How to check and verify file integrity

What does it mean to verify file integrity?

Attacks or accidental corruption can introduce invalid files into a content repository, and verifying file integrity can identify them. In this process, content security teams compare a file's digital signature or hashed content with known values to ensure the files weren't altered or corrupted.

Some manual processes and automated checksum validation might not detect changes in a file, so corruption can lurk beneath the surface. Content security teams can validate a digital signature or use a cryptographic checksum, in which they run a hash algorithm against the file, to verify file integrity.

Validation enables teams to find any changes to the file itself -- such as file deletion, edits or movements -- or unauthorized access. These changes can reveal a prior intrusion from start to finish or reveal a larger attack that is underway or that a team is investigating.

Steps to check and verify file integrity

Because content migration provides a before and an after, content security teams can compare files from each phase to help validate them. Teams can ask simple questions to start validation, including the following:

A plan to verify file integrity for files and critical data can help preserve system and data health.

• Based on a comparison of file names, do all the expected files show up?
• Do the files have the same checksum?
• Is the metadata identical? Or does it differ only where required, like accommodating differences in repositories?

However, these questions can't fully verify if files remained untouched. To fully verify file integrity, teams should take the following steps.

Evaluate what cybersecurity standards to follow. Depending on the industry's best practices, organizations may need to comply with security standards, including the following:

• Payment Card Industry Data Security Standard
• Sarbanes-Oxley Act
• NIST Cybersecurity Framework
• Center for Internet Security Critical Security Controls
• North American Electric Reliability Corporation Critical Infrastructure Protection

Compliance with broader privacy requirements, such as HIPAA and GDPR -- which may not specifically call out file integrity -- can help organizations learn how to validate files.

Choose a file verification process and tools. For the verification process, teams could use cryptographic hashes or automated metadata validation, such as ensuring the file extension, size, version, creation and modification date, last user ID and any other metadata have not changed. Teams could also generate and compare digital signatures on files.

The tools that teams choose depend on the verification process. Security firms, such as Kaspersky Lab, Qualys and McAfee, and analytics providers, such as Splunk, offer relevant tools for this process.

Choose the files to verify. As digital assets grew immensely over the years, content teams lost the ability to monitor each file's integrity. Teams should choose a collection of files critical to business operations or that contain sensitive personal, health or customer data and focus verification efforts on that content.

Start small and repeat. When teams first learn how to verify file integrity, they must experiment with small subsets of files to ensure they see changes where necessary and the file integrity checks don't strain network or system performance. Teams should balance compliance and verification with performance and usability.

Learning how to check and verify file integrity ensures systems remain compliant with security and data standards and reduces the risk of catastrophic attacks, such as ransomware. Content security teams must add file validation to their critical operations.