spam 236353 Some Reflections on the Reality of Computer Security U by Robert J Honyok H215 long with the tremendous growth of our computer usage in recent years we have become aware that we need security measures that will protect the computer databases and associ ated programming we have developed a host of techniques and plans in response to this need iscludiog access restrictions passwords audit trolls etc Security off- icers have been generally enthusiastic in carw tying out these measures As a result the usera have insisted that the resulting aecu rity of their systems is ironclad and invuloerable On paper their claims seem valid but beneath those claims is a reality that belies this security Here I should establish two points First this paper is a personal impression of computer security practices It is not an analysis of particular security modules equipmcoto or kernels nor is it intended to be exhaustive in scope The sin is to illu8 trate the human factor shortcomings I have encountered examples of which all occurred on computer systems having one or more security measures di ldsecood my observations are based on more than two years' work is the organize- tioo where I was involved in evaluating the security frameworks of various computer sys- tems used by HSA Don other federal agencies and by contractors I helped develog the Comm outer Security Survey System CS which became a major tool in analyzing the security elements of these systems CS provided a prioritized coherent and quantitative method of evaluating computer system security The use of CS provided for me the first inklings of the reality of computer security practices U Just what is the reality of computer scourity The reality is that computer secuw rity measures are often undercut by user orac tices and leoo thsn-edequate implementation There are three elements to this reality that I have observed To a degree they are interactive They all have one trait in com moo they are not obvious in a system level review 481' ve ecurit ractices vs a on ten level security measures The user does not fully use the security meas- ures that are available on the computer eys too Some techniques like audit trails are now controlled by the system and operated with the user ordinarily unable to intervene alter or negate them But some measures by their nature allow the user much latitude The most common case I encountered was with passwords Sosa systems levied length requirements for passwords some did not Source and randomness of passwords were ill- defined The result of course was that while everyone had passwords they could be too few characters predictable and often kept in accessible places In one office we visited the operators had taped their pass- words to the terminals In another system unauthorized persons were given passwords for special projects At best such practices can be labelled sloppy at worst they are an outright invitation to compromise User security practices are dictated not by the classification level of the data but by the perception of the threat unexpected This was probably the most phenomenon I encounteredwmalmoat a reversal of conventional security imperatives while some users who handled sensitive data in their JunemJuly 82 Page 23 opcxoz 4009349 ODDS AND ENDS U I is the time of the year for coming and going so a word about the distri- bution of CRYPIOLOG might be useful distribution is to organization and to individuela within the NSA heedquar tors and to organization only nursing the immediate area of the headquarters Because of the technical nature of the various artle ales and items in it should not go outside the technical community Even artin clee that are marked as UNCLASSIFIED should not be taken outside the work area cleared by X30353 or 688 6524 see May 1982 page A fourth paragraph 80084 When subscribers move to a job ontw side the headquarters area we can send the magazine to the organization but not to the individual When on return a phone cell or note Room 8A177 x336 s will get you ac on the distribution list by we U Until now the month that each LDC issue carries on the cover has been the month we go to press but this hao been confusing to some because the readers didn t see the issue until the following month Thus the April issue didn't appear on vour desk or wherever you get your nail until Hey So this issue becomes the Juno July isoue and future issues will carry the name of the month in which we hope they appear H We have been sending each issue to the printer somewhere around the middle of the month and the process of printing and distri- buting has been taking about a month This means that our deadline for material is roughiy the 10th of the month give or tako a day for intervening weekende If you want to get Something into a specific toauo give no a call and let us know how much space to hold for you Solution to HsA-Crostic No 40 Carpa March 982 '2 It is frightening to contemplate the amount of time we NSA employees sgend in meetings There are staff meetings at all echelons meetings to sol e a particular problem club meetings and eVen meetings to find reasons for more meetings 'Ho s at a meeting' is all too frequently heard on the other end of a phone call 9 unleaa v From at CARONA 7 Subject Editorial nonment To eryptolg at barlc65 cc pht a1 U Just received my May 1982 issue of and read with suprise the editorial on moving 1 would like to share with you my theory on the need to keep moving within the Agency Clearly there is at least one too many organizations in the Agency Therefore it is imperative to keep One organization in a moving van or stacked in the halls at all times I am astonished that in all your years at HSA you have not reache this some logical explanation BSA in a giant version of one of those puzzles that have 35 numbered sliding pieces with one blank hole SOHEGNE is trying to get all the officas into numeric order but the speed with which we reorganize around here constantly frustrates THEIR efforts and causes the constant moving we MUST ENDURE Thank ou 8 phcharona P L June-July 82 Page 25 86 36 86m36