Biomedical Engineering Reference
In-Depth Information
Security
Network security is an increasingly important factor in bioinformatics because of the central role that
online databases, applications, and groupware such as e-mail play in the day-to-day operation of a
bioinformatics facility. Opening an intranet to the outside world through username and password-
protected restricted access may be the basis for collaboration as well as a weak point in the security
of the organization. In addition, because many biometric laboratories are involved, even if indirectly,
with applied genomics, there is a group of politically active opponents to this research. The computer-
savvy members of these activist groups represent a potential threat to network security.
Every network presents a variety of security holes through which potential hackers and disgruntled or
simply curious employees can implement random threats, such as viruses. Many of these threats are
network- and operating system-specific. For example, Microsoft typically announces a service pack
within a few weeks after the introduction of a server-based operating system to patch security holes
discovered by users.
The most secure method—physical isolation from outside networks—isn't usually a viable option.
Even a closed network without dial-in or any other wired access to other networks can be breached
by someone with enough motivation and time. For example, wireless networks are notorious for their
potential to disseminate data to nearby listeners. A hacker with a high-gain antenna, receiver, and
laptop computer can monitor wireless network activity from a mile or more away. A similar setup,
configured to a slightly different frequency, can be used to reconstruct whatever data is displayed on
a video screen, including username and password information. Every cable, peripheral, and display
device emits a radio frequency signal that can be captured, amplified, and read. For this reason,
computer facilities used by military contractors are frequently located in shielded, windowless rooms
that minimize the chances of the radiation emitted from a computer reaching someone who is
monitoring the building.
Although it may be practically impossible to maintain security from professional industrial spies, a
variety of steps can be taken to minimize the threat posed by modestly computer-savvy activists and
the most common non-directed security threats. These steps include using antiviral utilities,
controlling access through the use of advanced user-authentication technologies, firewalls, and, most
importantly, low-level encryption technologies.
Antiviral Utilities
In addition to threats from hackers, there is a constant threat of catastrophic loss of data from
viruses attached to documents from outside sources, even those from trusted collaborators. The risk
of virus infection can be minimized by installing virus-scanning software on servers and locally on
workstations. The downside to this often-unavoidable precaution is decreased performance of the
computers running antiviral programs, as well as the maintenance of the virus-detection software to
insure that the latest virus definitions are installed.
Authentication
The most often used method of securing access to a network is to verify that users are who they say
they are. However, simple username and password protection at the firewall and server levels can be
defeated by someone who either can guess or otherwise has access to the username and password
information. A more secure option is to use a synchronized, pseudorandom number generator for
passwords. In this scheme, two identical pseudorandom number generators, one running on a credit
card-sized computer and one running on a secure server, generate identical number sequences that
appear to be random to an observer.
The user carries a credit-card sized secure ID card that displays the sequence on an LCD screen.
When a user logs in to the computer network, she uses the displayed number sequence for her
