Safer For Gamers
Level Up! hosts and distributes two Massively Multiplayer Online Role playing Games (MMORPG) titles in the Philippines: Ragnarok and Oz world. Both games are among the most popular in the country, with Level up! among the first companies to enter the now hotly contested online games market.
Early on, Level Up! realized that it had to protect its gaming network infrastructure, which serves some 1 million subscribers.
Complicating the security picture: Of the million subscribers, 31 per cent are users who play from home and 42 per cent long on from Internet cafes. About 23 per cent of users play games from both locations.
Some of the more common threats faced by Level Up! include viruses and hacking attempts. Customers often find themselves at the mercy of phishing e-mails, in which they receive messages claiming to be from Level Up! asking for password information, and other identity theft attempts like key logging. According to Albert Pangilinan-de la Cruz, Level Up!’s chief technology officer, security is one of the firm’s top priorities. “It’s second only to ensuring business continuity, that is, keepig the game up 24/7.”.
It wasn’t hard for Level Up! to decide on what most needed protecting. According to de la Cruz, “As with any business, our database is our prize jewel. Our layers store their paswords and character information in the database. Besides that, all our confidential corporate information is also kept there. Ensuring its protection is of prime importance.”
According to de la Cruz, players invest a lot of time and, more importantly, money in creating and developing the characters used to play games like Ragnarok. Prices range from US$0.18 for a single hour of gameplay to US$6.50 for 31 days of unlimited access. This is on top of whatever charges the layer has to pay for connecting at home or in an Internet café.
“After spending so much time, effort and money, our players definitely don’t want to see anything happen to their character data. So we have to do our best to protect it . They wouldn’t have the confidence to keep playing otherwise,” the CTO explains.
Recent news stories indicate how hackers can profit from breaking into database. In March, Philippines-based online game publisher Netgames posted an urgent advisory on its website advising users to change their passwords due to a dramatic spike in account hacking activity. Passwords were being stolen and traded and sold to the highest bidder. A hacker can also gain access to customer information and threaten to delete it or post it on the Net, tarnishinig a company’s brand image.
Crime can pay
Level Up! found that most attackers gained illegal access to their game servers to modify the attributes of game characters, giving themselves an advantage over other players. There were even a few cases where after a character’s data was stolen, the character’s in-game possessions were sold within the game world and in real life. The sale of virtual characters and possessions is a serious business – de la Cruz recalls one instance where a player was offered a Honda Civic for his character.
One of the problems Level Up! faced was balancing the needs of players against the company’s security expectations. They had to secure their systems without infringing on ease of use. “Finding the right mix was very difficult and was only reached after quite a lot of testing,” de la Cruz explains. “It is important that the security systems do not impede the game or quality of gameplay.”
To make the implementation of its security systems as painless as possible for users, Level-Up! carried out surveys in Internet cafes nationwide testing user acceptance of new security measures. The survey questions ranged from how long players were willing to wait for user authentication to how many times they could tolerate being asked for passwords.
Level Up! technicians also visited cafes around the Philippines to install anti-virus and security software. It was a tedious and time-consuming, but necessary exercise. One of the key features of the company’s security applications encrypts keyboard entries and disables keyboard logging programs. It is now bundled with game client software, running automatically when a gamer’s session begins.
A total security package
Implementing internal security controls was a less onerous task – Level Up! simply put clear-cut policies in place and ensured that network administrators and staff abided by them.
The company deployed Fortinet’s gigabit-speed, FortiGate-3000 antivirus firewall system into their three global locations in the Philippines, Indian and Brazil, and additional FortiGate-500 systems in their home offices.
To avoid passing the costs of this security infrastructure onto their customers, Level Up! ensured it was built into a wider new systems implementation, which provided the necessary levels of protection and had the capability to handle high levels of user traffic.
“We preferred to have more security rather than less and were determined not to increasecharges or to pass them on to our players,” de la Cruz says.