Hardware and Software Defenses Donn B. Parker, a specialist in computer security at Stanford Research Institute, has said, "The best detective for catching somebody using a computer as a partner in crime is a computer." This statement is equivalent to "Fight fire with fire." This is only part of the answer, however, because additional weapons are needed to defend the computer against its most serious threat: the trusted employee on the inside. The breadth of the threat spectrum is apparent in Table 1. The countermeasure spectrum is just as extensive; partly hardware, partly software, and partly human judgment and intuition. Computer defenses can be viewed as a series of fortified walls-physical walls outermost, hardware and software on the inside. It is impossible to review all countermeasures here but some generalizations are in order. First, consider the external threat: an outsider wishing to penetrate the system in order to steal, modify, or destroy data and/or software. The timehonored approach to a good defense is to make the first step toward penetration the biggest; that is, make it exceedingly difficult to become a legitimate user of the computer system. Bricks, mortar, and guards make up the first barrier. (Fig. 5) An interloper who penetrates these barriers confronts next the computer system itself. Will it recognize him for what he is? The computer can check physical attributes: fingerprints, and voice prints, among others. (Fig. 6) It can then ask for a password or other identifying information. Even if the computer allows someone to sign on, he may be stymied by bounds controls, encrypted files, and the sheer complexity of the system. The computer defenses are not completely penetrated until the invader acquires the executive control mode, permitting him to execute any program and read any portion of the memory. Protective barriers can be made higher and higher against external threats but at a price measured in money and convenience. Furthermore, the most elaborate defenses are largely useless against the insider. It is impossible to place too much emphasis on the careful screening and motivation of employees permitted access to computer facilities. The most sophisticated defenses can and will be breached by insiders and to a lesser extent by outsiders. Physical evidence of penetration is usually nonexistent, and computer misuse will continue until some lucky accident or human betrayal uncovers the crime. Computer systems should be self-monitoring; that is, they should figuratively ring alarms when suspicious sequences of instructions appear. When a computer is asked to "rewind a printer" or something equally unorthodox, its self-monitoring system should take preventive action. Computers are unsuspicious by nature but software can make them wary. Checks and balances can be built into data processing software to detect bank account shuffling and similar larcenous schemes. Automatic auditing procedures should be used that will provide "audit trails" leading to those probing or subverting the system. Passive intelligence gathering can pay off surprisingly well with lower risks of detection. One weakness of computer systems lies in the electromagnetic signals they emit. Electrical pulse trains between computer components generate electromagnetic radiation which is transmitted through the air and out along the wires and plumbing pipes penetrating facility walls. Electronic shields and filters are generally adequate to plug such data leaks. Taps on communication lines connecting computers with remote terminals and other computers necessitate a different approach. Data encryption (also called enciphering, scrambling, and privacy transformation) is typically an algebraic transformation of a set onto itself. In a computer system, data encryption is generally a transformation of the binary representations of the data onto themselves using an encryption algorithm which has a unique inverse. Performing this inverse algorithm is called decryption. Encryption algorithms are based on a variable or a set of variables called the encryption key. (Fig. 7) This key must be distributed to all points where encryption and decryption are to occur using a specialized, protected distribution system. Thus, the data protection is based on both an algorithm and a protected key. Usually, the algorithm is generally known but the key is highly protected and often changed. Encryption protects data during transmission between a computer and its terminals and other computers. Data in storage is often encrypted, as are passwords. An interesting feature of protecting passwords is that they can be encrypted with an algorithm which has no inverse. A user-supplied password can simply be encrypted and used in that form, making it impossible for an operator, maintenance man, or programmer to obtain all information in the system. Layers of defensive hardware and software consume more machine time and make computer systems less convenient to use. The more secure the system, the more it costs to use. In this context, it should be noted that, despite the headlines about million-dollar thefts, the amount of computer-aided theft is still rather small. By far the biggest source of loss in business data processing operations originates in the errors and omissions committed by honest employees. The software audits and tests for consistency being designed to catch criminals will also help eliminate innocent errors and omissions. In fact, the savings accrued here may well pay for all the paraphenalia needed to control access and insure data security. |