Previous Table of Contents Next


Avoiding Damage

As shown in Exhibit 1, some of the recommendations for avoiding damage conflict with those for avoiding access and misuse. For example, avoidance of access favors limiting the number of facilities, thereby reducing the number of targets that have to be protected. But if more systems are placed in a single facility, the probable extent of any damage is increased. IS functions therefore must strike a balance between the two conflicting principles. A compromise is to operate as few facilities as is feasible and to ensure that they are sufficiently dispersed that an extensive disaster (e.g., an earthquake) or regional electrical or telephone power failure is less likely to affect a number of critical facilities.

Another conflict is between limiting the employees’ knowledge of systems to avoid misuse and informing employees sufficiently about the system so that one individual cannot alter the software or data to the organization’s disadvantage without another being able to recognize and remedy the alteration. The avoidance of damage is to reduce the potential spread of a damaging event. Consequently, data center managers and network managers should aim for as much physical, logical, and procedural separation of systems and data networks as possible, so that any damage would be contained.

DETERRENCE

The advantages and disadvantages of deterrence — the discouragement of behavior that threatens computer assets — are discussed in the following sections.

Deterring Unauthorized Access

The deterrence of attempts at unauthorized access can be achieved through a combination of highly visible warnings and well-publicized consequences. Warning notices provide obvious indications that all attempts to access a facility, system, or network will encounter the organization’s rigorous screening methods. Publicized consequences let potential intruders know that any perpetrators who are apprehended will be penalized according to company policy or prosecuted to the full extent of the law.

Deterring Misuse and Damage

Controls that monitor actual use of systems after access has been gained are effective deterrents of illicit and unauthorized actions because they increase the probability of detecting potential misusers. Monitoring actual use is complex, however, because the range of possible damaging activities is very large, whereas controlling access involves monitoring a single activity, namely, gaining entry. The actions taken against those caught attempting misuse or damage should be sufficiently severe to deter individuals contemplating similar activities.

PREVENTION

Preventing unauthorized access, misuse, and damage takes various forms. The advantages and drawbacks to each are discussed in the following sections.

Preventing Unauthorized Access

The standard method for preventing unauthorized logical access to a computer system or data network is the password sign-on procedure. This method, which is the most common and well-known, is vulnerable to a knowledgeable violator but is extremely effective against novice intruders. Although the visibility of access controls can be an effective deterrent, it is usually less effective in preventing unauthorized access. The most effective preventive measures are generally those that are hidden, as they are much more difficult to identify and break.

Increasingly, the trend is to extend access to more and more end users, of whom many — such as customers — are not under the direct control of the organization responsible for the systems. The major online services (such as America Online, Compuserve, and Prodigy) and Internet access providers are only too eager to grant ready access to expand their customer base, and service providers are falling over themselves to offer their wares over these services. In such a situation the goal must be to control access rather than prevent it. In the past, banks sent out millions of unsolicited credit cards without careful analysis of potential customers’ credit worthiness, and bad debts skyrocketed. To some extent, the online services and access providers are doing much the same by blanketing the population with disks and offers of free service. In reality, the risk is not of the same order as with credit cards, but there is the potential for fraud and worse. The service providers have come up with methods to limit their potential exposure by, for example, obtaining a credit card number in advance so that services can be billed with relative assurance that they will be paid for.

It is when money transactions begin to take place over these networks that the real need for security and control come to the fore, and significant efforts are being made to ensure secure and fraud-free money transactions. Realistically, such transactions are not much different from the millions of transactions that take place each day over telephone lines except that, as the human element is replaced by computer-based services, there is a greater need to have systems and procedures to protect against unauthorized transactions.

Completely preventing unauthorized access to communications networks can be particularly difficult to achieve technically. Networks using dedicated private lines are the most readily protected because at least the end equipment can be guarded physically, and dedicated lines provide less opportunity for an unauthorized person to gain access. Public telephone lines are the most vulnerable because essentially anyone can attempt to dial in. Some techniques (e.g., callback systems, which break the connection and dial back the end user at a specific number) provide somewhat greater security but are complex and relatively costly. Most of these techniques are highly restrictive of computer facilities’ normal operations and therefore are often undesirable. Nevertheless, many of the most highly publicized computer break-ins have been accomplished over public networks, which suggests that some technical measures should be taken to restrict access and to ensure that only authorized users are allowed to use the systems.

In addition, it is advisable to limit both the physical and logical points of access. This not only allows better monitoring and control but can greatly reduce the cost of protection. Whatever access controls are in place, provisions should be made for backup in the event that one method fails as a result of staff unavailability, power or equipment failure, or negligence.


Previous Table of Contents Next

Copyright © CRC Press LLC