Integrity
System and data integrity includes assuring that the computer and data are physically secure from harm or unauthorized assess and use. First, the hardware is safe from the elements and unauthorized physical entry such as component removal or hardware theft. Next, the hardware is physically located in an area that is reasonably clear of dust and lint. (Remember, computers attract dust better than any dust mop.) Canned air may be one of the best security devices to have at this level.

Second, the is computer reasonably protected from electrical power outages and surges. San Antonio’s power grid is susceptible to power fluctuations or outages. We are also prone to Texas thunderstorms with great potential for huge electrical spikes. Computers and monitors do not care for even the slightest electrical power fluctuation. The most basic security layer to apply in this element is installation of a high quality electrical surge protector. The next layer should include an UPS (Uniterruptible Power Supply). UPS components contain both surge protection and battery supply capability. Smart UPS systems can be connected to the computer via a serial port and establish communication with the computer to shut it down in case of long term power loss. American Power Conversion and Tripp Lite each make both types of electrical protection devices. Thunderstorm protection is a special case and should be addressed as such. Remember that lightning strike power surges contain voltages larger than any surge protector or UPS can ever hope to contain. Therefore, computer integrity should include unplugging the computer and all of its other outside line connections during every thunderstorm. Remember the POTS (Plain Old Telephone Service) line to the modem and unplug it as well. Those with SOHO networks must remember to unplug the power supply to the hub and router/Terminal Adapter.

Notice that we have not addressed any data integrity issues yet. Data integrity implies that the data on the computer will be available and usable on demand within the access limits of the computer. It also implies that the computer functions mechanically and through it’s operating system (OS) without problems so that the data contained therein is intact and available for use. These are large implications for most home or small business computer systems. Since the OS is a given for most of us and most likely is Windows 95/98, our OS security options are few. Other OS systems offer more levels of data security at the local computer.

Linux, Windows NT, and Windows 2000 are capable of file and directory level security. Windows 95/98 offers security at the shared resource level only. The local Windows 95/98 computer can be accessed by anyone. There is no built-in password security to keep unauthorized users from accessing the local machine. Windows 95/98 can be controlled at the network share level and has three shared access control levels, Read-Only, Full, and Depends on Password. There may be third-party machine access security level applications that can be used in Windows 95/98. I have not researched these application. Windows 95/98 machines can be used in networks controlled by Windows NT and Novell NetWare. These OSs can provide the Identification and password access for the network. Windows NT offers user ID and Password security. This means that in order to use data stored in an NT environment, the user must have authorization to even log onto the NT network. The data generated and stored within the NT environment can be controlled at the directory and file level. All of this is to say that for most of us, the OS plays a great part in providing access or denial to data at the local machine. SOHO computers and networks may be open to unauthorized data access simply due to the OS. Unauthorized users simply need to insert a floppy in the Drive A and copy the data to it. 

Windows 95/98 data files can be hidden by selecting the Hidden Attribute button from a right click of the file and selecting Properties for the file. This can add to security for valuable files on a Windows 95/98 machine being used by more than one person. However, remember that the Hidden file attribute can be turned on or off by anyone who has access to the computer.

Reliability and availability
System and data reliability implies that the local computer and network, if installed, work each time it is called upon to do so, i.e., the local computer works and the data accessed is available and without errors. System and data availability goes hand-in-hand with reliability. The computer and the data desired must be available.

Reliability in the computer means that it works and there are no hardware or software problems. Periodic hardware maintenance contributes to the reliability. Pulling the covers off of the CPU case and blowing the dust out will contribute to its reliability. Knowing how to replace failed components contribute to machine reliability as well. Periodic hard disk drive maintenance contributes greatly to data reliability. Routine Scan Disk and Defragmentation utility operations from within the Windows 95/98 OS keep data from being lost or corrupted. Windows NT 4.0 disk maintenance should be done from third-party utilities like Diskkeeper. Other third-party utility programs work with Windows 95/98 and Windows NT as well, one example being Symantec Norton Utilities.

Scan Disk and Disk Defragmentation can be reached from within the Windows 95/98 OS from two directions. One is to open the My Computer icon and right click the selected HDD. Select Properties from the pull-down menu and select the Tools tab. Follow the directions for each of the buttons found in the three sections of the tab. Do this at a time when you do not need the computer because it takes some time to complete. The second method is to use the Start|Programs|Accessories|System Tools|ScanDisk and/or Disk Defragmentation utilities. These are the same as those found on the tab in the above right click of the HDD. Disk scan and defragmentation should be done on a regular 30 day cycle. It can be set up in Windows 98 to run at regular intervals automatically. I do not do automatic things in my computers.

The data remains basically reliable when good Save practices are done. Give the files being worked on a name and place the saved copies in a known sub-directory (sub-folder). Develop and use the same operating technique for naming and saving all data files to cut down on the searches that must be done to find what is wanted.

The next level in assuring that data reliability is maintained is to Back Up the data files regularly. Backing up can be accomplished by one or more methods. The most traditional backup method is to copy data files to a floppy disk. There are time and data file size limits to the floppy disk, but it works without any problems and is a straight forward way of backing and retrieving data files.  Everyone knows how to use the A:\ drive. The next most traditional method was using tape backup via a tape backup I/O drive device. I use a Seagate tape backup drive in my NT server. The tape cartridge contains 8 GB of data room and is adequate to record each of my HDDs on the server. I regularly conduct a tape backup of data stored on the server and store the backup cartridge in case of server failure. The data on the tape can be restored to my server HDDs. Both of these backup methods are only as accurate and current as the last backup.

An up and coming method of backup is to use a CD-RW drive device. This type CD-ROM drive provides the capability of creating one’s own CDs. One version is a CD that can be re-written. The backed data files are written to the RW CD just as a tape cartridge is written to, then if needed, the data can be restored as necessary.

The next level of data reliability using a backup technique is to have the data mirrored (copied) to an identical HDD, either by the copy command or via a SCSI or IDE RAID controller. The HDDs need to be identical and formatted alike. The IDE RAID 1 controller automatically in real time. If there is a failure or other need to obtain the data from the mirrored HDD, it simply need be accessed and copied back to the original location. The use of two HDDs and the Copy command will accomplish the same result, but take longer to get data retrieval.

A safer data reliability capability is to have the data stored in different computers on a SOHO network. The data from each machine on the network is copied to another machine as a backup. If a server is involved, then the data is copied to the server and stored on its HDDs. This is a good way to backup all the data on a SOHO business network as only the data on the server need be backed up.

This article has now covered a primer for making data available and reliable in one’s local computer or SOHO network. Notice that we have not addressed the element of security directly at all yet. Security involves restricting the data on the local computer to authorized use. Security is really all of the above plus adding restrictions to keep the data intact and ready to use. Restrictions start by including identification and passwords for use of the machine and the data contained therein. Identification (ID) is the name of the authorized user. The password (PW) is the second half of the security equation. A user ID and password are the two basic functions of data security. Security capable network operating systems all contain these basic functions. Windows 95/98 is network capable, but not security capable, as is Windows NT, Novell NetWare, and Linux. NT/Windows 2000, NetWare, and Linux all have the capability of effecting user ID and password, making the local machine unavailable to unauthorized users. Windows NT based networks can make the computers including Windows 95/98 machines have to correctly authenticate the user ID and password to log onto the network for example. By-passing the NT logon window on the Windows 95/98 machine will allow the unauthorized user to start and use that computer, but that user will be restricted from using or gaining access the NT controlled network. As pointed out above, the Windows 95/98 computer restrict network access to it’s HDD by opening the HDD Properties window and selecting the Sharing tab. Network access is then regulated in one of three ways, Read-Only, Full, or Depends on Password. Selecting Depends on Password requires that a password be generated by network users to access the HDD. Remember that the basic way to keep network users out of the HDD is not to share it. Windows NT/Windows 2000, NetWare, and Linux all can restrict user access to the directory and file level. This is accomplished from within the OS.

Conclusion
This article has expanded itself into a two-parter. I have covered some of the basic techniques of the four elements of security to making our local computer more reliable and secure. Next month, I will conclude this article with some thoughts on virus protection and Internet intrusion to round the whole theory out.