Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

311

312

313

314

315

316

317

318

319

320

You can take various measures to reduce the chance of data loss. Secure your servers against

crackers. Keep the number of staff with access to your machine to a minimum. Hire only com-

petent, careful people. Buy good quality drives. Use RAID so that multiple drives can act like

one faster, more reliable drive.

Regardless of the cause, there is only one real protection against data loss—backups. Backing

up data is not rocket science. On the contrary, it is tedious, dull, and hopefully useless, but it is

vital. Make sure that your data is regularly backed up, and make sure that you have tested your

backup procedure to be certain that you can recover. Make sure that your backups are stored

away from your computers. Although it is unlikely that your premises will burn down or suffer

some other catastrophic fate, storing a backup offsite is a fairly cheap insurance policy.

Modification of Data

Although the loss of data could be damaging, modification could be worse. What if somebody

obtained access to your system and modified files? Although wholesale deletion will probably

be noticed, and can be remedied from your backup, how long will it take you to notice modifi-

cation?

Modifications to files could include changes to data files or executable files. A cracker’s moti-

vation for altering a data file might be to graffiti your site or to obtain fraudulent benefits.

Replacing executable files with sabotaged versions might give a cracker who has gained access

once a secret backdoor for future visits.

You can protect data from modification as it travels over the network by computing a signature.

This does not stop somebody from modifying the data, but if the recipient checks that the sig-

nature still matches when the file arrives, he will know whether the file has been modified. If

the data is being encrypted to protect it from unauthorized viewing, this will also make it very

difficult to modify en route without detection.

Protecting files stored on your server from modification requires that you use the file permis-

sion facilities your operating system provides and protect the system from unauthorized access.

Using file permissions, users can be authorized to use the system, but not be given free rein to

modify system files and other users’ files. The lack of a proper permissions system is one of

the reasons that Windows 95 and 98 are not suitable as server operating systems.

Detecting modification can be difficult. If at some point you realize that your system’s security

has been breached, how will you know whether important files have been modified? Some

files, such as the data files that store your databases, are intended to change over time. Many

others are intended to stay the same from the time you install them, unless you deliberately

upgrade them. Modification of both programs and data can be insidious, but although programs

can be reinstalled if you suspect modification, you cannot know which version of your data

was “clean.”

E-commerce and Security

ART III

286

17 7842 CH13 3/6/01 3:36 PM Page 286