Subscribe
About

Security fears hit eNatis

Kimberly Guest
By Kimberly Guest, ITWeb contributor
Johannesburg, 01 Jun 2007

The transport department's failed application to the Pretoria High Court to have Afrikaans newspaper Beeld gagged has put the security of the eNatis system in the spotlight.

On Tuesday, the department brought an urgent interdict against the newspaper to prevent it from publishing a story based on an auditor-general's report on the security of the eNatis system. Yesterday, the court ruled in the favour of Beeld.

Under a headline 'Wat Radebe nie wil he jy moet weet' (What Radebe doesn't want you to know), Beeld this morning revealed the AG had expressed concern over the system's security measures.

According to the article, the AG noted it is possible to hack into eNatis, a password is not required to log on as an administrator, documents on the system are not secured and files can be circulated unprotected without any problem.

Basie von Solms, head of the University of Johannesburg's IT academy, told Beeld the system should be stopped immediately to prevent criminals from hacking into it.

Wasted investment

This development, says Democratic Alliance transport spokesman Stuart Farrow, makes the significant investment a farce.

"At the outset of the project, the claim was that the new system would provide full security, increased efficiency and a platform for additional services for South Africans. We have spent over R400 million on this project; if there are still security holes in the system then we have achieved nothing," he says.

However, a statement issued by the department late last night says it is confident all of the concerns noted in the AG's report have been dealt with through the re-development process and migration from the old Natis to eNatis.

"During the audit process, not a single component of the eNatis system was in production. The audit, therefore, focused on the development environment that was substantially different than the production environment," it says.

Meanwhile, an ITWeb reader, who asked not to be named, pointed out that the eNatis Web site has been designed using an "out-of-the-box" open source content management solution, which is susceptible to various vulnerabilities. These are well-documented in open forums. He adds that an old version of the CMS system was used for the design.

Share