INFORMATION TECHNOLOGY/Securing government computer data
As the millennium approaches, one can hardly imagine any local government agency not having substantial information resources stored electronically to take advantage of the rapid, easy access that computers provide. That easy access, however, creates a level of risk that every system manager must recognize. Easy access to databases creates the hazard that information can be obtained and used by those who would seek to abuse this access.
Physical property is far easier to protect than is electronic data. Homeowners, for instance, can lock their doors and bar access to their homes, making sure no one gets into the places where valuables are kept. Information managers, however, do not have that luxury. Information assets have value only if people can access them. The challenge is to ensure that access to databases is controlled.
Different people require access to varied levels of data, which often reside within a single system. Information managers need to be able to control exactly what information specific employees can access. Additionally, it is often difficult to predict what information people will need to perform their respective jobs.
Besides limiting who can access data, managers should limit the locations from which certain data can be accessed. For example, payroll information should be accessible only by authorized personnel, and those employees should have access only from specified locations, such as the confines of the accounting and payroll departments. Access from other sites should be barred to prevent unauthorized personnel from viewing protected data or an authorized person’s identification and password.
Recognizing when access controls are breached and who is responsible is the key to the next layer of security. Unlike perpetrators in a physical break-in, electronic intruders leave no fingerprints or security camera photographs.
However, electronic fingerprints can be found by creating an audit trail when information is accessed. The most common method of creating an audit trail is to use an authentication system that identifies who has requested specified data, coupled with practical layers of security to make it difficult to fool the authentication system.
In the most basic security system, access requires a user ID, while the next step would require a password or PIN. However, these common techniques often are ineffective because passwords can be compromised. Even more sophisticated systems, such as magnetic stripe cards used in combination with passwords, provide only limited protection because anyone tapping phone lines can read both the ID and the password. Clearly, any system based on the ID of unseen people can be compromised.
One solution requires operators to provide a different credential every time they access the system. This challenge-response system is a modem version of the “Halt-who-goes-there?” method practiced by the armed forces. Rather than using a password, personnel are given sophisticated codes that are too difficult for electronic eavesdroppers to analyze. The code can be implemented in a user’s personal computer, or even on a portable device that resembles a credit card.
A properly used challenge-response system provides both a perimeter defense that keeps unauthorized personnel out and the key to creating the vital audit trail.
Data protection is increasingly crucial as access to databases becomes more widespread on systems interconnected across cities and counties. Regardless of a computer system’s size, the basic principles of electronic security — properly administered and enforced policies, effective challenge-response systems and audit trails — will protect vital data.
The author is general manager, security and advanced management systems, Racal-Datacom, Ft. Lauderdale, Fla.
