One thousand attacks a day. That's how many times hackers poke, prod, and attempt to break in to the official Salt Lake City Web site, says Michael Johnson, chief systems engineer at Salt Lake City Corp., the city's support organization.

Just before the 2002 Winter Olympic Games, Johnson sought a way to increase the security and integrity of the site beyond its firewalls, intrusion-detection, and antivirus systems. Johnson wanted to avoid embarrassing Web-site defacement as millions of visitors flocked to the site for game information, and he also was concerned about more clandestine types of hacks: subtle changes to press releases or the locations and times of posted events. "It could take a while for us to determine minor changes with big impact," he says.

Johnson installed Lockstep Systems Inc.'s WebAgain security software, which scans the site for altered files. When WebAgain finds any unauthorized changes, it immediately restores the proper pages. "Because of the Olympics, we became a higher-profile site," he says, so the city will continue to use WebAgain to protect content integrity. The site, http://www.slcgov.com, provides information about Salt Lake City for visitors, residents, and businesses.

Throughout the day, WebAgain searches for any unexpected date and time changes to the site; it periodically scours each page, searching for changed or added content that isn't approved. Administrators with the appropriate access rights can tell the software that the changes they're making are legitimate.

The added layer of security may seem like paranoia, but consider this: 38% of respondents in the most recent Computer Security Institute/FBI study say their Web sites suffered unauthorized access or misuse within the last 12 months, up from 23% in 2001. And more than 30,000 Web sites were defaced last year, says risk-management company mi2g software in London.

"You can never be too secure," Johnson says. "And even that's not enough."