Computer Architectures and networks

1
Computer Architectures and networks

• Lecture 9- Data Security and Integrity
• Tom Berry and Abir Hussain

2
Contents

• Data integrity
• Increasing data integrity
• Validation checks
• Data security
• Keeping data secure from fraudulent use or
  malicious damage
• Summary

3
Previous lecture

• A protocol is most easily thought of as a set of
  rules for doing something.
• Each protocol defines a set of behaviours that
  are both acceptable and unacceptable.
• We talked about Radio and satellite broadcasting,
  the token ring and the Ethernet

4
Introduction

• Data integrity refers to correctness of the data.
  Data held in computer system may become
  incorrect, corrupted or of poor quality at
  different stages of processing
• Errors on input
• Data keyed in may be wrongly transcribed.
• A batch of transaction data go astray.
• Data could be keyed in twice by mistake.
• Errors in operating procedure
• E.g an update program could for example be run
  twice in error causing a master file be updated
  twice.
• E.g wrong master file used in processing.
• Program errors
• Could lead to corruption of files - new system
  errors may not appear for some time.
• During modification code may be inserted for
  criminal purposes.

5
Data integrity

• Errors in data transmission
• Interference or noise in a communications line
  may cause bits to be wrongly received.
• Error detected by transmitting parity bit with
  code for each character and a checksum with each
  block of data.
• Out of date master files
• Master files which are not regularly updated will
  mean the data may become out of date
• E.g a database of patients at a doctors surgery
  will rapidly become inaccurate if it is not
  regularly updated
• Viruses
• Files can be corrupted or deleted if a disk
  becomes infected with a virus

6
Question 1

• Name
• some applications which use direct data entry,
  eliminating the need for keying in data and
• Applications which require data to be keyed in.

7
Answer Q1

• Question 1
• (a)    Supermarket checkout. Prices are
  automatically entered from barcode.
• (b) Telephone booking system for e.g. hotel
  reservations, airline tickets. Customer details
  must be typed in.

8
Increasing data integrity (1)

• Standard clerical procedures may be documented
  and followed for both input and output.
• Input
• Data entry must be limited to authorised
  personnel only
• In large volume data entry, data may be verified
  (keyed in twice by different operators) to guard
  against keying errors
• Data control totals must be used wherever
  possible to verify the completeness and accuracy
  of the data, and to guard against duplicate or
  illegal entry

9
Increasing data integrity (2)

• Output
• Should be inspected for reasonableness and any
  inconsistencies investigated
• Printed output containing sensitive information
  should be shredded after use

10
Validation checks (1)

• Almost every field in a database can have some
  type of validation to ensure that data entry is
  accurate.
• Presence checkCertain fields such as customer
  number, item code, quantity etc must be present.
• Format check (also called picture check)e.g.
  code may have a pattern of 2 letters followed by
  4 numbers. The quantity and price must be
  numeric.
• Range checkA card expiry date must have a month
  number between 1 and 12, and date must be after
  today

11
Validation checks (2)

• Specific optionse.g. Sex (M / F)
• File lookup checkIf the customer has filled in
  their customer number, the computer can look this
  up on the customer file and display the name and
  address. The data entry operator can check that
  it tallies.
• Check digit (described later)
• Batch header checksTotal number of records in
  the batch should be calculated and compared with
  batch header

12
Check digits

• Code numbers such as a customer no., employee no.
  or product no. are often lengthy and prone to
  error.
• One way of preventing these errors is to add an
  extra digit to the end of a code number which has
  been calculated from the digits of the code
  number.
• In this way the code number with its extra check
  digit is self-checking.
• Best-known method of calculating check digits is
  the modulus-11 system, which traps over 99 of
  all errors

13
Check digits (2)

• 1.  Each digit of the code number is assigned a
  weight. The right hand (least significant)
  digit is given a weight of 2, the next digit to
  the left 3 and so on.
• 2.  Each digit is multiplied by its weight and
  the products added together.
• 3.  The sum of the products is divided by 11 and
  the remainder obtained.
• 4.   The remainder is subtracted from 11 to give
  the check digit. The two exceptions are
• If remainder is 0, check digit is 0, not 11
• If remainder is 1, check digit is X, not 10

14
Example

• To calculate the check digit for the number 1587
• Original code number 1 5 8 7
• Weights 5 4 3 2
• Multiply digit by its weight 5 20 24 14
• Add products together 5 20 24 14 63
• Divide by 11 5 remainder 8
• Sub remainder from 11 11 - 8 3
• Check digit 3. Complete code number is 15873.

15
Check Number

• To check that a code number is valid, it is not
  necessary to recalculate the check digit
  completely.
• If the check digit itself is assigned a weight of
  1, and the products of the digits (including the
  check digit) and their respective weights are
  calculated, their sum will be divisible by 11 if
  the check digit is correct.

16
Data security

• Maintaining data security means keeping data safe
  from hazards to which it may be subjected. These
  include-
• natural hazards - fire, floods, hurricanes or
  earthquakes
• deliberate corruption or destruction of data by
  malicious or terrorist acts
• illegal access to data by hackers
• accidental destruction of data by hardware
  failure or program or operator error. 

17
Question 2

• Suggest measures to minimize the danger of loss
  of data from natural hazards.
• Fire alarms, smoke detectors, halon gas
  extinguishers.
• Sensible citing of computer and backing
  store - e.g. not in basement on river bank.
• Daily backups stored in fire-proof safe, complete
  backups stored off-site.

18
Keeping data secure from fraudulent use or
malicious damage

• Data may be at risk not only from outside
  hackers but from employees within the company.
• Organisations exposed to the possibility of
  fraud, corruption of data by disgruntled
  employees or theft of software or data.
• Measures to counteract these risks include
• careful vetting of prospective employees 
• immediate removal of employees who are sacked or
  resign, and cancellation of all passwords and
  authorisations.
• separation of duties ie trying to ensure that
  it would take the collusion of two or more
  employees to be able to defraud the company. Data
  preparation, computer operations other jobs
  should be separate, with no overlap of
  responsibility.

19
Measures to counteract risks (2)

• Prevention of unauthorised access by employees
  and others to secure areas, by means of machine
  readable cards or badges or other types of locks.
• Use of passwords
• Educating staff to be aware of possible breaches
  of security. This can include politely
  challenging strangers, not leaving output lying
  around, machines logged on, or doors unlocked.
• Appointing a security manager and using special
  software which can monitor all terminal activity
  as used at CSGS.

20
Password protection

• Most password schemes use tables to store the
  current password for each authorised user.
• Tables will be stored on disk and will be backed
  up along with other vital system files
• Password lists should be stored in encrypted
  form.

21
Data encryption

• Cryptography takes a message in ordinary
  language, called plain text, and transform it to
  produce ciphertext.
• Receiving computer uses another transformation to
  decode the message.
• Classical ciphers use transposition or
  substitution.
• In a transposition cipher the letters are
  rearranged.
• E.g. message could be written in grid row by
  row, and then read out column by column. 

22
Example

• The sentence MEET ME TONIGHT AT 8 could be
  written in a 5 x 4 grid
• M E E T M E T 0 N
  I G H T A T 8
• and sent out as
• MMNEEIAEGTTTH0T8

23
Other security measures

• Passwords only effective if used properly
• Other methods of identifying authorised users
  include-
• fingerprint recognition
• voice-recognition
• face recognition
• Retinal recognition
• One system uses an infra-red scanner to capture
  the unique pattern of blood vessels under the
  skin,
• can even differentiate between identical twins by
  comparing the scan with the one on disk stored
  for each person.

24
Summary

• Data integrity refers to correctness of the data.
  Data held in computer system may become
  incorrect, corrupted or of poor quality at
  different stages of processing.
• Cryptography takes a message in ordinary
  language, called plain text, and transform it to
  produce ciphertext.