Download as PDF - Secunet

More documents

Recommendations

Info

National Increased Security for Passengers – including online Nicolas Hunloh, Team Leader Internet, Düsseldorf International Airport The air transport hub of Flughafen Düsseldorf handles over 20 million passengers per year, making it the largest airport in North Rhine-Westphalia. 70 airlines operate here, serving more than 190 destinations. Located in one of Europe’s strongest-performing economic regions, with 18 million people living within a radius of 100 kilometres, Düsseldorf International plays a key role in fulfilling the mobility needs of private individuals and businesses in the federal state of North Rhine-Westphalia and the south-east of the Netherlands. Furthermore, as the largest single employer in Düsseldorf with a workforce of around 19,700, the airport has a major impact on the jobs market in NRW. As traffic has increased over recent years, the corporate website has had to adapt and grow to meet the demands of passengers as well as those who are picking them up from the airport and other target groups. These users visit the site to check flight times, to find out about local conditions, to reserve parking spaces, to retrieve general information about the airport, and much more besides. The website is thus a main point of contact for By undertaking regular security checks, including around 11 million its online platforms, users per year. Düsseldorf airport upholds consistently high security standards. Various extranets provide B2B partners and customers with helpful tools. Data that is stored there requires secure protection. Flughafen Düsseldorf GmbH therefore took the decision in 2012 to submit its main corporate website as well as those of its subsidiaries to an extensive security check. Their search for a professional, flexible and reliable service provider quickly brought them to secunet. For the operator, it is particularly important that the standards which are rigorously adhered to in the everyday working environment of the airport’s offline sector (where security is at a premium) apply equally to its website. Because even data on passengers and partners requires the protection of a highly secure and efficient infrastructure against externally launched attempts to gain unauthorised access. The secunet team therefore set about identifying potential vulnerabilities using a detailed penetration test and applying recognised standards with particular reference to OWASP Top 10 2012. In order to avoid overloading the server infrastructure during the procedure, the tests were conducted during the low-traffic period between 11pm and 6am. 08 » 1 | 2013
News in Brief HACKERSTORY #2 Budget and Production Pressures as Risk Factors In many companies, security has become an integral part of the production process. In the course of penetration tests, secunet nonetheless continues to identify critical vulnerabilities in internal systems that threaten the organisation’s security and, in the worst-case scenario, its most vital functions. In subsequent discussions with the relevant system administrators, it will usually transpire that the vulnerabilities have already been recognised, though not necessarily their potential impact. These vulnerabilities are consciously accepted, since the affected system is directly involved in critical business processes and not every company has a sophisticated staging process whereby changes can be tested on multiple pre-production systems. The decisionmakers are confronted with a dilemma: in order to increase system security, a temporary reduction in functionality has to be accepted. Subsequent corrective measures – if at all feasible – result in correspondingly high costs. Yet failure to take the necessary action could ultimately lead to substantially higher costs. The results were then presented in the form of a detailed report, with measures identified for optimisation then being implemented within a short time by the specialist departments of Flughafen Düsseldorf GmbH and its service providers. At the same time, the company used the project to introduce new mandatory security standards at all levels. Flughafen Düsseldorf GmbH has expressed its intention to call on secunet’s anti-hacking expertise in future. However, if IT security teams are involved at the planning phase of a new application, these problems can at least be minimised. If, at an early stage, IT security is considered of equal importance to functionality, this can obviate the need for complex re-designs or bug fixing in the finished product. More information: Dirk Reimers dirk.reimers@secunet.com More information: Christian Reichardt christian.reichardt@secunet.com IN THE NEXT ISSUE: The Trojan Mouse 1 | 2013 « 09
Page 1 and 2: The IT Security Report by Issue 1 |
Page 3 and 4: National Local High-Quality IT Prod
Page 5 and 6: National effect on cyberspace secur
Page 7: National Bavaria creates own Trust
Page 11 and 12: National What a PKI does PKI involv
Page 13 and 14: Neben dem Beruf zum Bachelor & Mast
Page 15 and 16: International secunet’s face reco
Page 17 and 18: News in Brief secunet on Twitter, X
Page 19 and 20: Dates SINA meets the Secretary of D

Download as PDF - Secunet

Create successful ePaper yourself

Delete template?

Save as template?