INFORMATION SYSTEM SECURITY CHECKLIST    

(C) 1994  QUALITY RESOURCE GROUP







The security of computer systems is unique. No other man made
devices have vulnerability from such a wide assortment of
sources. These are the reasons for the constant interest in the
subject. No one solution solves everything and many potential
solutions create additional levels of vulnerability just by
being put in place.

Here is a review of the basic security factors governing the
safety and reliability of the computer system and the integrity
and discretion of its data bases.

The physical and environmental safety of the hardware.

 a). Theft prevention.

Computer hardware systems are easy to steal and the thief can
usually sell the stolen goods without sharing proceeds with a
'Fence'. Computer hardware should be installed and protected
like any other valuable organizational equipment.

 b). Hardware tampering or unauthorized modification.

Computer hardware systems can be modified or tampered with
allowing unauthorized access to files and programs or stealing
RAM memory or other valuable internal circuitry. Hard disk
portable tape backup systems can be used to back up system or
network files and remove the copy from the area. Thereafter, the
thief can search for passwords or other critical data and nobody
at the organization will be any the wiser.

Simply changing the passwords on a regular or irregular basis
will not provide any protection. The thief is looking more for
the location of the password file rather than its contents. A
simple 'Latch' program can be put on a bootable floppy disk
allowing immediate access to current passwords with just a few
moments of preparation.

 c). Work area hazards including food, drink and smoking
materials.

Great care should be taken to keep hazardous materials away from
the computer, its disk drives, keyboard and other devices.
Liquids can be extremely hazardous to both the user and the
equipment. Food or smoking residue can reduce productivity
substantially by causing keyboards or disk drives to malfunction
etc. It should be noted that the most harmful damage to disk
drives have been cosmetics, especially powders.

 d). Environmental factors including heating, cooling and water
damage.

Computer hardware installation should be in areas with
temperature ranges that do not exceed manufacturers
recommendations. In addition, in areas where sprinkler equipment
is required, care should be taken to protect the equipment from
direct damage by the sprinklers.

2). The power sources used for system operation.

 a). Electrical spike protection, brown-outs and power surge
protection.

Modest protection from these electrical problems are available
at low cost. For proper protection, a UPS (Uninterrupted power
supply) should power the system. Systems can suffer severe chip
damage and hard disk problems with anything less than a UPS.

 b). Total power loss.

Total power loss can only be covered by a UPS. Most UPS systems
allow for continued use of the system for ten to fifteen
minutes. This should allow adequate time to shut down operations
safely without hardware or disk file damage or loss.

 c). Loss of electrical 'ground.'

This is the most under-rated problem affecting computer
hardware. It is usually evidenced by unpredictable computer
activity, mysterious freezing of system operations and no
apparent reason detected once diagnostics are run. Grounding
problems can also cause chip damage and disk malfunctioning. A
test for good electrical ground should be made frequently,
especially during extended dry periods of weather.

3). The physical safety of the data bases.

 a). Protection from damage by magnetic fields.

Most data media currently is stored magnetically on iron oxide
based material. This must be strictly protected from magnetic
fields. Common culprits are desk fans and vacuum cleaners. Of
course, there are also innocent boy scouts carrying magnets in
their pockets and disgruntled employees who wish to damage
company property.

 b). Security, timeliness and location of backup data base
copies.

For super security, most banks have storage facilities suitable
for magnetic data media. This is a good location to place
archival copies of data. A data vault or safe should be used for
day to day operational backup copies. This should be positioned
near the computer systems but preferably on another floor.
Another strategy which can be employed on a network system is
the multiple recording of data. It should be kept on widely
separated hardware locations for the best security.

 c). Operating problems caused by equipment malfunction or
accident.

The location of floppy disks, their drives and hard disks should
be carefully chosen to minimize potential damage from accidents
or malfunction of other equipment.

4). Potential interference from computer 'virus' programs.

 a). Protection from Boot block viruses.

Boot block viruses are the easiest virus to detect, but also
spread faster than other viral program types. The worst case is
the booting of a system using an infected floppy disk which
immediately plants the virus on any system hard disk drives.
Protection is very simple. Each new floppy should be tested for
a boot block virus before it is used to boot up the system.

 b). Protection from program implanted viruses.

This type of virus is usually carried on popularly used system
software such as file Copy and Delete. Sometimes, it can be
hidden on less popular software with less chance of being
detected. The virus usually is passed on to non-infected
versions of the same program where ever the virus finds them.
They spread in much slower fashion than boot block viruses, but
are also harder to detect.

 c). Protection from a 'Bomb' program.

A Bomb program is not unlike a virus program but may be planted
in a system and does not attempt to infect other files or
systems. It sits there quietly until it is used after some
pre-programmed time or when some desired situation occurs. The
program will be piggy backed onto any program file on the system
which is used in regular enough fashion that the bomb has a good
chance of working. When the bomb explodes, it is usually
designed to destroy as much and as many data files as it can
before being detected.

5). On-line and Network system operations.

 a). Modem/phone line interface damage protection.

All the publicity accorded 'Hackers' has arisen from this type
of activity. A 'Hacker' is an individual who tries repeatedly to
gain access to any systems he can find by phone. The computer
used can be set to call numbers continuously until a modem
responds at the other end of the line. Thereafter, the hacker
attempts to worm his way onto the system. They have been
successful in the past but protection can be put in place that
is 100% hacker proof.

 b). Local and Wide Area Network protection.

Network protection is required for many areas of business.
Monies stolen from organizations by computer are nearly all
traceable back to the accounts payable process. Accounts Payable
files should never be directly on-line in a network with
potential file access from a number of different computers.
Password protection and some kind of file utilization protection
are simply not sufficient methods to prevent a determined thief.

 c). Protection from downloaded information or software.

Many of the famous viruses were originally downloaded. Great
care should be taken to segregate and test down loaded programs
before they are executed on the local computer system. If the
system is used to communicate with another remote system, in no
event should there be the ability of the remote user to download
and then execute a program. Such techniques, while on occasion
very useful, are like a six lane highway for a hacker to have a
fling with your system.

6). Unauthorized system use.

 a). Protection by password.

Password protection is the minimal level for protecting a
system. Passwords can be given away, discovered or bypassed
almost at will by any competent programmer. Passwords, to be in
the least bit effective, must carry software which shuts the
system off after a given amount of time and require the user to
sign back on again. All very cumbersome, and really not very
effective.

 b). Protection by 'Time' clock.

If a Time clock is installed in conjunction with a password
system, this becomes a much more effective means for system
protection. The Time clock is set so that access for a given
password is denied except during regular working hours.

 c). Protection by access log.

The Time clock, password and access log file combination takes
on proportions of a good security system when combined. The
access log is preferably maintained on a separate system with
possible physical oversight by building security personnel. The
system which is being accessed should at some point determine
the type of access. If the access is illegal, the system should
NOT indicate that fact to the system being used. Rather, all
activity should be logged verbatim to a log file so that what
the user is attempting to do becomes apparent. Of course, no
files should be updated during this period.

 d). Protection of privileged or critical data bases.

Privileged data can be protected by programs using it. Coupled
with password access, transaction operations can be coded to
shut off unauthorized access. This type of data should be kept
on line in coded file form so that an adventurous user does not
stumble on it by using some kind of disk storage utility to
research file data outside of normal transaction processing.

 e). Accounting software transaction code access protection.

Accounting transaction code access can be limited to given users
preventing not only unauthorized use of expense codes, for
example, but preventing ordinary accounting mistakes.

7). Application and system program tampering.

 a). Software modified for monetary theft.

Software has been modified in the past to allow an individual to
profit without detection, or to steal from accounts payable. For
example, a system which prints checks and then prints a separate
check register is prone to have the check printed with one
address and the register with another. This should be trivial to
prevent, but often is not even contemplated.

 b). Software modified to destroy business operations.

Individuals have received payment for destroying business
records in much the same fashion as burning down a building. If
the 'Job' is handled properly, by the time the disruptions start
to impact day to day business, recovery may be almost impossible.

 c). Software modified for mischievous destruction of data.

This is really the same as item (b) above except that it may be
harder to detect in that the purpose is not total disruption of
business. The worst of these schemes are not detected even
during file backup and archiving.

 d). Software inadvertently damaged and now causing problems.

Software on occasion or hardware problems can cause programs to
malfunction. When a program mysteriously malfunctions, it should
be check against an archival copy to make sure that it is whole
and complete. If it is not, the altered portions of the program
file should be checked to see if the type of malfunction can be
identified.

 e). Software modified to gain access to privileged information.

These schemes can be as simple as permitting a special password
access to all programs and files. Without knowledge of the
password, others would not recognize the existence of the scheme.

8). Unauthorized modification of data files.

 a). Data modified to disrupt proper audit trails.

Data is modified to mislead auditors or create auditing problems
which, in a large organization, may cause types of auditing to
be temporarily abandoned because of excessive cost. This can
often be disguised as a system design 'defect'.

 b). Data modified to hide wrong doing.

This data modification is used to write a check to individual
'A' but modify all records so that it appears to be paid to
individual 'B'. In large organizations, this simple scheme can
be successful because access to original documents can be
difficult and if originals are copied to micro film or some
other archival storage method, it may appear that the archival
copy is the one in error.

 c). Data modified for mischievous purposes.

File integrity monitors should be run on all critical data files
on a regular basis. The best of these schemes performs the file
scan when the system is temporarily inactive.









QUALITY RESOURCE GROUP is a Management and Information System
consulting firm offering integrated business solutions in the
following areas: Total Quality Management, Information Systems
and Computer Security, Mission Statement and Business Plan
Development, Customer Satisfaction Systems, Reengineering
Defense Contractors for the Private Sector, Employee Selection,
Development and Training and Marketing and Communications. We
are experienced in the design and installation of secure
business information systems. Our proprietary Fund Accounting
system has successfully been employed to pay out over 150
billion dollars. Our Fund Accounting systems typically return
their cost to the user with improved money management in less
that 120 days. 





INTERNET: QualityRGr@aol.com







SMAIL:



QUALITY RESOURCE GROUP

721 NORTH MCKENZIE STREET SUITE 2

FOLEY, ALABAMA 36535



426 16TH AVENUE

SAN FRANCISCO, CALIFORNIA 94118



421 SEVILLE WAY

SAN MATEO, CALIFORNIA 94402



VOICE: 205/986-2050

FAX    : 205/943-5672



James McKinley, Principal

Member of The Association For Quality And Participation

