Office Defence 101



A small office, such as a travel agent, may face

It must be prepared for difficulties such as

Any data protection system to deal with the above challenges must include

Encryption of and restricted access to sensitive data such that third parties cannot use it, but incompetent staff who lose codes can retrieve them

Instant local redundancy in case of failures, so not a precious moment is lost

Instant remote redundancy in case of Global Thermonuclear War, because you still want to visit Disney World

Instant archiving so that a previous valid backed up state can be restored in case of incompetent staff forgetting to run a virus checker

Complete automation rather than trusting the job to the staff

Instant Local Redundancy :

There are various ways of achieving this, such as redundant disk arrays, and error correction codes, but the question to ask is, what happens if a bomb goes off and wipes out your server? City firms have responded to the IRA by duplicating their systems. If the network goes down,the staff go next door, and use the mirror server and terminals there. So, use extra servers to mirror each other, and make the staff use the network for data.

Instant Archiving :

For archive media to be mounted automatically, either some sort of robot or a jukebox is needed. After special consideration ( = "Go for the cheapies, Reginald old boy!") choose a jukebox. In order to stop data being destroyed by incompetent staff, some sort of write-once media is needed. Then, whatever rubbish collects on the media will at least not overwrite old, valid data. Thus one can use CD-WORM effectively here. It has the special advantage that WORM drives are compatible with other CDs. Note that the index may well need its own dedicated drive, like in the IPO CD library, in order to speed up access. Hard Drives could also be used by the OS to cache disk accesses.

Restricted Access

Let the Network OS keeps a list of encrypted passwords, and encrypt passwords as they are typed in at terminals. Let it compare to entries in this list, no unencrypted passwords get passed around the network. This makes it more secure. Of course, eavesdropping is harder if fibre optics are used to implement the network, because electronic methods can't be used to listen to them. The line must be cut open and the light signals monitored. The communications protocol could be designed so that if someone cuts the line to intercept the transmission, this is detected. For example, transmit a dud signal: a pulse train that's always on. If it ever switches off, the line has been cut. A pretty high powered scheme would be to keep passwords for each directory, or even each file, rather than for each user.

Remote Redundancy And Encryption

Public key cryptography can be used not only in transmission of data between remote servers but in their storage as well. PKC relies on a transform that is quick to do, but whose inverse function is computationally infeasible. Given (a), such that f(a) = A, or (b) such that f(b) = B, the code is designed such that to break the code, knowledge of a and B, or A and b, is needed. A and B are insufficient. Two remote servers transmit a transformed code to each other and store these on backing store for each file, but keep their own original codes in volatile memory, and also encrypted on their counterpart's backing store. In other words:

Server 1 has

while Server 2 has

If Server 1 loses code (a)

Server 1 may cease operating due to power failure. This may occur while a thief is trying to steal it. The original code is wiped from volatile memory. The thief now has codes A and B on hard drive, which won't let him read the data.

This system will not prevent someone with the right passwords gaining access to the data while the system is still plugged in, but not very much can except physical checks such as padlocks and security agents and guards dogs...

A note on International Business and The Internet :

These two don't mix. If you really want to, the measures outlined above are as good as you can get, though one can try permutations such as multiple encryption. In the end, its better to use the secure proprietary business networks that have been in use since the sixties than the as-yet- untested Internet, which was just an obscure academic toy until Mosaic was written.


It has been proved mathematically that no one program can take out all viruses. Viruses employing sophisticated stealth mechanisms, such as Tremor, may wreak havoc before being detected, and user data may be unrecoverable. The scheme outlined above may restrict the damage, but the virus could still attack data written since the infection causing serious damage to the company. Prevention is better than cure.

The only way to be surely protected is to keep all executable files of any sort, including binaries, shell scripts, OS code, word processor macros etc on CD-ROM acquired from trusted software suppliers. It is irresponsible and probably unnecessary behaviour to introduce electronic information from a dubious source, or which you don't fully understand, onto a network on which other people's livelyhoods depend.

If staff can neither be trusted not to use executables downloaded from some web site, or via email, or on a-friend-of-a-friend's disk, and nor to cold boot from OS disks and run an up-to-date virus checker, the management MUST restrict their options.

Possibilities include keeping the OS and most other data on CD-ROM, which is slower than hard drive but less easy for the staff to damage, (and already advocated in this article, ) or restricting user network access to the bare minimum needed to complete a given project, such as access restricted to only a couple of Megabytes of current files at a time. This way, any viruses introduced will not spread. Thus, while DOS or UNIX may be good enough for the terminals, the network servers should ideally be running an OS with advanced protection facilities.

Compression and Consolidation:

It is possible for each day's current disk to be dropped into the archive jukebox at the end of the day, though considerable space may be saved if duplicated data is not stored, and rarely used data is compressed. However, note that a software process must be set up to do this automatically, and that more complicated hardware provisions could be required.


Most of the automation techniques mentioned above could be implemented by custom written UNIX processes for compressing, backing up, indexing and encrypting. Very little special hardware is needed. There are problems trying to set up such a system today, however. Most small offices do not have the capability to create such software in house, and they would have legitimate worries about buying commercial software potentially containing bugs, which might do more harm than good...

Already, UNIX packages come with back up tools, and CD drives are dropping in price while increasing in speed and capacity. Software and hardware continues to improve, so one day soon the type of system outlined above may come as standard with computer systems, just as disk optimizers and 500 Megabyte hard drives come as standard with PCs today.


The inspiration for this article comes mainly from interviews with business people, who would not wish to be named. Try the following people in college:

Please send your suggestions to Ali Anvari