No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Using Honeypots to Secure E-Government Networks
Abstract
Nowadays governments are moving to provide their services online for all of their citizens. In the online world, security
is one of the most important issues. As a result, citizens want to trust on a secured E-government network. Generally, E-government
security and E-commerce security are the same, but E-government has some extra features. Usually government agencies can cooperate
better than businesses, because, most of them are connected to form a big governmental network, but businesses are competitors
and they don’t want to lose their market share. In this paper, "connectedness" of E-government networks is used to design
a honeynet for tracing hackers. Because of possible damages to this network, it must be fault tolerance. This framework provides
interesting resources for hackers and at the same time it prevents them from misusing those resources for future attacks.
ResearchGate has not been able to resolve any citations for this publication.
The explosion of digital connectivity, the significant improvements in communication and information technologies and the enforced global competition are revolutionizing the way business is performed and the way organizations compete. A new, complex and rapidly changing economic order has emerged based on disruptive innovation, discontinuities, abrupt and seditious change. In this new landscape, knowledge constitutes the most important factor, while learning, which emerges through cooperation, together with the increased reliability
and trust, is the most important process (Lundvall and Johnson, 1994). The competitive survival and ongoing sustenance of an organisation primarily depend on its ability to redefine and adopt continuously goals, purposes and its way of doing things (Malhotra, 2001).
These trends suggest that private and public organizations have to reinvent themselvesthrough ‘continuous non-linear innovation’ in order to sustain themselves and achieve strategic competitive advantage. The extant literature highlights the great potential of ICT tools for operational efficiency, cost reduction, quality of services, convenience, innovation and learning in private and public sectors. However, scholarly investigations have focused primarily on the effects and outcomes of ICTs (Information & Communication Technology) for the private sector. The public sector has been sidelined because it tends to lag behind in the process of technology adoption and business reinvention. Only recently has the public sector come to recognize the potential importance of ICT and e-business models as a means of improving the quality and responsiveness of the services they provide to their citizens, expanding the reach and accessibility of their services and public infrastructure and allowing citizens to experience a faster and more transparent form of access to government services.
Moving away from these assertions, the aim of this paper is to identify and analyze
the primary issues, opportunities and challenges that eGovernment initiatives present for developing countries. The insights and results here presented are based on an empirical, web- based research of 15 case studies undertaken in developing countries (Argentina, Brazil, Chile, China, Colombia, Guatemala, India, Jamaica, the Philippines) which have already explored and implemented eGovernment initiatives. In these cases, we can observe different applications and opportunities for eGovernment, such as: tax administration (Jamaica,
Guatemala); better services to customers, businesses and stakeholders in general (Brazil, India); and eGovernment for transparency and business efficiency (the Philippines, India, Chile).
e-Government operations are increasing with citizen demand for timely and cost effective services. Security associated with individual systems is similar to many e-commerce solutions. The span of control of e-government and its impact across a community defines a system that is more than a sum of just single systems. To test security issues across the entire system requires a new method of analysis, a community based cyber security exercise. Results from recent community based exercises have provided insight into opportunities for improvement and has demonstrated the value of these events. Information gained from community based exercises permits local governmental entities to better prepare their e-government systems to serve their citizens needs. Although some actions discovered in the exercise may be difficult and resource intensive, numerous low-hanging fruit opportunities for improvement can be discovered and used to improve e-government systems.
On 14 June 2002 the UK's Inland Revenue withdrew its online tax filing service amid complaints that users could see other people's tax returns. This public humiliation, however temporary, reveals part of the price paid when e-government initiatives are not secure.
Honeypots take an offensive approach to network security, rendering an intrusion ineffective, discovering the methods, and strengthening defensive tools. T raditionally, information security has been defensive: firewalls, intrusion detection/prevention systems and encryption. This strategy is based on the classical security paradigm of Protect, Detect and React – protect the network as best as possible, detect any failures in the defense, and then react to those failures. This strategy works well on known attacks. But the black hats are ever innovative, keep-ing one step ahead – we develop responses to their attacks and they develop new attacks. Honeypots: offensive defense An offensive security approach would be to set up an area where intruders may come and look around but pose no threat to our systems: honeypots are a "security resource whose value lies in being probed, attacked, or compromised." The concept in general is a trap to catch malicious network activity with a specifically prepared machine. The computer is the bait. The unwary intruder will have access to the system based on the type and purpose of the trap. The primary purpose of a honeypot is to proactively gather information about security threats by providing a real system with real applications and services for the attacker to inter-act with, but with no production value: we can safely watch and learn from an intruder without fear of compromising our systems. The honeypot is extensively monitored; all net-work traffic is captured; all information is logged. Since it has no production value, any interaction with a honeypot implies malicious or unauthorized activity and researchers can gain information about security threats and intrusion techniques.
Acknowledging the necessity of utilizing the new electronics, information, and communication technologies, the movement toward implementation of e-government in Iran has recently received the attention of the authorities and policy makers. The premise of the work is set around the fact that the e-enabled government is a momentous opportunity for developing countries like Iran to improve and streamline their government's operations, provide breakthrough performance, and reduce their existing gaps with developed countries.This paper reviews the history of e-government in Iran and analyses its related concepts. The criticality of government to government (G-to-G) system is then highlighted, and a model for the development of e-government in Iran as a tailored implementation model based on the national government structure, complexities, and also experiences is proposed. Finally, the structural form and concepts of the Iranian G-to-G is introduced and requirements for its successful implementation are elaborated.
This paper is engaged in research in security, peculiarities and implementations of security requirements within governmental
structures. Based on three interaction points (citizen to government C2G, government to government G2G and government to citizen
G2C) appropriate examples were chosen, security implementations analyzed and special attributes investigated. It points out
some restrictions and difficulties while building up a secure public system.
An instrument for evaluating the quality of government websites is described. It takes the form of a questionnaire resident within spreadsheet or database software so that an automatically determined evaluation may be indicated following input of data. The 106 questions included are derived from previous research regarding significant components of successful websites, along with interviews with developers of portals at different levels of Australian government. The instrument may be easily tailored to accommodate varying requirements at different levels of government, and used as a basis for extended internal evaluation of their own websites by agencies. The instrument also embodies explanations of the survey questions that are asked, along with advice on how to determine sought-after information from sites.
The global IT revolution is growing rapidly. Governments and
businesses have to be ready to meet the increased demand of effective
and secure online services. Providing secure online services in
e-government requires, however, careful deliberation on different levels
and for the distinct domains of e-government. The first issues on
security coming to mind regard of course technical aspects. Here, many
concepts and tools have been developed to provide secure transactions,
to protect against non-allowed access to information and data, to
protect against hacker attacks etc. Yet, security aspects concern not
only technical issues. Instead, these need careful investigation from a
non-technical viewpoint as well. We suggest a holistic concept that
integrates security aspects from the strategic level down to the data
and information level in order to address different security aspects in
a comprehensive way
The obstacles and guidelines of establishing E-government in Iran
- M Fallahi
Fallahi, M.: The obstacles and guidelines of establishing E-government in Iran, MSc.
Thesis, Luleå University of Technology, Sweden (2007),
http://epubl.ltu.se/1653-0187/2007/052/
LTU-PB-EX-07052-SE.pdf