Tameside protects online council services

Tameside Council has invested in technology to secure its web applications against hacking, as it gears up to offer a new range...

Tameside Council has invested in technology to secure its web applications against hacking, as it gears up to offer a new range of customised services to the public.

The council, which already offers online access to 800 services, ranging from ordering school meals to paying council tax, plans to tailor its services to the individuals accessing them over the next 12 months.

Both businesses and public sector organisations will view the project with interest as they attempt to put more personalised services online.

"We want a reasonable level of confidence that people cannot hack in and pinch personal information off our systems," said Dave Hutchings, Tameside Council's strategic project manager. "We are putting a lot of investment into new channels for services and we don't want that to be a security risk."

Although Tameside has invested in firewalls and created "demilitarised zones" to protected five Microsoft NT servers used to provide the online services, Hutchings realised that hackers could gain access to internal systems by attacking the web applications.

Tests by security supplier Kavado showed that hackers could gain access to the council's systems by making applications behave in unexpected ways by, for example, reprogramming cookies or causing buffer overflows.

"[Kavado] proved to us they could access databases and create file directories on servers. They reckon they could have got from the web servers onto corporate servers with personal information on them," said Hutchings.

The council installed Kavado's Interdo software on a dedicated server behind the firewall to secure the web applications last November. The installation, which took two days, is an essential first step towards the council's plans to create a personalised portal for the 220,000 residents of Tameside. The portal will need to be secure to protect personal data from attack, said Hutchings.

"We want to be able to personalise the forms they fill in to share information we have about them. For example, if someone reports a death, we want to be able to inform all departments and tell relatives that they are entitled to benefits, counselling and discounts to council tax, and try to roll it up in one service," he said.

Tameside has begun a BS7999 review and said it will expect its business partners to have the same level of security if they want to interconnect with council systems. "If anyone wants to work with us they will have to have the same standards," said Hutchings.

Read more on IT risk management