Hytec assesses vulnerabilities of council websites for 2006 survey
Every
local authority website and Internet
connection provides a potential gateway
for hackers or malcontents to attack
the organisation’s critical information
assets.
There
are 468 local authority websites, each
of which has IT servers connected to
the Internet. Unless appropriate
security controls are in place, every
one of these are open to misuse, either
accidental or deliberate.
For example, a competent hacker could
deface an authority’s website,
copy and distribute confidential information,
undertake a Denial of Service attack,
or even use the authority’s IT
servers as springboards to attack other
organisations.
To
understand and evaluate the risks involved,
Socitm Insight have
commissioned Hytec to assess the vulnerability
of a representative sample of council
websites and their supporting systems.
The studies, to be conducted by December
2005, will be undertaken as part of
Socitm Insight’s ‘Better
Connected 2006’ survey
into the development state of local
authority websites across the UK.
A
summary of the findings will be incorporated
within Socitm’s 2006 report.
Although individual results will remain
confidential, Hytec will notify any
council should any serious vulnerabilities
be identified on their site, and will
provide full results data to any councils
requesting to see their own results.
Hytec’s
tests will be non-intrusive and will
not pose a threat to the authority’s
existing services. In identifying
threats, Hytec take the same initial
approach as a potential attacker, namely
investigating the network and identifying
possible weaknesses. However,
unlike attackers, Hytec use non-invasive
and non-malicious testing to avoid causing
any Denial of Service, and will make
no attempt to exploit any vulnerabilities
discovered.
|
