We noticed you're blocking ads.

Keep supporting great journalism by turning off your ad blocker.

Questions about why you are seeing this? Contact us

Font Size

- Aa +

Sun 1 Oct 2006 04:00 AM

Font Size

- Aa +

We are not alone

Ignorance is bliss, they say: not if your organisation is being port-scanned it isn’t. Middle Eastern organisations need to start paying more attention to the wider world, especially those parts of it intent on hacking vulnerable systems.

One of the main planks of Network Middle East’s editorial policy is a focus on regional issues and news. Granted, we do cover significant international events, such as Motorola’s purchase of Symbol last month (see page 13), but when it comes to end-user stories, we insist on Middle Eastern implementations.

Sometimes this causes problems – this month we have been looking at WAN technology, and discovered that many organisations don’t want to talk about their radio or FSO deployments, because of regulatory uncertainty. Similarly with business continuity, end users are reluctant to share their plans (and it would certainly be churlish to suggest that this may be because some organisations don’t have any). In fact in both cases organisations were prepared to talk – very openly – about their projects.

Finally, just to make it a hat trick, our denial of service feature saw very few IT or network managers willing to engage in discussion of how they suffer, and what they do to prevent the attacks – although again one did venture into the open. Now, this is an issue which almost certainly affects every single organisation in the Middle East which maintains any significant web presence or has publicly-available email addresses. So, most of them.

It is understandable that organisations would be somewhat shy of revealing they have been attacked – and possibly compromised to some degree. No one enjoys public humiliation, or having to admit they are anything less than perfect, especially if an organisation is entrusted with vital data, such as a bank. But this culture of non-disclosure has an important knock-on effect – ignorance.

DoS attacks are a truly global phenomenon – attackers rarely pay much heed to the physical location of their marks. It is also fair to say that, with the exception of very public names, all organisations are equal in the eyes of a bot-herder. But if no Middle Eastern attacks are ever reported, then enterprises around the region can continue to live in not-so-blissful ignorance that they may be at risk.

They may put down that sluggish email to random spam, or the intermittent web services to a flaky server. In fact it may be more serious, if they are actually under attack. And while many DoS attacks are simply brute-force attempts to shut down a service, some aim to penetrate an organisation’s IT systems by making them fall over.

I am not a fan of hysterical security vendor posturing – I think it tends to be unhelpful at best, misleading and self-serving at worst – and I am certainly not trying to replicate that tone here. Having said that, so many Middle Eastern organisations seem to live in a cosy little bubble, in IT terms anyway, that a little scare-mongering may be necessary to bring them out of their rosetinted visions.

So I won’t suggest that the Middle East is about to witness an implosion of its internet economy, such as it is.

But perhaps it might be worth just exploring the possibility that someone out there is paying more than a passing interest to your Apache server.

Arabian Business: why we're going behind a paywall

Real news, real analysis and real insight have real value – especially at a time like this. Unlimited access ArabianBusiness.com can be unlocked for as little as $4.75 per month. Click here for more details.