11:02 | 22.06.11 | News | 4653

X-TECH: Security level of Armenian websites is very low

Internet business in Armenia has been developing dynamically over the past few years. Besides being the “business card” of the company or the individual, websites have also turned into a real source of income. Along with that, the importance of providing the websites’ security increases. Web-developer and Internet Security Analyst Samvel Gevorgyan spoke of vulnerable spots of the Armenian web segment and ways to eliminate those in an interview to Mediamax and Itel.am.

- We know that one of the main directions of X-Tech Company’s activity is provision of websites’ security. What are the vulnerable spots of Armenian websites that you have come across most often? In general, how would you describe the security level of Armenian internet environment?

- The security level of Armenian websites is very low in general. The most frequent vulnerable spot is XSS (Cross Site Scripting), which occurs on interactive websites, the users of which can enter data, for instance in the form of comments.

If there is XSS, you enter a website you know, however you are redirected to another page, which, for instance, will offer you to register somewhere, enter your information and receive additional service, etc. This is the main method that “phishing” takes place (stealth of confidential information by means of misleading the user).

Problems, related to SQL-injections, are the second common ones. Here one can enter the database of a website, change it and/or realize other actions. These problems and the above-mentioned XSS are the basic vulnerable spots of Armenian websites, although they are not specific to us: along with information outflow, both of them are the most common network dangers in the world.

- Armenian internet environment regularly undergoes attacks from Azerbaijani and Turkish hackers. Have we learnt our lesson as to how to protect ourselves from those attacks and how do to the matters stand today?

- For quite a long time, the owners of websites in Armenia were not serious about security issues, however over the past 2-3 years, when websites started becoming a real source of income, a clear positive tendency has been noticed: organizations are seriously concerned and they seriously work on websites’ security issues. Hacker attacks lead to reduction in the income of entities, dealing with internet business, making them think of the necessity to undertake security measures.

As a result, the website security provision business is also just starting to develop in Armenia.

- The network dangers you mentioned are mainly conditioned by unawareness of the users on the elementary rules of internet security. What would you advise businesses and individuals to do in order to neutralize such dangers?

- We advise companies, which deal with internet, to regularly hold trainings for their personnel, inform their employees on the situation concerning internet security in the world and the minimum rules they need to comply with.

For instance, one should not use simple passwords and should avoid clicking on various links as much as one can. Let me bring an example from my own experience: when I receive on my e-mail an invitation to make a connection from Linkedin.com website, I never accept the invitation directly from my e-mail address. Instead, I enter Linkedin and check if that invitation is really there. If it is there, I accept it, if not, it means someone was trying to redirect me to somewhere else.

It is also important not to use the computer as an administrator. It is impossible that someone would need administrative advantages in everyday work. For that, one can create an average account for everyday work, and enter the system as an administrator only in case of necessity. Why is this necessary? When the hacker or the virus gains access to your computer, it gains the same authorities that you have at the moment.

- More than half of Armenian websites are placed on foreign servers. Does this create additional risks in terms of security, or, vice versa, is purchase of hosting in the USA or in Russia more secure?

- Placing a website on a foreign server makes it more vulnerable, since the data is not transferred inside Armenia, it goes a long way and in this period the likelihood that they will be “stolen” increases.

If a few years ago Armenian hosting providers were quite vulnerable, today there are obvious quality changes. In any case, over the past 2 years I have not heard of news that any of them were “broken” or control was established over websites there.

Of course, there is still significant price difference between Armenian and foreign hosting providers (the local ones are more expensive), however     recently placing websites here becomes more and more interesting, taking into account the improvement in the level of service quality and solution of the problem of local traffic transfer [the matter concerns establishment of ARMIX internet traffic transfer foundation - Mediamax], given which the users enter a website, placed in Armenia, very fast.

- Due to constant technologic progress, the working conditions for people constantly undergo changes. Now, for instance, “cloud computing” technologies, when the entire digital data of enterprises are kept on a remote server, are actively developing. What is the response of the “world” of computer and internet dangers to these changes?

- New and more improved dangers appear constantly. Simultaneously with increase of internet importance and development of cloud computing technologies, we observe a clear tendency of “migration” of viruses from computers to the web. 

For a long time it was considered that a virus could harm only software support; however there are viruses now, which can cause serious physical damage to equipment.

The flow of viruses will not stop due to a number of reasons. The authors of viruses are usually students: the first program they write is usually a virus, which is a means for young people to get “tangible result”.

Besides, we learnt recently that there is an organization in China, the main activity of which is to create viruses. That organization is the world leader as to the number of “produced” viruses and it is obvious who its customers are. Those can include even country governments.