Embed Size (px)
Citation preview
FEATURE
Changing Policies Towards Encryption and Internet Security
Pa trick Hook
T here is an increasing tendency for organizations to put information on the
Internet which immediately makes them vulnerable to hacking. What security is available
beyond the modem?
Of the eight principles that accompany the 1984
Data Protection Act, the last is perhaps the most
worrying. Not that there is anything particularly
startling about the requirement to take steps to ensure
the security of data held. Indeed, the safe custody of
property, in whatever form it exists, is an aspect of the
job that most already tend to take seriously.
The problem with the eighth principle is, to put it
simply, the speed of technological advance. Security
measures necessary to ensure the confidentiality of data,
change almost weekly as software and highly specialist
hardware, designed to protect data, are quickly followed
by the means to overcome the defence they offer. And
while evaluation procedures in Europe (the E standards)
and America (the A, B, C and D standards) help to guide
the user as to the level of protection offered, ultimately
the responsibility rests with him to argue his comer. It
is he who must satisfy the regulatory authorities that, not
only is the system secure from outside interfaces but that
the software works in the way the software house has
stated.
Fortunately. systems do exist which are able to
provide carrying levels of protection against deliberate
or accidental interference. And while the ability to
obtain protection is, at the highest levels, still limited by
export controls, there are signs that even this policy is
being replaced by a spirit of compromise. The export
controls, designed to ensure that the State always had
the ability to read all computer traffic in time of need,
are now beginning to be seen as an impediment to
commercial enterprise. The more pragmatic approach
is, some suggest, the result of a recognition by
governments that commerce has a need to communicate
in a secure environment if it is to compete in the global
market.
“There is beginning to emerge a way of building a
compromise that seems to have increasing support from
governments around the world”, said Peter Dare of
IBM’s Security and Integration Solutions. “It is a way
of managing the key by which the information is
scrambled. That key has to be managed and distributed
and there has to be an infrastructure to deal with that, to
ensure that the key is available to the authorities when
needed. Governments now seem keen on rolling out this
compromise solution which will give very good
security for the State, businesses and the public who use
(encrypted data) while at the same time allowing law
enforcement access when it is really necessary.”
Without an infrastructure designed to regulate the
use of and access to encryption codes, there is a real
concern that the ability of the various enforcement
agencies, including the police, to gather evidence of
wrongdoing, would be negated. On the other hand, a
high level of security in the transmission of data over
the public telephone lines would obviate the need for
expensive, private lines such as the Metropolitan Police
Metnet or the UK Police National Network (PNN).
In broad terms, computer security is offered at three
points. As data passes into or out of a computer system
connected to the Internet, it can be interrogated by
software programs known as firewalls. An access
control mechanism, the firewall looks at requests for
entry to the server and judges (a) whether the request
comes from a valid source and (b) whether on not it is
trying to carry out a valid function. If the transaction is
unauthorized it will be blocked. Firewalls will only
work with the Internet and do not work with other
protocols.
The second point is where the sensitive or
confidential data is passed along public telephone lines
and where the opportunity for eavesdropping exists.
12 Computer Fraud & Security June 1996 0 1996 Elsevier Science Ltd
FEATURE
Here the data can be scrambled or encrypted so that it remains wholly unintelligible to an eavesdropper or someone to whom the data is sent in error. Finally, security is provided by the operating system and/or the hardware. For the police and other organizations holding sensitive data, there is a legal obligation that the system in place should offer a reasonable level of protection against unauthorized access - the eighth principal of the Data Protection Act. There is, in other words, a requirement for a secure operating platform.
Firewalls
The increasing sophistication of firewall technology means that the level of security offered against unauthorized enquiry from the Internet can be high but it is important to bear in mind that the security gate faces out and not in. Firewalls work only with the Internet protocol and do not address the problem of data corruption by an organization’s own staff which, according to the IT research organization Dataprobe accounts for 93% of all data lost through human intervention. Nor, once it is breached, can the device offer any further assistance in preventing the intruder from ,.tccessing any other part of the system.
“The problem of security on the Internet only really begin\ to become an issue if an organization chooses to allow people access”, said Doug Gibbard of
Leicebtershire Police IT Department. “The moment you fit a modem and the software which allows people outside the building to dial into your systems, you have to ha\ 12 firewall technology to make sure that only those with the necessary authority can get in. Of course the best r!‘pe of security is to have an air gap - fresh air between the machine into which people can dial and the server containing the rest of your database.”
But inevitably there is a trade off, in terms of cost and efficiency, between a given level of security and the effort required to maintain that level. Employing the principal of an air gap would certainly ensure that there was no breach of an organization’s computer system but it would also involve more work in ensuring that the information intended for the Internet was valid and up to date. There are those who doubt the need for the additional effort.
“There might have been an argument for employing
an air gap years ago”, said a spokeswoman for Oracle, “but firewalls are now so good that it is virtually impossible to breach the security that they offer.”
Except, that is, where an authorized user introduces data which has been corrupted by a virus. In these circumstances the firewall in impotent and there is a need for an operating system which tightly controls the areas of the system to which acce6s is granted.
Secure platforms
Two of the most serious threats faced by any organization whose computers interface with others outside the immediate office environment, are those of the virus and deliberate hacking-in by unauthorized personnel. It is for this reason that companies like Data General have developed sophisticated operating systems designed to restrict access to that part of the system for which authority exists and no other. Their Secure Internet Server was launched in February and is being evaluated at the B2 level (in the USA) and E4 (in Europe).
“On a normal non-secure system, by giving certain people the privilege to do certain things within the system, you give them the ability to do anything”, said Berbard Foot, European systems manager at Data General. “The principle of the secure Internet server is that there is a great deal more processing power available to it compared with the standard firewall technology. In turn this permits a detailed analysis of all users of the system, both authorized and unauthorized. By setting up a number of containment areas, users can be restricted from whether or not data has been altered.”
As with the hacker, it is clearly important that the introduction of a virus be detected quickly and operating systems developed by most of the major companies, including Hewlett Packard, IBM and Data General, are able to do this. The Data General system automatically runs the anti-virus program whenever information or a new program is introduced from the Internet.
In the opposite direction, a secure operating system is able to prevent the unauthorized release of information to a third party. A device known as ‘key word filtering’ ensures that documents containing the key words cannot be exported from the system. Key
Computer Fraud & Security June 1996 0 1996 Elsevier Science Ltd
13
FEATURE
weds may be winethin, ‘7 like “This is a confidential
document” and el‘fecti\~cly prevent the deliberate as well
as the accidental release of information.
Encryption
There is nothing new about the idea of encryption; the
word comes I‘rom ancient Greek and means ‘secret
writing’. The technique has been in regular use ever
since. hut it has only been since computers became
widely a\~ailal)le that the ability to encrypt messages has
acquired a si~nil‘icance well beyond the narrow confines
of wartime national security. For some years
organizations ha\:e either employed low level
encryption ax ii means of transferring commercially
sensitive data umnci the world or have gone the route
of ;I pri\,atc tetephonc network. The higher levels of
security offered by highly specialist companies -
mainly in the LJnitecl States of America - have been
restricted by the imposition of export controls.
That is now changing and with it comes the
possibility 01‘ totally secure transmission of data across
public trlL>phoiie lines. With the increasing levels of
international trat‘l‘ic, the opportunity presented by this
change in global policy is significant. The advent of
generally a\,ailable. secure encryption is likely to speed
the process 01‘ change. Ar the highest levels of security
the Mel) has commissioned a consortium led by
Microsoft, No\,cl. Digital. EDS and Nortel to produce a
secure cn\,ironmcnt usin, ~7 commercial off the shelf
products such as Microsoft NT and Novel NetWare.
Due to he dclnonstrated to the IT industry this summer,
there seems little doubt that the collaboration has been
promptecl by ;I \,icw 01‘ the long-term commercial gain
that such ;I prcj.jcct rcprcsc‘nts. But encryptjon on its own,
atthou& immensely \,aluable as a means of security and
the cost effective LISA of rc’hources. requires the added
dimension of lnlst. Both the sender and the receiver of
data need to he cont‘iclent that the data sent is the same
as that rcceivecl. They also riced to be sure that it has not
been intercepted. In response to this requirement,
comp;u~ies like Microsol’t. IBM. Digital, Novel, Domus
and others who ~~I-~K~LICC’ encryption software, have built
in iclrn~it‘ication and authentication) functions which
m~~~he~naticall~ ct-oss check data received against that
sent, ;ilcI-rins iinv :iltcr:ilion\.
‘l’t11\ c.l.!‘l~l~)~t.;ll,tli~ technique. known as a digital
signature, has a further function. It allows the sender to
prove that the message has been received by the person
for whom it is intended since not only has the content
of the message been authenticated but the receiver’s
digital signature has confirmed his receipt.
Even those systems that operate within a discrete
network require protection and it would be a mistake to
imagine that they do not by reason of their private
network require any form of security against outside
interference. Novel, whose NetWare package is used on
about 83% of all networked systems worldwide, runs a
complete set of security tools within itself which
provides a level of security to C2 level in the USA (E2
in Europe).
“It is possible to make individual PCs and servers
secure but when they are connected into a network they
must have a secure network”, said Bruce Graham,
Director of Novel’s Public Sector Marketing.
European Directive
Last July a European Union General Directive on data
protection was agreed by the Council of Ministers which
requires national legislation to be in place by 24 October
1998. As far as the UK is concerned this will almost
certainly mean the introduction of anew Data Protection
Act. The Directive contains several requirements not
currently covered by UK law including:
l the inclusion of some manual records
l a duty on all data users to comply with data
protection rules whether or not registered under the
new system
l provisions designed to ensure that the tmnsfer of
personal data to non-European countries is
adequately protected
On 22 March this year, the Home Office published
a consultation document on the Directive and the Data
Protection Registrar is due, shortly, to publish a series
of papers designed to answer queries on the implications
of the Directive.
14 Computer Fraud & Security June 1996 0 1996 Elsevier Science Ltd
