Around the Bizauto web site:

---

BIZAUTO BULLETIN 97.2

 Cyber-Soothsayer '97

 
and the news

Past Bulletins

 Who is Business Automation?

 Our services

 Consulting projects

 Expert witness projects

 Home

FEATURE ARTICLE:

Security is a critical issue for every computer system, but as important as it is it still can't be looked at in isolation. The tighter a system is "buttoned up", the harder it is to access . . . even for authorized users. An important concept is that security doesn't have to be perfect, it just has to be significantly more costly to break than the value of the information gained by breaking it. Once a system crosses this basic threshold, the value of investing in further security disappears. That's why, in judging any security procedure, it's important to weigh it against system usability. The truth is, even if there were such a thing as perfect security (which there isn't), it's not likely anyone would want it because it would be so cumbersome to use. 

This Bulletin considers three basic security issues: the security of data against destruction or loss, the security of systems against outside penetration, and how Internet connectivity affects security. 

With today's technology, it can take a couple of hours to fill each tape so that no more than a few could be used in one night. This will change in the future, however . . . a new tape-writing technique more than ten times faster than DAT should be coming out soon. 

Backup media, other than tape, are also coming into use, including rewritable CD-ROM and optical disk. These have the benefit of being faster, but they cost quite a bit more than tapes and usually have much lower capacity. 

With networks becoming more widely used for "mission critical" business applications, the need for constant "real time" backup has increased. This includes several ways of storing data on multiple disk drives simultaneously (e.g., disk mirroring and RAID). Old multi-drive systems forced users to shut down to replace a failed disk. But the newest ones are "hot pluggable", which means they can be replaced after a failure without either turning off the power or interrupting network operation. Though these systems that regenerate themselves to their full redundant state after the failed drive is replaced have been available for several years, it's only within the last year that they've become common in moderately priced servers. 

It should be noted that making tape backups is still important, even with a redundant storage system, for data archiving, off-site storage (to protect against fire or other hazards) and protection against the simultaneous failure of more than one drive. 

Password usage has always been the easiest and most common method for preventing unauthorized system access. But passwords aren't prefect, particularly since users often choose passwords that are common or easily-guessed. They also tend to become known around an office, making them susceptible to unauthorized use by disgruntled current or past employees. One solution for this is the use of software that prompts users to change their passwords regularly. 

Another good safety measure, particularly in environments where computers may be left on in public areas is the use of "screen-saver" software (which once actually saved screens from phosphor "burnout", but aren't really needed for that any more). Today, screen savers are most useful for their ability to obscure and lock unattended computers so that passers-by can't use them to access confidential data. 

Of course, some industries, such as banking and defense, need more rigid security than passwording alone can provide. There are two leading technologies for this kind of protection: "biometric" verification and variable security code generation. Biometric systems used to be prohibitively expensive but have recently become more affordable. They use unique physical characteristics such as fingerprints or retinal patterns to verify users' identities. 

The variable security code technology is only slightly less secure and it works for mobile, outside-the-office users as well. With these systems, every user has a hand-held code generator card, similar to a credit card size calculator. These cards display constantly changing codes that must be entered by the user as part of his log-on sequence, much like a password. The codes are unique for every card and are time-synchronized with a master code verification unit that protects the system or network. Thus, if one is lost or stolen, an administrator can remove it from the authorized list, making it useless until it is back in the proper hands. 

A final form of dial-in security for outside workers is "dial-back", which now comes standard in many communications software packages. This technique works by enforcing a two-step connection process. When a call comes in, the calling computer identifies itself, and the system responds by hanging up and calling back a predesignated number for the identified caller. This prevents unauthorized access by intruders calling from a different location. Dial back doesn't work for travelers (because they don't have a fixed dial-back number) and can be foiled by "phone hackers" (although that's very difficult), but it is quite reliable and considerably less costly than code generators, so it fills a useful niche. 

"Counterfeiting" of e-mail is potentially a much greater risk than interception. Imagine the problems that could be caused by forged e-mail instructions about where to send an order someone has placed . . . that's just the beginning of the problem. With today's Internet e-mail systems, it's extremely easy for someone to forge an e-mail message with whatever "return address" they like. With only a little more effort, a counterfeiter can route the bogus message through all the same Internet "mail servers" as a genuine e-mail, making it very difficult to spot as a fake. Some counter-measures are available to prevent e-mail forgery (e.g., a way of putting authenticated "signatures" into an e-mail message) but they're not widely used. The US Postal Service is developing "Electronic Postmarking" that would authenticate the time/date stamp on e-mail messages but, so far, that's as far as it will go. All the major online services require a password to send e-mail, which makes them much more secure for end-to-end communication than Internet e-mail. Thus, firms needing that capability now should consider one of them for that purpose (particularly Compuserve, because it has the most extensive international network). 

Data encryption (i.e., scrambling the messages) is the best way to transmit highly secure information across the Internet. Several software packages now available scramble messages so well that even the fastest computers would take days to unscramble a few sentences (assuming the decryption "key" hasn't been compromised). Until recently, it has taken several steps for both the sender and receiver to use encryption, but some newly released software should ease this task considerably. These techniques still face some regulatory hurdles, but they will hopefully be eliminated soon. 

The other big Internet-related security issue is the risk that linking an internal corporate network to the Internet could open it to penetration by industrial spies. This is a major concern in highly competitive industries. The best way to handle this is, whenever possible, to severely limit the ways in which the network is interfaced to the net. If practical, the interface should be limited to e-mail only (with a virus filter to screen incoming messages and message attachments). It's also best to use a totally separate network possibly one maintained by an outside supplier to host the company's World Wide Web pages. If these pages need to include status information from the company's corporate database, this information should come to the separate network via a secure one-way data transmission line outside the Internet. When this isn't feasible, there are systems called "firewalls" can provide reasonable levels of protection. However, firewalls can be quite costly (although prices have come down in recent months) and can require great technical expertise to implement and maintain.