Hackers have to be aware of the hazards of being caught: there is
now a new profession of computer security experts, and they have had
some successes. The first thing such consultants do is to attempt to
divide responsibility within a computer establishment as much as
possible. Only operators are allowed physical access to the
installation, only programmers can use the operating system (and
under some of these, such as VM, maybe only part of it.). Only system
managers are permitted to validate passwords, and only the various
classes of users are given access to the appropriate applications
programs.
Next, if the operating system permits (it usually does), all
accesses are logged; surveillance programs carry out an audit, which
gives a historic record, and also, sometimes, perform monitoring,
which is real-time surveillance.
In addition, separate programs may be in existence the sole
purpose of which is threat monitoring: they test the system to see if
anyone is trying repeatedly to log on without apparent success (say
by using a program to try out various likely passwords).
They assess if any one port or terminal is getting more than usual
usage, or if IDs other than a regular small list start using a
particular terminal--as when a hacker obtains a legitimate ID but one
that normally operates from only one terminal within close proximity
to the main installation, whereas the hacker is calling from outside.
Increasingly, in newer mainframe installations, security is built
into the operating system at hardware level. In older models this was
not done, partly because the need was not perceived, but also because
each such 'unnecessary' hardware call tended to slow the whole
machine down. (If a computer must encrypt and decrypt every process
before it is executed, regular calculations and data accesses take
much longer.) However, the largest manufacturers now seem to have
found viable solutions for this problem....
No comments:
Post a Comment