Security Agency, a government-affiliated Internet security research
group, unwanted e-mails are estimated to cost 2.6 trillion won a year
in both tangible and intangible damages.

The study found that the amount of spam e-mails jumped at a blistering
pace. As of the end of 2002, an individual got an average of 34.8 junk
e-mails a day, most of them designed to lure recipients to
pornographic Web sites. In 2001, only 4.7 unwanted messages were
delivered every day.

The flood of e-mail advertisings also means Internet service providers
have to bear the cost of extra hardware and filtering software, not to
mention unhappy e-mail users.

In addition, outbound spam e-mails from Korea have been a source of a
string of complaints from abroad.

``Every day I get 20 or more e-mails in Korean although I can't read
Korean,'' Joel Rubin, a U.S. resident, said in an e-mail message.

``Frequently, the e-mail has a phone number with no country code,'' he
said. ``Since incoming spam costs 10 percent of the monthly Internet
service provider fee, I regard this as theft by laziness.''

To halt the relentless spam e-mails, the government has pledged to
employ tougher measures, but it isn't easy to cut down junk e-mails
with online marketers getting smarter and computer networks getting
more complex, experts said.

On May 22, the Ministry of Information and Communication announced it
would form a country-wide organization, including the government and
the law enforcement authorities, civic groups, Internet service
providers and e-mail service operators, to fight a joint war against
spam e-mails.

Currently, Korean online marketers are required to register their
Internet addresses when they send unwanted commercial e-mails to allow
recipients to send complaints not to send those messages again.

In a recent study titled ``Internet Security Concerns in
Asia-Pacific,'' Internet Data Corp. (IDC), a technology consultancy,
said 60 percent of enterprises surveyed felt their greatest security
threat is a virus attack, while 22 percent perceived hacker attacks as
the overriding threat.

The study found that 72 percent of the enterprises reported they had
experienced an Internet security breach, and 39 percent felt the
degree of security threats has increased over the past year.

About 26 percent said that increasing Internet use pushes up their
spending on Internet security, while 7.1 percent cited e-commerce
initiatives as the key factor, the study said.

Nathan Midler, IDC's senior analyst, said 97 percent of all
enterprises surveyed had some form of Internet security in place, but
security solutions were more focused on off-the-shelf anti-virus
products and less on robust, high-end solutions.

``The perception that security threats are increasing, coupled with
further integration of e-businesses at workplaces, is driving
companies to look beyond a mere anti-virus software toward more
advanced solutions, such as disaster recovery services and
encryption,'' Midler said in a statement.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.