Help
Site Search by PicoSearch

Computer Systems and Website Planning

    Planning --   Last Section: H - DATA MGMT   |    Next Section: J - CLOUD


I. Computer Systems Security

Updated on May 2, 2011

  1. Definitions
    1. "Full security" should be defined as multi-level protection against unwanted and criminal intrusions. This full security concept must be supported by all involved vendors and the user and includes the following:
      1. Security protects a database or other applications when each is in use, at rest, and in-between use and rest;
      2. Such security is a mutual imperative to continually anticipate every weakness;
      3. When we do not succeed, there must be provisions for implementing counter measures;
      4. When crimes do occur and systems are compromised, there must be tools to help users recover from such invasions.
      5. Since criminal capabilities seem to keep pace with technology, vendors must be continuously involved with methods to better secure their products.
    2. "Cyber-terrorist" is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attack against computers, network, and the information stored on them. (Wikipedia)


  2. Security Architecture

    We do not know how code is written or what proprietary methods are used. We might know when security is breached. This section lists ideas without knowing what state-of-the-art techniques are being used.

    1. Systems security vendor and DBMS design must have the following concepts in place:
      1. to have a pro-active attitude about security
      2. to be able to detect security breaches when they happen
      3. to successfully recover from security breaches, and
      4. to identify and isolate corrupted entries for removal or cleansing.
    2. Protection against hackers and crackers and unauthorized changes or deletions;
    3. An ability to discover, monitor, control, and remove unauthorized intrusions.
    4. Emergency recovery drills and checklists
    5. The research database must attempt to be secure at all levels, all of the time (at rest, in-use and at all other times), and as well protected against unauthorized tampering as possible.
    6. 128-bit encryption or higher on secured lines; possible use of Verisign for authentication; authentication on both ends
    7. RAID technology may be desirable; Duplex systems also a possibility; essential requirements are to identify the compromised hard disk drive (HDD) and to recover using an uncompromised HDD.


  3. Restricted Access and Logins
    1. There should be multiple levels of access, including systems, administrator, management, employee, member, and others. Perhaps there can be different levels of access for employees performing various types of work and members with different responsibilities and privileges. Perhaps there is some means of granting tacit permission for accessing the website which would not be there with unauthorized accesses.
    2. Required, unique password for each employee user; all are logged, all have a beginning and an ending date after which the password must be replaced with another
    3. An encrypted identification string should be placed on an authorized computer, before its user attempts database access.
    4. Digital certificates should be used, and means to confirm security on both ends and intermediate transfer points along the way, to and from the database.
    5. For everyone trying to access the database, the following security measures should be used:
      1. use of passwords, changed after some period of time
      2. use of security questions when a user is not at their own terminal
      3. monitored periods of inactivity
      4. timed intervals for successfully entering passwords and questions
      5. limited number of login attempts followed by lockout
      6. graphic fields (variable-size characters, not machine-readable)
      7. timed sessions with automatic log off
      8. log off after periods of inactivity
      9. timed mid-session re-verification of user ID and password;
    6. There should be no side doors, backdoors, or other security bypasses for knowledgeable hackers/crackers to discover and exploit.


  4. Record Logs for Monitoring Activity
    1. Full access to all levels of systems activity by designated THNC employees (monitoring and maintenance are to be done in-house);
    2. All accesses to database are logged, even authorized and trusted researchers, managers, and systems maintenance personnel.
    3. Every change to the database needs to be monitored and logged and retained for a fixed or variable length of time
    4. Monitoring records need to be encrypted and logged
    5. A log, integral with or separated from database that records statistics for each employee’s session, including 1) log on time and place; 2) number and types of additions, deletions, and changes; and 3) log off time and place.
    6. For access via wireless devices:
      1. Log on time and place will require the use of mobile phone tracking, capturing of mobile positioning coordinates or the use of a location-based service to identify and record the employee's location;
      2. If the log on place location/coordinates is not available or the request for this information is refused, log on attempt will be terminated;
      3. If the log off place information is refused, no further log-on from that device will be allowed until this situation is resolved.
    7. Standard protocols for backups including 3, 4, or 5-deep techniques and secure off-line, off-site storage.
    8. Special access requirements for public service terminals used at places like libraries; special identification assignment to a user for a fixed period of time at the terminal. This could be assigned manually or by a software package that assigns terminals to library patrons.


  5. Questions and Ideas
    1. Criminal Behavior
      1. Are there potential security weaknesses when users are logged on? Can an active session be hacked/cracked while in progress without the authorized user's knowledge?
      2. Can a hacker/cracker, posing as a member with legitimate ID and password, gain inappropriate access to other THNC resources? How can proper use be better separated from improper use?
      3. If a hacker/cracker gains access to the database by whatever means, is it ever possible to retain information (in the absence of IDs and passwords) about that person? If not, is it possible to track a "null identity" where the person crashes the system but does not have valid identity codes for marking changed records or fields?
      4. If the hacker/cracker is an employee, it may not be possible to track improper use. Are there ways to detect the possibility of improper use of resources?
    2. Security Technology
      1. Can security be integral with an application ("built-in")?
      2. What other technology is "state-of-the-art" for securing databases?
      3. Double encryption for member information; is full security for credit card information possible?
      4. Possible deciphering occurring at THNC-stations (this means that queries and responses would not be legible in transit)?
      5. If a communication is VeriSign-protected, can the data inside the communication still be hacked/cracked?
    3. Prevention
      1. Is it possible to pass information through a "scrubber" -- a routine that checks for and removes anything attaching itself to text, graphics, videos, URLs or other types of information that are intended to become part of a database?
      2. Can a database (and its DBMS) be isolated from all users by a barrier so that it is not directly connected to the website, HTML code, or subroutines?
      3. Can a database (and its DBMS) use encryption and packets (information technology) or other methodologies to isolate communications both ways so that users (hackers and crackers) do not ever know the actual location(s) of the database?
      4. Can work (additions, changes, deletions) be tagged with alphanumeric identifier to make each block of text unique in the database?
      5. Can an electronic key fob (passive RFID, proximity device, challenge-response authentication over radio frequency, or other technology) be used at an authorized terminal or computer for access to be initiated? To use their workstation, each employee needs their key fob and their PIN. Can such a security device be a peripheral and not integral to a PC or THNC terminal?


    A - PURPOSE & TOC | B - OVERVIEW | C - GENERAL ACCESS | D - MEMBER ACCESS

    E - EMPLOYEE ACCESS | F - WEB DESIGN | G - SYSTEMS | H - DATA MGMT

    I - SECURITY | J - CLOUD | K - APPS | L - THNC-STATION

    M - SERVICE | N - PHILOSOPHY | THNC HOME