Friday , March 29, 2024

Network Security: One Step Ahead of the Bad Guys?

This week's outbreak of yet another computer-network virus has served as a reminder to the online transactions industry that the networks they rely on for e-commerce?and increasingly for ATM and point-of-sale traffic?are vulnerable to malicious code. Although the latest outbreak, called the “bagle” virus, was quickly brought under control after its emergence Sunday, it is only the latest in a long line of bugs, worms, and viruses that have attacked transaction networks over the years, some of which have done major mischief, including shutting down thousands of personal computers and, in a few cases, ATMs. Not only are these attacks becoming alarmingly numerous, they are only bound to get worse as the sources of the attacks become increasingly organized and motivated by profit, experts say. The CERT Coordination Center of Carnegie Mellon University's Software Engineering Institute, Pittsburgh, which tracks incidents of network attacks, says such incidents reached more than 114,000 in the first three quarters of 2003. That's a 40% increase over the number reported for all of 2002. “We're in a constant arms race with those who are engaged in malicious activity” says Rich Mogull, research director at Gartner Inc. who served as a lead analyst for a project, dubbed “Digital Pearl Harbor,” that Gartner conducted with the U.S. Naval War College in July 2002 in an attempt to pinpoint network vulnerabilities in case of an attack by terrorists. So far, Mogull says, network security managers are staying one step ahead in this arms race, having learned a lot last year in particular from various outbreaks, including the especially effective Blaster bug. “Our defenses are a heck of a lot stronger,” he says. But he and other experts worry that the transaction industry's migration from more-secure proprietary networks and software systems to Internet connections and open operating systems, particularly Microsoft Windows, will bring with it all the vulnerability computer users struggle with. ATMs are increasingly shipped to deployers with a version of Windows XP as the operating system, in place of the old IBM OS/2 standard, which IBM Corp. has said it will stop supporting in 2006. And point of sale devices, too, are adopting Windows and running in greater and greater numbers on TCP/IP connections, the Internet protocol, rather than traditional leased or dial-up lines. Celent Communications, a Boston-based research firm, projects that 250,000 stand-alone terminals will be running on IP connections in 2006, up from 17,000 last year. Earlier this month, Microsoft Corp. announced that Radio Shack Corp, Circuit City Stores Inc., and Meijer Inc. were all deploying or had already deployed Windows XP Embedded in their point-of-sale systems. Microsoft says the deployments allow for tighter integration with other store systems and also offer increased reliability and security. And some analysts, while advising caution, say the advantages of this migration outweigh the risks. “It's a tradeoff, just like when you access the Internet on a PC,” says Gwenn Bezard, a Celent analyst. “I don't think the security concerns overrule the benefits.”

Check Also

Buying Groups Might—or Might Not—Give Merchants More Negotiating Power with the Card Networks

Card-acceptance costs and network rules weren’t the only subjects covered by the sweeping settlement revealed …

Digital Transactions