the techniques developed to protect single computers and network-linked computer systems from accidental or intentional harm (see COMPUTER,). Such procedures can apply to the computer-data system as a whole or may be pinpointed for particular databases or programs. Operating systems (see COMPUTER OPERATING SYSTEM,) and programs may also incorporate built-in safeguards, and data may be encoded in various ways to prevent unauthorized persons from interpreting or even copying the material.

Maintaining Data Integrity.

Threats to the integrity of computer data include human error, software defects (known as “bugs”), hardware malfunctions, and disasters such as fires or floods, as well as deliberate attacks designed to disrupt computer operations or to destroy or steal data. Intentional threats may originate within an organization or may be directed from the outside, carried over private lines or over the INTERNET, (q.v.); they may come from amateur “hackers” who try to crack security defenses for the fun of it, from professional attackers who do it for profit, or simply from disgruntled employees. Of special concern are “viruses,” computer programs invisibly implanted into other software, which are designed to reproduce to infect computers whenever the host software is activated. The effects of viruses range from those that are simply annoying, such as opening a window containing a message from the creator, to those that destroy files or make the computer inoperable. A number of techniques have been devised to minimize all these threats.

File backup.

Primary to maintaining data integrity is the backing up (making extra copies) of computer files so that files that have been damaged or changed accidentally or deliberately can be restored. They are generally kept in a separate location from the originals.

Since file changes often take place without the knowledge of those in charge of computer systems, methods of detecting unwanted changes are available. Direct comparison of whole backup files containing large amounts of data with current file versions is impractical, so a checklist can be generated and saved. A checklist of files records information such as file modification times, file ownership, and sizes of files. An integrity check can then be made to compare the latest versions of the files to versions in the checklist; any changes will be immediately exposed and added or deleted files will also stand out.

To detect unauthorized changes in computer-stored data, a method known as a checksum is used. Produced by a calculation whose result depends on the entire content of the data, a checksum can be inserted with the data when it is stored in a computer. If the data is changed, the checksum will no longer be valid. Simple checksums, however, provide little security since a clever attacker could alter both the data and its checksum.

Data formats.

To maintain file integrity it is also important to ensure that information is entered into a file correctly. When data has defined formats, such as for dates, addresses, or fixed-length entries, programs that reject entries on the basis of format attributes are used to exclude incorrect data.

Fixed-length encoding.

Cryptographic “hash functions” are used to better ensure data integrity. A hash function results when data is processed by an encryption algorithm that reduces it to a fixed-length code (see DATA COMPRESSION,). It is difficult for attackers to reconstruct original data from a hashed version; even if reconstruction is successful, it is hard to compute a valid hash function to return changed data. See CRYPTOGRAPHY,.

Access Control.

Many of the physical measures used to prevent destruction or theft of property are also important to computer security. Basic control of physical access to computers, terminals, consoles, communication wiring locations, and other sensitive equipment and locations is essential.

User identification.

Passwords and personal identification codes are commonly used to restrict access to computer systems. Ordinary passwords have their weaknesses, however; anyone who obtains a password and identification code can use them to enter the system.

Challenge-response procedures (“handshakes”) provide more protection than ordinary passwords. In a typical challenge and response log-on, the user enters a password and the system presents the user with a challenge code. (A different code is presented each time a handshake takes place.) On the basis of a secretly shared value, the user calculates an appropriate response.

One-time passwords provide another way to improve password protection. With one-time procedures, the password keeps changing, so intercepted passwords become useless. Typically, the one-time password includes an identification code known to the user, combined with other codes that change every minute. A one-time password is submitted to an authentication computer where it is compared to a value computed for that user at that particular time.

Computer users can also be identified by cryptography-based security tokens or certificates. A token is a card that identifies a user as authentic. It may be inserted into a computer like a credit card, or it may display a number that the user types in. A certificate is a digital code issued to an authorized user. It carries encryption keys (numeric codes combined with the message to encrypt it) used to verify that a message actually comes from the person who is supposed to have sent it. These token and certificate methods are widely used to maintain security for computers connected to the Internet; they embody such cryptographic techniques as secret keys and public-private keys, described below.

Antivirus software.

To cause problems in software or hardware, a virus program has to run (execute its code). Usually viruses are located together with other code that is likely to be executed. For example, the virus could be placed on a disk with code that must be executed whenever the disk is started up. The installation of antivirus software, which detects and eliminates viruses before they run, is the only way to protect computers against damage. This software must be kept up-to-date because new viruses appear all the time. Most antivirus package vendors constantly monitor for new viruses and maintain WORLD WIDE WEB (WWW), (q.v.) sites from which their users can download free updates.

Biometrics.

Biometrics technologies provide still another means to increase the accuracy with which systems can identify individuals. These technologies use special equipment to measure unique physical characteristics. The most popular technique is fingerprint scanning, whereby the security system compares a user’s fingerprint with the true user’s fingerprint stored in its memory. The most accurate technique is scanning the user’s eye to check the iris pattern. Other biometric technologies include finger and hand geometry measurement, palm imaging, retina recognition, face or voice recognition, and signature verification.

Network and Internet Security.

Because so many computers are now connected to a network, to other networks, and to the Internet, remote attackers and viruses may penetrate computer systems through communications links. Many of the measures described above are also effective in maintaining security on networks; in addition measures such as router access control, public-private keys, firewalls, and modem callback have been developed expressly to improve network and Internet security.

Router access control.

Network paths are like roads, and the packets of data that travel over these paths are like tiny trucks. When a packet comes to a network intersection, a piece of equipment called a router determines whether the packet may enter the computer system or whether it will be directed elsewhere (see TELECOMMUNICATIONS,). To make this decision, the router checks each packet to see where it came from, and where it is headed. By excluding packets headed for sensitive parts of a computer system, unless they come from acceptable sources, the exposure to external attacks can be limited. The decisions made by the router are based on a stored access control list, which can be changed whenever the access policy of the system changes.

Public-private keys.

The two methods of encrypting messages to make it difficult or impossible for unauthorized persons to read or alter them are secret key and public-private key cryptography. With a secret key, a sender encrypts a message and the recipient, who has the same secret key, decodes it. The method is not completely secure, however, because the secret key must be sent to the recipient and could be intercepted. To make transmission more secure, public-private key cryptography was introduced. With this method users have two matching keys, one public and available to anyone, the other private and known only to the particular user (and carefully guarded). A sender looks up the intended recipient’s public key and uses it to encrypt the message. Even if such an encrypted message is intercepted, it can be unlocked only by the user who has the matching private key.

Firewalls.

A security “firewall” consists of a server (with special software) connected on one side to the external network (usually the Internet) and on the other to the computer system (which may be a computer network) being protected. All incoming and outgoing data between the protected computer system and the network passes through the firewall. For example, the firewall may allow access to the protected system only from those Internet data paths that are known to be secure. The firewall server also runs proxy software that accepts connection requests, decides whether the connection should be made and, if permissible, completes the connection.

Modem security.

The modems (see MODEM,) that connect computer systems over telephone lines provide an effective avenue for attackers who want to get around system security. One way to make modem use more secure is to use a callback arrangement. When a remote user dials in, the computer system makes the usual password checks to identify the user, then disconnects the call and automatically calls back to the telephone number where the user is expected to be before connecting the user to the system.

When an organization uses computers at more than one location, security is usually enhanced by connecting the computers to one another over private, rented telephone links that cannot be accessed through the public dial-up service. The rental cost for such links is quite high, so many organizations have begun to use special connections called virtual private networks (VPNs) that provide secure data communications over the Internet. The costs of VPNs are low compared to those of private telephone links. When a data message is sent over a VPN, information is included that assures that the message was transmitted by the party identified as the source, and also that the message was not altered after transmission. In addition, the message itself is protected by cryptography. Both the computer that transmits the message and the receiving computer are protected by firewalls.        H.Fa., HOWARD FALK