Copyright 2015, 2018, 2019, 2022 Solutions by Design
Computer security is much in the news, but there is little light shown on the subject. This page will attempt to highlight a few of the items that are critical to any effective computer security environment.
True security requires hardware and an operating system that is secure by design. Only such a system should be used for anything important. A secure by design system must include all of the following:
- All kernel and supervisor code must be compiled as "authorized" and must be executed from an authorized location.
- All I/O is performed by the Supervisor, not by application programs.
- Any program that touches processor storage outside of it's own storage is canceled.
- Programs must distinguish potions of the program that contain data that may be modified as the program runs (variables) from portions that contain executable code which may not be modified as the program runs.
- If a program attempts to modify program code the operating system must cancel it.
- Any I/O operation that attempts to read a data block longer than specified is canceled.
- Any program executing an illegal op code is canceled.
- Only authorized persons may add or modify programs in an authorized library.
The only hardware and operating system that supports these requirements that I am aware of is z/OS running on IBM z series hardware.
- Data storage. Customer data, or any other data which should be kept secure should not be stored on an Internet facing computer.
- User validation. When a person on an Internet connected computer logs on to a system, s/he should provide an ID and password to the system. The Internet facing computer should then pass the data to an intermediate system which properly encrypts the ID and password, and then passes it to a third, validation system that has no direct Internet connection. The validation system should determine if the ID and password represents a valid user, and if so provide a user selected system validation phrase or picture along with challenge question which should be passed back to the user through the intermediate system. The validation phrase or picture confirms to the user that s/he is actually connected to the intended system and not a “spoofing” machine.” The randomly selected (out of at least 6 known questions) prevents most automated hack attacks. If the user provides a correct response to the challenge question, the validation system provides an authentication token to the Internet facing computer that identifies the user as authorized. Note that with this system, at no time is any user information, except for the logon user, available on the Internet.
- Data availability. If a logged on user desires information, the user’s authentication token is presented to the data server which again has no Internet connection. The data server accepts the request, sends the authentication token to the validation system to identify the user, secures the requested data, and returns it to the Internet facing system. Again, only small, discrete bits of data are ever made available on the internet.
- Encryption. All data should be encrypted.
- Password protection. No passwords should be stored. Instead, passwords should be passed through a one-way encryption algorithm and then salted. That is, a predetermined number should be added to the output of the encryption algorithm so that even if one were to learn the algorithm, the stored result would be different from its output. Only this result is stored as the “password.” Thus, a password can never be retrieved – only results of the process may be matched for validation.