IT infrastructure
Secrets of the trade
Prevention - the best cure
What's NewS Issue 5 August/September 2000 9
Whether checking the latest news or online stock quotes on the WWW,
you're probably unaware of the mechanisms (and people) hard at work to ensure
it all goes smoothly. And, our plans to develop an 'e-strategy' depend on them.
What's NewS asked some of our specialists to fill us in on what it takes to work
'behind the screen'.
Standing guard
Spotting the dangers
These days, most of us couldn't imagine doing business without email. But such
eommunication opens Internet portals to the 'outside' world, leaving us exposed
to unwanted security threats - like viruses. What steps are taken within Rl to
minimize vulnerability, ensuring safe eommunication?
Before a website goes live, extensive
time and effort is spent tackling infra-
structural planning and insurance. We
asked Miehei I lofman, IT Infrastructure
and responsible for Internet Technologies,
and Bruce Duncan, global head ofcorpo-
rate systems development, for some info
on the key responsibilities. 'At a very
practical level,' explains Hofman, 'we're
working on two issues: flexibility and sta-
bility. Flexibility refers to the information
and the functionality on the site to be eas-
ily updated, while ensuring site perfor
mance. Secondly, every website resides on
a computer within a hosting facility that is
properly connected to the Internet,'
Hofman continues. 'To execute transac-
tions anytime, anyplace it's essential that
this hosting facility is safe, stable and se
cure - otherwise, a site, and its reputation
begin to lose credibility.' Hofman and
Duncan are among the people working to-
gether to select the proper E-Hosting facil
ity that will meet the needs of our grow-
ing 'e-organization'. Another key element
in implementing new web initiatives lies in
establishing a global, institutionalized set
of standards. 'These standards develop
alongside and in conjunction with new
web projects,' Duncan explains. 'They
should penetrate the organization front
top to bottom.' Devising this set of guide-
lines will require input from our tech
teams around the network and, says
Duncan, 'it's essential we leverage the
extensive knowledge and resources al-
ready present in the organization. Moving
forward with RI's tech development will
require efficiënt teamwork, cooperation
and eommunication.'
Email security has to be handled on
several different levels. The first is ac
cess to the IT environment and applica-
tions involved. In most cases, password
and user ID verifieation is enough, al-
though users are encouraged to change
their passwords frequently. But behind the
scenes, Martin Langhorst (right)
and the Competence Center
Email Services (CCES) work, in
co-operation with the regional
teams of IT infrastructure, on
what he calls the preventive as-
pects of protection. Various
measures are in place to keep
our mail servers and gateways
free of viruses and other kinds
of malicious material.
'Security is an evolving issue, requiring
constant attention,' Langhorst says. Sup-
pliers of anti-virus software provide up
dates on a weekly basis. Those updates
are distributed by CCES automatically
onto some 70 mail servers around the
globe. In addition, our gateways to the In
ternet through which the mail travels are
ntonitored by various types of software,
filtering out potential risks. At this level,
the system looks for viruses, spam mail
(chain mail, advertisements, hoax rnes-
sages), spoofing (malicious messages sent
under a false return address),
potentially dangerous attach-
ntents, and various other
threats. 'In addition to the
technical precautions,' Lang
horst continues, 'you need a
flexible organization with
clear eommunication chan-
nels and disciplined use of ef-
fective procedures. In that respect, the re
gional IT centers in Singapore, Sydney,
New York and London/Utrecht are doing
a splendid job.'
You rnight have received an error message
lately when trying to send certain attach-
ment files. Although many files are prob-
lematic, those with execute commands
(.exe files) are the biggest culprits, tradi-
tionally used by hackers to spread viruses.
Our system excludes them automatically,
except in special cases upon request of
users. While the Competence Center is no-
tified of approximately one virus a week,
usually they are easily cleared before they
cause darnage. It is essential that IT secu
rity, according to Langhorst, is addressed
from the organizational side as well.
While companies regularly invest re
sources to deal with security on a techni
cal level, the biggest risks can come from
inside the organization itself. In order to
combat this, business groups and opera-
tional departments should follow disci
plined procedures surrounding access to
and use of sensitive material. Ever seen a
movie where a hacker finds passwords on
crumpled scraps of paper, tossed in the
trash bins? It's more real than you might
think. Don't leave important papers
around or take them home. Be aware that
at work or at home, because our email is
going over the world wide web, its confi-
dentiality is never guaranteed.
If you have a problem with the email
systemplease call your local help desk.