08/05/2008 10254 FAX 8306209583 GUHRDERP.  001/002





How ...
08/05/2008 10154 FAX


covered the password taped to u culnputer

This was a reported case.  Many pe...
Upcoming SlideShare
Loading in …5

Computer Crime Costly


Published on

For historical reference. Here\'s an article I wrote 24 years ago when (2400baud)dial-up was the bandwidth.

Published in: Devices & Hardware
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Computer Crime Costly

  1. 1. 08/05/2008 10254 FAX 8306209583 GUHRDERP. 001/002 .1‘ COMPUTER CRIME: QUIET BUT cosnv How to protect your sensitive files from electronic bandits Experts suggest defending information stores with e mu/ ri- gagging :111f: i]{1’: :=j layer security system. A callvback security system Is an tion has become priceless. So, lt’s not sun- excellent Start. It can provide other business benefits as well Pfisinfi Phat “°'""‘°‘“W 35Ya1““bl“5i“' formation has attracted thieves. Unfor- tunately, much of the information stored in computers is vulnerable to unauthorized access. Computer systems that can be acv ceased over the telephonelifles With £1 per- sonal computer and communication modem are particularly vulnerable. Break—ins are common. Several years ago, for example, :1 major California bank lost $10 million in £raudu— lently transferred funds. As bank officials learned later, a former consultant to the bank transferred the funds after he dis- by MICHAEL PANNO Michael PCLWVLO is Customer Sufport Manager for Digital Pathways, Inc. , Palo A to, Calif‘. CornmunicationAGE I . JULY, 1985
  2. 2. 08/05/2008 10154 FAX 8308203583 covered the password taped to u culnputer terminal. This was a reported case. Many people believe that a substantial number of com- puter crimes are not reported, but no one knows to what extent, that is true, with this realization, more companies are look- ing for ways to secure their computers and protect their resources. The tool Hogan Systems, Dallas, develops soft- ware for banks and other large financial institutions. It uses a computer security ‘system called Defender II to protect its iles. The security system is manufactured by Digital Pathways, Palo Alto, Calif. It provides protection from unauthorized dial-in access to Hogan's IBM mainframe computer with a call-back mechanism. Callers who attempt to access Hogan's system over phone lines first must call into the security system, which asks for identi- fication. It checks the validity of the iden- tification and tells the caller to hang up and wait for a call back. Then it calls back the previously authorized phone number for that identification number. Thus, protection is assured by forcing communication to and from a specific loca- tion. Entry of an invalid identification number causes the system to hang up and deliver an alarm message to the logging device. “Security is a big issue for us, ” explains Bill Stapp, Hogan's vice president of data processing. "We sleep better at night knowing our data is safe from some hacker hrealdng in and corrupting our files. " The security system is used within Hogan's software package in conjunction with its customer service and support pro- gram. “We provide our customers an on-going service which includes being able to phone into our computer if they're having prob- lems with one of our software packages, ” says Stapp. "They can access files which allow them to do key word searches on our database and find out whether anyone else in the world has had that problem and how to fix it. " Hogan also can transmit a fix directly to a customer any time of the day or night, if there is a problem with an application. In addition to preventing unauthorized access to I-Iogan’s computer, the security system provides the ability to manage authorized access. “We can program it do do almost any- thing we want it to do, ” Stapp says. “We can authorize people for certain times of the day or days of the week. ” The security system also provides man- agement information, such as the called number. “This capability provides us with GUARDERP. ‘The security system also offers management informa tian, pro viding us with almost complete control -of the telephone lines into our computer system. . . ' almost complete control of the telephone lines into our computer system, so we know what number is being dialed, ” says Stapp, "and we can check on the lines any time we want. " An analysis of this information tells Hogan’s management who's making the most phone cells. "We use this information to follow up with customers who make several phone mils per month to find out whether they need specific help, " Stapp notes. This feature helps Hogan save time and allows it to spend service resources where they are most needed. It also saves its cus- tomers money and time, and provides an added value to their software investment. Cost factors The price tag of Hogan's software pack- ages can range from around $100,000 for one system to more than $2 million for the entire library. Naturally, protecting its products from being stolen or sabotaged is a primary concern. Before Hogan installed the security system, it used another so- curity device that required passwords. The previous system provided only dial-in access. Users dialed a phone number which prompted them for a five-- or six- digit access code. “This gave us protection to a factor of 10 to the sixteenth power, which is a million billion-to-one chance of someone brealdng in, ” notes Stapp, “but it didn’t tell us where the calls were coming ll'om. ” Hogan has instituted seven layers of se- curity in its computer system. Most se- curity experts recommend several meth- ods of security. Other types of security include passwords, which involve the as- signment of codes to authorized users. However, passwords must be changed often to minimize the risk of former em- ployees obtaining unauthorized access to information networks. Another type of security is encryption. Encryption is the process of encoding in- formation so that it can be decipher-ed only by someone with a decoding device. Text is made illegible by a cryptographic al- gorithm controlled by an encryption key. Encryption can be expensive but in some cases, such as in defense systems, it is considered worthwhile. Securing a computer with a combination of methods is most effective. A dial-in/ call- Communicaticnflefi l JULY, 1935 002/002 hack system is the unly one that. pruviduu comnlunittation inaimgcxni, -nt fuul. u|'(. -:4. While security was a top consideration for Hogan, the communication management capability also was a key factor in select- ing its current system. The security system's audit trail provides information on line usage, host system computer usage, and log-on and log-off times. “This feature is useful for as- sessing performance of existing lines, as- sessing need for new lines, calculating phone charges and monitoring usage or unsuccessful access attempts, ” says Stapp. Establishing priorities A queueing feature allows Hogan to de- fine a priority scheme which permits im- portant users to gain quick access to the system even at times of peak usage. Other users are queued and serviced after higher priority users. Each user is informed of his or her position in the queue so the ex- pected waiting period can be estimated. Uers also are informed if the computer is down so they can take appropriate action. A modern monitoring feature provides a complete status report showing which modems are in the process of dialing, which have established communication, which are idle and which are disconnected. It also keeps a counter on every modem, registering the number of times each modem has failed to establish proper com- munication. This feature permits quick identification of defective modems. It also allows Hogan to review how many, and how often, users are in a queue. This is useful information in deciding when to add more modems or lines. Defender II has a synthesized voice which prompts callers for their identifica- tion numbers, guides authorized users through all steps, and provides informa- tion regarding queueing and system sta- tus. In addition, it can be programmed to deliver a text message to a predefined list of users. “This is particularly useful when passing along information about computer status, " Stapp observes. The security system performs several self-diagnostic tests to assure continued proper functioning of the system and mod- ems. Periodic checks allow preventive measures to be taken, rather than waiting for a crisis with its accompanying down- time. Another aspect of the security system is: its expansion capabilities. Hogan uses a system with 32 ports, or incoming lines, which accommodates current needs. But as the company and its customer base grow. the need for more incoming lines will necessitate a larger call-back system. Hogan's security system can be expanded to handle as many as 334 concurrent phone connections with an authorized user database of 4000 people. CA 43