Easily Available Penetration Tools

Published Date: 02 Nov 2017

IT & Society is known as e-government (electronic government). It is as kind of strategies to achieve Vision 2020. To accelerate Malaysia’s growing becomes Information Age Multimedia Super Corridor (MSC) was introduced. Governments provide many services to citizen via website. There create a websites portal to help citizen and enhance the public delivery system. Government is aim to use IT and multimedia to transform administrative process. E-Government also use to reinventing work structure of government and make citizens and businesses more interaction through improved connectivity, better processes, better access and systems.

However, even e-government is bringing a lot of advantages to citizen and business, but there is still have many problems to achieve it. It is called as threats and challenges so. Among threats is information leak out by information theft. These threats become more prevalent and increasingly complex as the pace of technology implementation continues to accelerate. It started to affected different sector of people in our country, either public or private sector also involving.

To achieve each of the e-Government project there have their own version of the framework, elements and components. Each usage of components is depending on the individual agency’s business or technical needs. The important elements make the project achieve are government strategy & goals, public services web interface, internal portal & call center, assessing efficiency & effectiveness, and continuous improvement program. The four main components for them are programme manager, technology, process, and people.

3.0 - Answer Question 1

Due to our country IT is still not proficient many servers always attack by hacker. The security issues increasingly complex as the pace of technology implementation continues to accelerate in Malaysia is because the security measure of our country is still poor. This phenomenon continuous happen makes the public sector and private sector become harassment.

For the public sector security, it is defined as the process of ensuring business continuity and services provision free from unacceptable risk. For the private sector, there might affect citizen, and state secret leak out. The threats that affect these sectors are malicious code, misuse of data, impersonation, easily available penetration tools, powerful analytical techniques contribute in whole or in part to the necessity of providing adequate protection to public sector ICT assets. These threats will cause financial losses, and make the integrity, confidentiality, and availability of the country become low level.

(MAMPU 2002)

3.1 - Malicious Code

According to the article from Symantec, malicious code threats can be categories into four major types, as Viruses, Worms, Backdoors, and Trojans.

The viruses spread by infecting files on user computer with malicious code. It will change the existing file with infected ones. Once the user run these file infected by malicious code, the virus will start propagate. Viruses will grant permission of infected computer, then change the user personal computer setting then silently send infected computer information to the server which virus host. (Symantec 2003)

Viruses will circulate around internet, most of the virus is spreading through online advertisement, pop-up, SPAM (junk e-mail), and removable storage. Because low level of ICT security integrity the foreign country hacker start target our country information, there usually create some SPAM mail to trick user. These SPAM mail normally content tracking information malicious code link, mean that when use clicked that link every activity from that computer will logged.

There is also some trickster will propagate the virus via fake software / game download link. For the user which doesn't have computer literacy there might don't know the files there downloaded is counterfeit or not. There will just think that download then use, there doesn't consider reality. For the users have computer literacy there might known a powerful program files not so small. Explain in simple, a fake software which injected virus, size of it normally is small which doesn't larger than 1 MB.

The SPAM organizations harvest victim e-mail with various ways, the common ways these organizations harvest victim e-mail is by buy from some company. When these organizations known victims e-mail address, these organizations keep sending SPAM mail to us. Lots of SPAM in internet will make user privacy leak out.

Besides that, there might also leak sensitive information if the viruses changing spreadsheet values by several percent. As the BBC news, one hospital in the southern hemisphere was infected by was, the virus mailing out confidential records about AIDS sufferers.

(Central Government Spring 2003)

Worms also a malicious codes threat, worms can replicate on infected computers. It will replicate in a manner that facilitates them being copied to another computer. This is meaning that spread worms by USB storage devices. In now generation, the use of USB storage devices is become widespread. All people also will use it for transfer data or information either uses in public or private sector. When users plug-in an infected USB storage devices, the worms will automatic spread in million seconds. It might destroy data structures, which mean that important information on that device might become corrupt, cannot open.

In fact, a viruses or worms is not so terrible, the most terrible malicious code threat is backdoors. A backdoors malicious codes threats will allow an attacker to fully remotely access to infected computers. This is meaning that all computers that have a backdoors will also no confidentiality more. Typically, backdoors is working together with Trojans. Trojans is known as a deceptive program that can do some actions without the user’s permission or knowledge. It is mean that computers which have any Trojan threats then it will unconsciously install thing into compromised computer. The common case happened is during downloading from the Internet or opening email attachments the Trojans will silently install some other malicious code. The different between Trojans and viruses is Trojans do not propagate themselves.

As the point discussed, it can shown that a backdoor is use for send viruses or Trojan to compromised computer then grant full control computer. This meant that these threats will unwittingly make our country information missing, either public or private sector will also be affected.

(Admin 2013)

3.2 - Misuse of data

Misuse call read as mis-use. As the word mean, misuse of data mean miss use of data, can say as use data in wrong purpose or way. According to the BBC Computer Misuse Act article, computer misuse can be classified into several forms, as hacking, data misuse & unauthorized transfer or copying, copying and distributing copyrighted software, music and film, email and chat room abuses, pornography, identity and financial abuses, and viruses.

The misuses of data refer as illegal copy or transfer. The data which stored in electronically is easier to misuse because in now usage of internet to transfer data is become commonly. Transferring data no more depending on large storage devices, people just use online storage such like Google Drive to send information or data. This is more convenient than bring a large device to "travelling" data.

Although online storage is convenient, but this technology is still not enough secure. As Damon Poeter said, Megaupload shutdown is related to Political Reasons. A real case happened in another country, there is a lot user upload illegal copy song or files into network drive (Megaupload), but the website doesn’t have too huge of privilege to delete all of un-copyright songs or files. There argue with FBI, there maximum quota for deletes per day is 100,000 only, so that cannot delete all global uploader files. So the website is give FBI force to shutdown the server.

(Damon Poeter 2012)

Similar case such like above also happened in our country, the secret information of government or businesses is stolen by anonymous then sold out to unauthorized peoples. The data leak out can be use to printing counterfeit money, this can cause the country financial lost.

3.3 - Impersonation

Impersonation is meaning that imitate something. It is a security risk that recommend need to avoid it happen. Impersonation is hard to detect for human because to detect it there are require some additional device to help us to verify and identify. In our country, impersonation is common happened. There are lots of governments security systems get imitated by another. Because of security not integrity, many models run by website is imitate by foreign country.

The country that which had a good copyright law such like Japan can prevent impersonation problem. There blocked any foreign IP address accessing their private websites and reduced impersonation problem happen. Contrary, our government doesn’t block foreign people access our country portal, this lead impersonation happen, increasing imitate risk and make our country either business slow evolvement.

3.4 - Easily available penetration tools

Normally, a penetration tools is use for debugger. It is use for discover information, traffic, and spy of the software or networks, whether it have any problem within the systems or not. In an open resources network, a penetration tools is easy to get now. If a people misuse this kind of tools, there must be use to hack the server or system. A penetration tools is able to capture the systems holes, when these holes give hacker founded, there will try to hack inside to the system and gain the information or data in the systems.

According the article in SearchITChannel by Yuval Shavit, the penetrations tool is able to gather information of target network, then scanning for port vulnerabilities and launching denial-of-service (DoS) attacks. A people that have study network’s vulnerabilities must be able use security gaps to access to the network and try to exploit other weaknesses such like SQL injection and buffer overflows.

(Yuval Shavit 2008)

Unfortunately, in 2011, our country government websites was faced one large Dos attack by a large hacker group. There hacked 41 government website. After the website jam, many people cannot process their job through government portal, this greatly decrease the citizen convenient and make financial losses, heartaches, and loss of reputation. It shows that integrity, confidentiality, and availability of our country e-government are still incomplete.

4.0 - Answer Question 2

To make a good structure of e-government there must work hard in implementation framework stage. The usage of implementation framework is use to manage the execution of the E-Government strategy. This framework is an adaptation of Accenture’s Business Integration Framework and can be broken down into four main components, as programme management, technology, process, and people.

These four main components is differ use for differ individual agency’s business or technical needs. This is because that every E-Government project has its own version of the framework, but there must be have at least one of the components within the project.

4.1 – Programme Management

The Programme Management is a critical component to ensure development of the E-Government flagship can meets the objectives. The Programme Management also responsible to adjust time of whole flagship program, and coordinated. It is group in MAMPU (Malaysian Administrative Modernization and Management Planning Unit).

In many large organization there will have a lot of program needed to launch. A Programme Managementis requires to management the program flow and monitoring overall project budgets. There are also a project leader to advice team members, and responsible to arrange whole team structure ensures the project flow run smoothly. Besides that, the advice given by programmer management is use to ensure that application meet the common standards. The common standards and guidelines include are systems design & testing, GUI (Graphical User Interface), security, transition planning, business process reengineering, benefits capture and so on.

However, Programme Management is not to management all project activities. It is also responsibility to the management of the risks, activities may occur "in the white space" between projects, and opportunities. While an individual project will employ a specific project delivery approach, program management may combine different delivery approaches across multiple projects to best achieve the desired strategic business objectives.

The program management organizations are varies depending on its project requirement and objective. The resource requirement is programmatic in nature then applies to all. For the risk management, the risk management for Programme Management is correlative with achievement of the defined strategic business objectives, and assumed project risk.

Furthermore, the requirement for Programme Management is build up programmatic requirements then allocate it as appropriate to individual projects. As the point discussed in previous, the Programme Management will involve execution planning stages. It is mean that program managers will planning top level schedule, budget, supply chain configuration, and performance standards, and contracting strategy.

(PM Hut 2008)

Last, in every E-Government application or project there will have a Project Manager’s to lead the overall flow of project, can called as Project Manager’s hat and has its own Project Management Team. While the ownership of the projects lies with the lead agencies, as custodian of the E-Government flagship, MAMPU assists by providing consultancy and project management services.

(Muhammad Rais Abdul Karim 2003)

4.2 – Technology

The technologies emerge technology in implementation framework was also important to help the new processes in framework project running well, if use right technology there bring a lots of advantages to end-users. Technology now for E-Government is able to enhance government process structure, because it can providing many information and portal to users like users process their transaction via internet (also called as online government).

(Muhammad Rais Abdul Karim 2003)

Apart from that, E-Government also provide many non-Internet based E-Government technologies such like fax, telephone, Smartphone, personal digital assistants (PDA), multimedia messaging service (MMS), short messaging service (SMS), Wi-Fi, third-generation technology (3G), Bluetooth, General Packet Radio Service (GPRS), and Worldwide Interoperability for Microwave Access (WiMAX).

In science and technology generation, Wi-Fi, 3G, Smartphone, and SMS are quietly common use by teenager. Teenagers are using them to getting latest information or news of the within country. By getting the latest news happened in everyday also can help improve citizen knowledge, as time passes increase civilization of our country. Because more information and news grasp by them can help our country technology become more advance. There might also include other technologies for E-Government, as known as smart card, identity card, email, and instant messaging technologies.

(Roslind Kaur 2006)

The identity card in our country is more expected become to multi-purpose card. Multi meant involving more than one element inside one objects, so the multi-purpose card can know as a card that can use in different purpose, such like banking, make payment, and "Touch 'n Go".

The might also a web-based technology to support E-Government, this system can be access in anywhere in 24/7. It is flexible, convenient and simple way to access or browse government information by the technology because it is a kiosk system. Kiosk system is a self-service kiosks tend use to deliver information, services, transaction to customer.

Other than that, in this shortage natural resources generation, government is considering about resources extinction. So there are being using electronic forms to reduce paper usage amount to prevent resources extinction. By using this electronic forms there can save lots of cost to buy paper and print it out, because it can display via online catalog and will be able to submit requisition using e-procurement. Our country start implement e-procurement in Selangor, people also feel that it is very efficient.

The E-Government technology are also supporting scheduling and calendaring system which can easily out required participants and appropriate time slots by the system. By scheduling time and meeting checking with m-government (mobile government) technology such like laptops, mobile phones, with scheduling application it can save time effort. For the people very busy until cannot leaves their position, E-Government also can use to booking free time slots of attendees; for the people over focusing on their work and forgetful, E-Government technology can notification them the time of meetings.

(Roslind Kaur 2006)

4.3 - Process

To improve government processes ability the Process components was also a primary component need to care. Any opportunities regarding to improvement, restructure, or reengineered of government processes are also called as Process. Usually, the restructure process is mean that taking away the traditional functional boundaries at replace olds boundaries with new ones. Furthermore, the processes also know as an operating business standards and procedures require to meet the business objectives of the programme. Summary up, the elements will bring and guide organization to its desired in vary depending on their business models, business process reengineering (BPR), and cyber laws.

(Muhammad Rais Abdul Karim 2003)

The marketplace now is hard to discovering and have a big competition, so the organization structure of business models is very important. In this situation, the process for improvement of business models is function as discovery scope and coverage for e-government. It working as funding for most E-Government projects administered at central agency level to facilitate sharing of E-Government application. Apart from this, if the government plan to reduce cost of ICT service there must have a process to improve the economies of scale, then give wide licensing deals.

After improved, there might also need to reconstruct business process (means BPR). Reconstruct can be based on this four basic methodology to done, four of them are: 1) Identification of current business processes, 2) Review, update and analysis of "As-Is" processes, 3) Design of "To-Be" processes, 4) Test and implementation of "To-Be" processes.

(Figure 1.0 : BPR reengineering diagram)

As the Figure 1.0 shown, after done these process, it can solve the problem within the old structure. New structure may able to speed up, and enhance the quality or service of business, Besides that, by reconstruct business process in is also enable to enhance ICT infrastructure which mean improve the business strategy by identify out critical issues in old structure. Last, for developer, BPR will help Network Provider and government determines that the capabilities of existing ICT infrastructure evaluated.

4.4 - People

The last main component is People, people is most important components. This component involving all people-related elements that will make the new system successful, especially to some guy will brings change and impact to another human performance.

To support people succeed in embracing and maintaining E-Government there are organizing, motivating, and empowering people. People is responsible for initiatives clearly communicate goals and objectives of E-Government and the respective pilot projects, early and often. There have two important variable in this components will impact human performance, two of them are Change and Human Resources.

In fact, give people training is known as let them change, change to better. The training given by the company are require to directly involve in ICT project and must hire a outsource professional to provide training. The more specific training provided by company, more Human Resources in different area will be "produce out". It is meant even got a new technology applications apply, but there might also have a new Human Recourse to handle these new applications.

(Muhammad Rais Abdul Karim 2003)

5.0 - Conclusion

In conclusion, our country ICT have many security issues that will affect to public or private sector. To overcome this issues, government should be set up stronger secure networks, intrusion detection software, firewalls, and encryption for data. By using a secure networks such like virtual private networks can substantial reduce important resources leak out. If government got unique encryption skill, the citizen will rest assured to use E-Government. Because unique encryption is not simple break the capsule and access data inside, this can reassurance overall user confidential.

Given that ICT security measure is need to concern, but if there is missing four components of E-Government framework, there is still hard to improve and functions. Each different agency's business and government flagship project are always require programme management, technology, process, and people to evolvement. If scarcity one of them, the project will hard to growth.