The special “In Depth” feature on security in the June 1989 issue of Byte magazine consists of four articles and a resource listing.
“How Safe Is It?” by Martin Kochanski provides an overview of the topic, discussing issues including security standards, network security, and user transparency. This article reviews common techniques used on DOS-based microcomputers, which provide security only against the very ignorant computer tamperer.
“Secret Codes,” by Asael Dror, provides a description of common cryptographic techniques. Included are brief reviews of the data encryption standard (DES) and the RSA public key method.
“Know Thy Viral Enemy,” by Ross Greenberg, not only defines common viral situations well, but provides a readable and comprehensive listing of almost all known virus types. If you have never heard of the Pakistani Brain Virus, this is the place to look. An accompanying text box by Janet Barron discusses two Mac viruses.
In the final article, “Personal and Private,” Peter Stephenson reviews some microcomputer security devices and programs. Two following pages contain a very good listing of security hardware and software, including vendor names, addresses, and telephone numbers.
Security considerations are too frequently overlooked in the design and implementation of computer systems [1]. Security means more than passwords for accessing certain files or system functions, as this collection of articles makes clear from the start. Encryption of data adds another level of security against the release of information that should be kept confidential.
Security does not stop here, however, and unfortunately this special section leaves out detailed discussion of other important security topics. For example, physical security of the hardware is important. Should there be physical restrictions on access to particular hardware components? An additional overlooked factor is security of valid system output. For example, how many copies of a report are printed and how is the distribution of the report controlled? Finally, what security training should be given to programmers and operations personnel? A good systems design will address these questions. The Byte special section does not.
These are criticisms of what is missing, however, not what is covered. The coverage, primarily directed to data security and encryption on microcomputer systems, is thorough and accurate. One might quibble here and there: for example, the discussion of DES omits the hardware requirements for full DES implementation and the suspicion of many experts that the National Security Agency (NSA) has the ability to decrypt any DES-encoded stream. But these are mere quibbles. Data security is covered completely, and Greenberg’s article is particularly lively and readable. The practical orientation of all the articles is apparent, and the two-page vendor list might be worth the price of the magazine.
I highly recommend this special issue as an introduction to the topic for the general reader. For further details, readers might consult a text on the subject, such as Pfleeger [2].