Tech Tip: Windows Security, Validating Content and Volume Checksums
By Connie Anderson
Since the files in a Laserfiche repository’s volumes—images, text, and electronic files—are stored in the Windows file system, it is important to use security settings in Windows to secure that content on the hard drive. If a user can access the content through the file system, it will not be protected by Laserfiche Security, and any access or changes cannot be audited by Audit Trail. Ideally, repository information should not be accessible through Windows to anyone except those who need to be able to perform hardware maintenance; all other users should access it through the Laserfiche repository, which will use your Laserfiche security settings to determine what information they should be able to access.
If you want an additional check to verify that content has not been altered outside of Laserfiche, you can use volume checksums. Volume checksums can help you identify data loss or corruption as well as tampering. A volume’s checksum becomes invalid if any content changes in a way that the Laserfiche Server is not aware of, whether that change is due to hardware corruption or other issues, or is the result of deliberate tampering.
When you enable checksums on a volume, the Laserfiche Server uses an algorithm to create a checksum: a string of information that can be used to compare and detect changes in the volume files. When volume contents (such as image or text pages or electronic files) are modified within Laserfiche, the checksums are updated so that volume contents and checksums continue to match. However, if the volume contents are modified outside Laserfiche—whether accidentally, as with file corruption, or deliberately through tampering—the checksum will no longer match.
When a user opens a document whose contents differ from the contents the Server expects, they will be presented with a warning. In addition, administrators can verify the contents of an entire volume at once to check for mismatches or other issues. The final checksum report will list any files for which problems have been detected.
While checksums are not a replacement for a rigorous Windows security policy, they can help you quickly determine when files have been changed outside Laserfiche, adding another layer of protection to your repository.