Vulnerabilities of local authority websites

By Hytec Information Security

 

The security of Internet-facing ICT systems is crucial to the delivery of ‘joined up government', as local authority websites become the primary interfaces by which local services and transactions are made available to citizens.

 

During December 2005, Hytec conducted vulnerability assessments on twenty local authority websites. These were selected randomly as being a representative sample of Borough, County, District and Metropolitan Councils.

 

Website vulnerabilities - the risks you face

 

Prior to an attack, potential attackers will evaluate any vulnerabilities associated with your website. Typically, this will take a skilled hacker no more than 45 minutes. They will then select the route of least resistance to achieve their desired objectives. These could be to:

•  Disable your service (Denial of Service attack),
•  Gather sensitive information,
•  Deface or change the content of your website
•  Redirect (unknowingly to the users) visitors from your website to another site, usually with the same ‘look and feel', in order to gather sensitive or commercial information
•  Monitor activity to or from your site (by mounting a ‘Man-in-the-Middle' attack)

 

Survey Findings

 

Commenting on the findings, David Bryant , Hytec's managing director, said: “We conducted a similar assessment in 2003 and, although the 2005 results are encouraging in that they show a greater awareness of security matters in general, we still found that 70% of the sites we tested had at least one vulnerability that could be exploited by an attacker. T he vast majority of these could have been resolved through good patch management policy.”

 

“Every local government website has now become a potential target for attackers”, said Bryant. “A s killed hacker will identify any vulnerabilities within 45 minutes at most . They could be seeking to disable the service, to monitor site activity, to deface or change website content, or even redirect visitors to another site so as to gather sensitive information.”

 

To receive a 6-page summary of Hytec's report – ‘Vulnerability Assessment of Local Authority Websites' - please click here or call Hytec on 01865 887 428.

 

Source: Hytec Information Security www.hytec.co.uk

Back to Security Matters index

 


Home  |  About   |  Customers  |  Services  |  ProductsInfo Security  |  Contact
Hytec Information Security Limited, Eynsham, near Oxford, UK   |   tel. 01865 887428  info@hytec.co.uk