Locking up Internet security

As governments move to an Internet-based format for everything from job postings to equipment purchasing, they must also address the issue of security. Recent hacker attacks on popular sites such as Yahoo! and Amazon.com have raised awareness among Internet users and service providers about secure transactions and service shutdowns.

Controlling access to proprietary information is the top concern in Internet security. Although the most recent web attacks resulted only in denial of service and access to the sites, other companies have reported security breaches to customer information and credit card records.

Basic security measures include the installation of “firewalls” — systems that block unauthorized access. In addition, any site that is conducting transactions needs to use secure socket layer (SSL) 128-bit encryption to “scramble” information such as names, addresses and credit card numbers. The data is “unscrambled” when it reaches its authorized destination. That is the method commonly used by private firms selling products such as books and CDs online.

To further prevent hackers from reaching private information, such as names, addresses, phone numbers and credit card numbers, it is best to store that kind of information in a secure database that is not accessible via the Internet, says Roy Hernandez, president of Los-Angeles based consulting firm ThirdWave. In addition, systems should have functions that can track users so that, in case of an attack, law enforcement officials can locate the hacker.

For example, Riverside County, Calif., which is processing tax payments online using electronic funds transfer, does not store any taxpayer information online. Taxpayers who pay online are entered into a database which is stored by ezgov.com, the Atlanta-based company charged with Riverside’s processing. If hackers attempt to penetrate Riverside County online, the financial information will not be available, says Tom Mullen, chief deputy treasurer/tax collector for the county.

While local government officials agree that security is an important issue, few are concerned once the firewalls and encryption software are in place. “I’m not concerned about security,” says Richard King, city manager for Upper Arlington, Ohio. “Your credit card number is just as secure online as it is when you give it to a clerk at a department store, if not more so.”

Mullen also notes that local governments should be cautious in determining what information is published online in regular, non-encrypted format. On the Riverside County web site, for example, users can query property information. How-ever, the county decided not to publish property owners’ names on the site for additional security.

Because e-commerce re-quires heavy security, many local governments have partnered with private Internet companies with expertise in security software. Of the local governments employing SSL protocol for online payments, including Boston and DeKalb County, Ga., none has reported any problems or breaches in security.