- Email: [email protected]
EDI and LAN — friends or enemies?
Computer Fraud & Security Bulletin
August 1995
standby computer arrangements. These aims should be clearly identified before tests begin so that the success of the test against its objectives may be measured. Because of the complexity of the organization, it may be deemed necessary to automate the plan production using software. Software should be taken to include:
(4 Word processing software (b) Project planning software
platforms, fall-back for integrated facilities and different combinations of recovery strategies. All require to be managed to meet corporate expectations. All take time and resources to develop and maintain. All require corporate support and involvement.
EDI AND LAN FRIENDS OR ENEMIES? Silvano Ongetta
(c) Commercial packages
.
cost
There are still many grey areas which cause ‘apprehension’ for the data processing users. This article has not been written with the presumption of being able to reassure those who are a little fearful but is meant to try to analyze, though the space granted by the editor is limited, some of the most significant problems. As for other aspects of daily life, sometimes it is sufficient to get to know your ‘adversary’ a little in order to be able to confront him better and then possibly to become good acquaintances.. . if not good friends.
l
training of staff in its use (ease of use)
The risk areas
l
volume of paper produced
The risk areas are those that can now be defined as classic risk areas, and they are:
l
security etc.
Most commercial packages include elements of (a) and (b) as well as database management. It is this last element which raises the cost of the package. There may therefore be a need for greater local understanding of the package (via training) if it is to be used at various locations. Consideration should be given to the following aspects of using a package:
It should be borne in mind that there could be plans for more than one location. It should also be borne in mind that no software product eliminates the need for management commitment to the production of plans. Plans should ideally be produced in paper format. This does not prevent copies being held on magnetic media, with the proviso that a procedure to access and print the relevant plan needs to be in place. Business Continuity Planning is a growing industry. The principles of Business Continuity Planning have not changed over the last 15 years. The single recovery plan has been replaced by a series of plans for management, specific client/server system recovery, telecommunications fall-back, different computing
01995 Elsevier Science Ltd
logic access physical environment operating activities data processing continuity database human factor (a topic which will be dealt with at the end of this article) individual informatics systems’ software
15
Computer Fraud & Security Bulletin
l
application
software
l
data transmission
to which it is necessary to add areas which we normally identify with the too general term of emerging technology, and more precisely:
August 1995
l
Odette for the automotive
l
Rinet for reinsurance and certain regulations
industry
are still being ordained
in order to standardize the whole process, for example, Edifact (EDI for Administration Commerce and Transport).
l
expert systems
.
EDI
.
LAN
Let us not ponder too long on expert systems as this is still in the experimental phase and anyway at the moment not widely distributed. However, I think it appropriate to consider, though briefly, those realities which are taking over increasingly large niches and therefore which we cannot fail to ignore: EDI and LAN. EDI Electronic Data Interchange (EDI) consists of a direct exchange of data between computers of separate legal entities in a standardized format. It enables, in essence, to avoid sending the documents of a business transaction. If we want to trust those who read into the future, EDI will be the most predominant means of conducting a business in the years to come. On the other hand, there are many companies which now use EDI to move billions and the volume of commercial activities carried out electronically for sales and purchases is continuing to increase. In fact, some specialized projects have already been set up. At a European others:
As often happens, also for EDI the technology aspect has become less important, the prevailing one being that of the organization. It is therefore this latter aspect which has to be looked at with the maximum attention. Consequently, the requirement necessary for an efficient implementation system, other than technical competence, is that of introducing an organization approach which also takes into careful account the security measures. At this point, for not necessarily completely new aspects, the horizon widens. The EDI applications require to use networks which obviously have to be of open access, and thus, because of their nature, more difficult to protect. As a result, they need considerable attention. In fact, it is fundamental to:
l
Verify the identity of the connected
l
Ascertain
l
Verify that the messages integrity
l
Ensure the completeness transmitted
l
Obtain a confirmation transmission
level, we can monitor among
the relevance
The message’s Cefic for the chemical
industry
Edifice for the electronic industry
16
and data processing
company
of the message
are transmitted
of what
receipt
security
with
is being
of the said
can be guaranteed
by:
l
The sender’s authentication
01995
techniques
Elsevier Science Ltd
August
Computer Fraud & Security Bulletin
7995
Introduction of a kind of return confirmation receipt, in order to obtain the ‘non-rejection’
Establishing
times
Almost automatically this brings us to consider that of a PC is prone to so many dangers when it is a standalone, imagine what could happen to it
reliability of the of the messages
when it is connected to a network with many other PCs to which everybody can have access.
maximum forwarding
Measures to ensure the service and the availability
viruses, worms, Trojan horses, logic bombs and other data processing ‘route accidents’.
transmitted
The world of the LAN is rapidly growing: PCs have now become
Techniques reciprocal exchange
which
enable
the
so-called
recognition, moreover, the two-way of information, which change with
each transmission for the user
in an easy and simple way
local networks
EDI proposes new ways of operating, a new understanding of time and space; there is also talk of a new philosophy of life and work. Even nowadays (thanks to other data processing mechanisms) it is possible to say that for certain aspects the ‘money information’ is more important than money itself. In fact, the announcement of the arrival of a certain sum, seems already real enough to readily carry out a determined financial operation without materially being in the possession of money. For certain, it is necessary to prepare a background environment which will change our ways of operating and where different tasks and behaviour will continue to radically change. Thus, it is essential to face this area positively but with due attention and to praise all those current initiatives aimed at guaranteeing the safekeeping and a greater protection of the data, as for example, the introduction of the so-called electronic signature.
When talking about LAN we immediately think about PCs and therefore about something personal, of a friendly nature, to manage at times in an improvised way and without considering any rules and obstacles. But then we are called to look upon another reality because we remember the
01995
Elsevier Science Ltd
essential
relative
to
security
It is with this frame of mind that we an adequate
level of security
and at
the same time not reduce access to the data. In other words, data should unauthorized productivity.
be protected
necessary
medium and to be conscious always,
security
requirements
to find
a happy
of the fact that, as
is essentially
rather than a technical protection
from the
person without a negative effect on
It is certainly
a human problem
one. In concept, the LAN are exactly the same as
those necessary for a normal computer network. Complications derive mainly from the greater ‘manoeuvrability’
of the PC.
Even those who have only a superficial knowledge of the PC know that it is quite easy to interrupt
a program
systems
commands
intervene software
which
is in progress,
which
on programs products.
can
destroy
and data with
Furthermore,
minimum manual know-how
give and
various
if you have a
then with the setting
up of hardware schedules you can enter completely new world with huge possibilities. Clearly,
LAN
the
have to ask ourselves whether it could be possible to maintain
Cryptography
It is therefore
evaluate
implications.
the
and the
are proving to be more and more
useful and necessary. carefully
indispensable
this manoeuvrability
a
causes no few
problems to the defence of the data and of the applications. The fundamental role of the security manager is, as always, that of creating an effective authorization
system assigning
responsibility
for
stopping (or at least reducing to a minimum) the possibilities of violation, but most importantly to protect those who operate correctly.
17
Computer Fraud & Security Bulletin
Excluding the activation of applications and/or unauthorized commands
August 1995
Exclusion of Drive A NW: as above SW: President monitor able to control applications and
Inability of local backup and possible monitor interference with the network’s SW
ACCESS AD HOST - local protection as above - cryptographies online to host
The situations at greater risk are those connected with the an A drive which allows any disk to carry out a bootstrap: to input programs; to copy or insert data; to insert, voluntarily or not, viruses; and, as previously mentioned, give systems commands. In the case of local networks, we note that in order to achieve a satisfactory protection level, we have to almost enlarge the system to be able to limit its capacities. The areas of intervention, the means of available coverage and any problems which could arise in an articulated data processing structure at various levels are included in Table 7. Possible
In this case, the floppy disks used are only those which have been produced by the system in a standardized and ‘official’ manner. This solution automatically gives a significant protection towards viruses.
solutions
By analysing the solutions currently available on the market, we note that each one contemplates the accepted functions of security: user definition and relative authorizations, access control to both data and software, possibility of checking the systems’ commands etc. These functions are carried out by a resident application on the positions Server and Client which verify the authorizations.
18
In order to render these tests more efficient, especially protected cryptographic schedules can be added to the PC. This security device enables the data and the programs residing on the PC (for which a calculation of the authorization code is also expected) to be encrypted and above all, it ensures that the exchange of data through the A drive only works with floppy disks with encrypted programs or data.
The adoption of the encrypted schedules (and this is definitely an important factor) other than allowing for a safer local environment, protects transmission to the central system. Such a structure with said characteristics is able to satisfactorily resolve the local problems and is also the basis for overcoming the problems connected to the other aspects of using LAN components.
01995
Elsevier Science Ltd
Computer Fraud & Security Bulletin
August 7995
In the case of a connection system, it is essential
with the central
to recognise
l
the user at a
central level in order to be able to verify and check the
relative
necessary
authorizations. to achieve
the ‘propagation’
of the
less certain.
so that the session
can be checked and confirmed. user is recognised
honest than they were in the past. Probably there are more ‘incidents’ and punishment is
It is therefore
user-ID and of the password
In so doing, the
l
Data processing alphabet: it is now possible to purchase software together with the daily paper at the newspaper stand.
l
Benevolence of the information bodies and consequently of the public opinion towards ‘actors’ who should be considered negative: hackers, virus writers.
by a single initial, both at local
and central level with huge managing advantages for both the users themselves the security
personnel.
a number of passwords is inevitable
and (for once) for
Moreover,
each time that
have to be memorized
it
that they begin to be transcribed...
with all the resulting
A lowering of moral standards: you are personally led to believe that people are less
implications.
It is also possible to think about the administration of a smartcard capable of carrying out a number of functions which greatly increase the level of security.
l
Disinformation:
several
months
ago, for the
Michelangelo virus, a fuss was created which was as loud and useless as the bursting of a bubble of soap.
Problems to resolve l
Possibility of earning easy money: ‘favoured’ by a legislation that only recently established certain restrictions and regulations. It is hoped that certain bad practices have not become an accepted mental attitude.
l
The pleasure of transgressing: for many people a ban is almost like an invitation.
l
Recklessness and unfortunately influence data processing.
l
Indifference of the company structures: at times, also in leading companies, it is preferred to bury one’s head on the sand rather than face and begin to resolve those problems connected with security.
One of the most important problems to eliminate definitely consists of integrating the local and central authorizations in order to prevent possible economical
discrepancies management
and
to facilitate
an
of the security system.
Other difficulties mainly arise from the sector’s unruly evolution progress: the internal addition of hardware components is not always painless and it can interfere with the management of pre-existing software components. If the added user functions have to be replanned there is a risk of leaving some areas uncovered and in extreme cases it becomes necessary to make logic variations to the security system which, in turn, imply variations in the users’ behaviour.
terrorism also
The human factor As mentioned let us re-examine
at the beginning
the risk area which in my opinion
is the most critical:
the human
which I can briefly exemplify
01995
of this article,
Elsevier Science Ltd
factor. A factor
with the following:
For the time being, computer crime seems to be the result of isolated spontaneity. In the not too distant future we could be assisting the organized outcome of the phenomenon. As that stage will we be able to run for shelter or shall we be content to sadly close the gates?
19
August 1995
standby computer arrangements. These aims should be clearly identified before tests begin so that the success of the test against its objectives may be measured. Because of the complexity of the organization, it may be deemed necessary to automate the plan production using software. Software should be taken to include:
(4 Word processing software (b) Project planning software
platforms, fall-back for integrated facilities and different combinations of recovery strategies. All require to be managed to meet corporate expectations. All take time and resources to develop and maintain. All require corporate support and involvement.
EDI AND LAN FRIENDS OR ENEMIES? Silvano Ongetta
(c) Commercial packages
.
cost
There are still many grey areas which cause ‘apprehension’ for the data processing users. This article has not been written with the presumption of being able to reassure those who are a little fearful but is meant to try to analyze, though the space granted by the editor is limited, some of the most significant problems. As for other aspects of daily life, sometimes it is sufficient to get to know your ‘adversary’ a little in order to be able to confront him better and then possibly to become good acquaintances.. . if not good friends.
l
training of staff in its use (ease of use)
The risk areas
l
volume of paper produced
The risk areas are those that can now be defined as classic risk areas, and they are:
l
security etc.
Most commercial packages include elements of (a) and (b) as well as database management. It is this last element which raises the cost of the package. There may therefore be a need for greater local understanding of the package (via training) if it is to be used at various locations. Consideration should be given to the following aspects of using a package:
It should be borne in mind that there could be plans for more than one location. It should also be borne in mind that no software product eliminates the need for management commitment to the production of plans. Plans should ideally be produced in paper format. This does not prevent copies being held on magnetic media, with the proviso that a procedure to access and print the relevant plan needs to be in place. Business Continuity Planning is a growing industry. The principles of Business Continuity Planning have not changed over the last 15 years. The single recovery plan has been replaced by a series of plans for management, specific client/server system recovery, telecommunications fall-back, different computing
01995 Elsevier Science Ltd
logic access physical environment operating activities data processing continuity database human factor (a topic which will be dealt with at the end of this article) individual informatics systems’ software
15
Computer Fraud & Security Bulletin
l
application
software
l
data transmission
to which it is necessary to add areas which we normally identify with the too general term of emerging technology, and more precisely:
August 1995
l
Odette for the automotive
l
Rinet for reinsurance and certain regulations
industry
are still being ordained
in order to standardize the whole process, for example, Edifact (EDI for Administration Commerce and Transport).
l
expert systems
.
EDI
.
LAN
Let us not ponder too long on expert systems as this is still in the experimental phase and anyway at the moment not widely distributed. However, I think it appropriate to consider, though briefly, those realities which are taking over increasingly large niches and therefore which we cannot fail to ignore: EDI and LAN. EDI Electronic Data Interchange (EDI) consists of a direct exchange of data between computers of separate legal entities in a standardized format. It enables, in essence, to avoid sending the documents of a business transaction. If we want to trust those who read into the future, EDI will be the most predominant means of conducting a business in the years to come. On the other hand, there are many companies which now use EDI to move billions and the volume of commercial activities carried out electronically for sales and purchases is continuing to increase. In fact, some specialized projects have already been set up. At a European others:
As often happens, also for EDI the technology aspect has become less important, the prevailing one being that of the organization. It is therefore this latter aspect which has to be looked at with the maximum attention. Consequently, the requirement necessary for an efficient implementation system, other than technical competence, is that of introducing an organization approach which also takes into careful account the security measures. At this point, for not necessarily completely new aspects, the horizon widens. The EDI applications require to use networks which obviously have to be of open access, and thus, because of their nature, more difficult to protect. As a result, they need considerable attention. In fact, it is fundamental to:
l
Verify the identity of the connected
l
Ascertain
l
Verify that the messages integrity
l
Ensure the completeness transmitted
l
Obtain a confirmation transmission
level, we can monitor among
the relevance
The message’s Cefic for the chemical
industry
Edifice for the electronic industry
16
and data processing
company
of the message
are transmitted
of what
receipt
security
with
is being
of the said
can be guaranteed
by:
l
The sender’s authentication
01995
techniques
Elsevier Science Ltd
August
Computer Fraud & Security Bulletin
7995
Introduction of a kind of return confirmation receipt, in order to obtain the ‘non-rejection’
Establishing
times
Almost automatically this brings us to consider that of a PC is prone to so many dangers when it is a standalone, imagine what could happen to it
reliability of the of the messages
when it is connected to a network with many other PCs to which everybody can have access.
maximum forwarding
Measures to ensure the service and the availability
viruses, worms, Trojan horses, logic bombs and other data processing ‘route accidents’.
transmitted
The world of the LAN is rapidly growing: PCs have now become
Techniques reciprocal exchange
which
enable
the
so-called
recognition, moreover, the two-way of information, which change with
each transmission for the user
in an easy and simple way
local networks
EDI proposes new ways of operating, a new understanding of time and space; there is also talk of a new philosophy of life and work. Even nowadays (thanks to other data processing mechanisms) it is possible to say that for certain aspects the ‘money information’ is more important than money itself. In fact, the announcement of the arrival of a certain sum, seems already real enough to readily carry out a determined financial operation without materially being in the possession of money. For certain, it is necessary to prepare a background environment which will change our ways of operating and where different tasks and behaviour will continue to radically change. Thus, it is essential to face this area positively but with due attention and to praise all those current initiatives aimed at guaranteeing the safekeeping and a greater protection of the data, as for example, the introduction of the so-called electronic signature.
When talking about LAN we immediately think about PCs and therefore about something personal, of a friendly nature, to manage at times in an improvised way and without considering any rules and obstacles. But then we are called to look upon another reality because we remember the
01995
Elsevier Science Ltd
essential
relative
to
security
It is with this frame of mind that we an adequate
level of security
and at
the same time not reduce access to the data. In other words, data should unauthorized productivity.
be protected
necessary
medium and to be conscious always,
security
requirements
to find
a happy
of the fact that, as
is essentially
rather than a technical protection
from the
person without a negative effect on
It is certainly
a human problem
one. In concept, the LAN are exactly the same as
those necessary for a normal computer network. Complications derive mainly from the greater ‘manoeuvrability’
of the PC.
Even those who have only a superficial knowledge of the PC know that it is quite easy to interrupt
a program
systems
commands
intervene software
which
is in progress,
which
on programs products.
can
destroy
and data with
Furthermore,
minimum manual know-how
give and
various
if you have a
then with the setting
up of hardware schedules you can enter completely new world with huge possibilities. Clearly,
LAN
the
have to ask ourselves whether it could be possible to maintain
Cryptography
It is therefore
evaluate
implications.
the
and the
are proving to be more and more
useful and necessary. carefully
indispensable
this manoeuvrability
a
causes no few
problems to the defence of the data and of the applications. The fundamental role of the security manager is, as always, that of creating an effective authorization
system assigning
responsibility
for
stopping (or at least reducing to a minimum) the possibilities of violation, but most importantly to protect those who operate correctly.
17
Computer Fraud & Security Bulletin
Excluding the activation of applications and/or unauthorized commands
August 1995
Exclusion of Drive A NW: as above SW: President monitor able to control applications and
Inability of local backup and possible monitor interference with the network’s SW
ACCESS AD HOST - local protection as above - cryptographies online to host
The situations at greater risk are those connected with the an A drive which allows any disk to carry out a bootstrap: to input programs; to copy or insert data; to insert, voluntarily or not, viruses; and, as previously mentioned, give systems commands. In the case of local networks, we note that in order to achieve a satisfactory protection level, we have to almost enlarge the system to be able to limit its capacities. The areas of intervention, the means of available coverage and any problems which could arise in an articulated data processing structure at various levels are included in Table 7. Possible
In this case, the floppy disks used are only those which have been produced by the system in a standardized and ‘official’ manner. This solution automatically gives a significant protection towards viruses.
solutions
By analysing the solutions currently available on the market, we note that each one contemplates the accepted functions of security: user definition and relative authorizations, access control to both data and software, possibility of checking the systems’ commands etc. These functions are carried out by a resident application on the positions Server and Client which verify the authorizations.
18
In order to render these tests more efficient, especially protected cryptographic schedules can be added to the PC. This security device enables the data and the programs residing on the PC (for which a calculation of the authorization code is also expected) to be encrypted and above all, it ensures that the exchange of data through the A drive only works with floppy disks with encrypted programs or data.
The adoption of the encrypted schedules (and this is definitely an important factor) other than allowing for a safer local environment, protects transmission to the central system. Such a structure with said characteristics is able to satisfactorily resolve the local problems and is also the basis for overcoming the problems connected to the other aspects of using LAN components.
01995
Elsevier Science Ltd
Computer Fraud & Security Bulletin
August 7995
In the case of a connection system, it is essential
with the central
to recognise
l
the user at a
central level in order to be able to verify and check the
relative
necessary
authorizations. to achieve
the ‘propagation’
of the
less certain.
so that the session
can be checked and confirmed. user is recognised
honest than they were in the past. Probably there are more ‘incidents’ and punishment is
It is therefore
user-ID and of the password
In so doing, the
l
Data processing alphabet: it is now possible to purchase software together with the daily paper at the newspaper stand.
l
Benevolence of the information bodies and consequently of the public opinion towards ‘actors’ who should be considered negative: hackers, virus writers.
by a single initial, both at local
and central level with huge managing advantages for both the users themselves the security
personnel.
a number of passwords is inevitable
and (for once) for
Moreover,
each time that
have to be memorized
it
that they begin to be transcribed...
with all the resulting
A lowering of moral standards: you are personally led to believe that people are less
implications.
It is also possible to think about the administration of a smartcard capable of carrying out a number of functions which greatly increase the level of security.
l
Disinformation:
several
months
ago, for the
Michelangelo virus, a fuss was created which was as loud and useless as the bursting of a bubble of soap.
Problems to resolve l
Possibility of earning easy money: ‘favoured’ by a legislation that only recently established certain restrictions and regulations. It is hoped that certain bad practices have not become an accepted mental attitude.
l
The pleasure of transgressing: for many people a ban is almost like an invitation.
l
Recklessness and unfortunately influence data processing.
l
Indifference of the company structures: at times, also in leading companies, it is preferred to bury one’s head on the sand rather than face and begin to resolve those problems connected with security.
One of the most important problems to eliminate definitely consists of integrating the local and central authorizations in order to prevent possible economical
discrepancies management
and
to facilitate
an
of the security system.
Other difficulties mainly arise from the sector’s unruly evolution progress: the internal addition of hardware components is not always painless and it can interfere with the management of pre-existing software components. If the added user functions have to be replanned there is a risk of leaving some areas uncovered and in extreme cases it becomes necessary to make logic variations to the security system which, in turn, imply variations in the users’ behaviour.
terrorism also
The human factor As mentioned let us re-examine
at the beginning
the risk area which in my opinion
is the most critical:
the human
which I can briefly exemplify
01995
of this article,
Elsevier Science Ltd
factor. A factor
with the following:
For the time being, computer crime seems to be the result of isolated spontaneity. In the not too distant future we could be assisting the organized outcome of the phenomenon. As that stage will we be able to run for shelter or shall we be content to sadly close the gates?
19