DOTW secures IT systems
Having opened up its Electronic Travel Manual 2000 to its franchise operators, Destinations of the World Travel & Tourism has employed Intertec Systems to tighten up its IT security.
Earlier this year, Destinations of the World Travel & Tourism (DOTW) decided to move its enquiry system online to allow its franchise operators to access DOTW’s Electronic Travel Manual 2000 (ETM 2000) application directly or over the internet. To ensure that it’s systems remained secure, the organisation carried out an extensive IT security audit and deployed a number of solutions.
“Beforehand, we did not have any security threats because we were not open. But by opening up the systems we are opening ourselves up to attack and need to protect ourselves. Therefore we needed to audit the systems,” explains Pavithran Kandathil, systems analyst at DOTW.
Intertec Systems’ Secure IT Professional Services (SIPS) division carried out the audit. From the results of the vulnerability test, the SIPS team worked with DOTW’s IT department to create a workable IT security blueprint. The objective was clear — only traffic from DOTW’s franchises would be allowed into the system and only data from the Dubai office would be allowed to leave.
The first step to achieving this was to upload all of the necessary security patches from Microsoft for DOTW’s Windows 2000 and SQL server and harden the operating system. These patches are now updated on a regular basis and SIPS sends them to the wholesale travel agents as soon as they are made public. In addition, SIPS deployed antivirus and filtering software from Trend Micro and a PIX firewall from Cisco.
“We had to customise the firewall and configure it to our business requirements. To do this we worked with them [SIPS] to create these customisations and map it to our requirements,” explains Kandathil.
To ensure that these security technologies continue to work and are updated on a regular basis, DOTW signed a maintenance agreement with Intertec. “We have essentially outsourced the management of our security. Any time there is a new exploit or anything they send us a fax or they come and install it. We are all developers, not security people,” comments Kandathil.