Document Actions
Security
1. Guidelines for downloading softwares.
- Do not download the softwares through file sharing as they may contain some malicious softwares along with that.
- Do not download the software for which you have no license or not registered. There many sites which disturb the registered software by violating the license agreement and the users who download from these sites may get in to trouble .
- Download software only from a trusted website.
- Never download softwares through email attachment as most organizations does not send them via email attachment.
- Always maintain a backup of critical data of your system. This will help you to restore to original state in case something happened to your system while downloading.
- Though the software is downloaded from trusted site, scan the downloaded part ,before installing it in to the system.
- Read the License agreement carefully before installing the software in to the system.
- Open the downloaded files after disconnecting from the web and scan with anti virus software.
- Check the validity of the certificate and issuer of the certificate for a site from which the software is downloaded.
The first step in security is considering the physical security of the PC. Maintenance of physical security depends on the location and the budget. Some of the methods by which physical security is provided to the computers are:
Importance of securing data
- Computer locks: Now a days PC's are available with a locking feature,which contains a socket in front of the case to unlock and lock the case. This helps us in preventing unauthorized users gain access to the hardware of the PC and also it prevents them booting the system with their own floppy or hardware.
- BIOS Security: BIOS (Basic Input Output System) is a built in software which describes what a computer can do without accessing the programs on the disk. It contains a code which can control the keyboards, monitor, serial and parallel communications and some other functions. BIOS comes with a ROM chip in the computer which ensures that it will not be affected in case of disk failures.
- Many organizations now a days provide tracking and recovery services. These work with the help of software agents in the computer. Whenever a thief connects to the Internet, automatically without his knowledge IP address of the system or the phone number through which he is connecting is sent to recovery service center.
- A continuous interruptible power supply should be provided to the systems in order to prevent loss of unsaved data during power failures.
- The systems should placed in a room which is dust free and has a good ventilation to avoid overheating of CPU.
- The PC keys should be secured and not left unattended.
Importance of securing data
Data Security means ensuring that the data is free from any type of corruption and the access to this data is controlled in such away that only authorized users can access the data. Data refers to personal information regarding the individuals, bank details, etc. Hence, there is a need for everyone to secure the data so that it does not fall into the hands of unauthorized users.
There are different types of data to be secured. The procedure regarding how to secure different types of data is given below.
Shared Information :
Make sure that the shared information is accessed by the authorized users and also specify the data that should be shared and data that should not be shared by the public.
Securing data while transmission:
Securing the data while transmitting includes encryption and authentication and also the end-to-end users are authorized.
Another method of securing the data is by taking the backup of the original data in to another disk or tape. This backup helps the users to retrieve the original data in case of hard disk failures.
Securing data by disposal.
When the data which user does not require any more is deleted, care should be taken while deleting the data so that the data can not be reconstructed by an unauthorized person. Deleting the information and formating does not ensure that the data is safely deleted.
In order to delete the data permanently, some software tools are available which will prevent the data from being reconstructed. Some operating systems allow formatting command in such a way that it not only formats but also adds zero in to that place. The easiest way of deleting the data is by using wiping program which not only formats the disk but also adds some garbage data in to it.
There are several algorithms available for secure disposal.
Linux and Unix systems implement a file destruction command to protect files that contain sensitive content from being recovered by someone else. The 'shred' command overwrite the specified files repeatedly, in order to make it harder for even very expensive hardware probing to recover the data. It additionally provides the feature to shred and then delete a file from the hard disk.
Another Linux/Unix command that can be used to format a disk drive completely is the 'dd' command. When certain switches to this command are used, the entire disk is rewritten to zeros.
Tools are available at the following links:
http://dban.sourceforge.net/
http://www.heidi.ie/eraser/
http://micro2000.com/erasedisk/
Different methods of securing data.
There are different types of data to be secured. The procedure regarding how to secure different types of data is given below.
Shared Information :
Make sure that the shared information is accessed by the authorized users and also specify the data that should be shared and data that should not be shared by the public.
Securing data while transmission:
Securing the data while transmitting includes encryption and authentication and also the end-to-end users are authorized.
- Authentication is secret information that is shared between two computers before the actual communication starts. Public key encryption is another means of authentication which authenticates only the receiver and not the sender with the help of the keys which are possessed by the two systems by other means.
- Encrypting data with out a key can be easily accessed by modern computer users by performing brute force attack. So in order to protect the encrypted data the key length should be long such a way that it is not easy to guess it. Encrypting the data only ensures that the data cannot be read by the third party in an understandable format when the data has been received by them.
- Securing through web browser:Ensure that the data being sent using browser application is secured by seeing the URL. Ensure that it is using HTTPS instead of HTTP in the URL for authentication.
- Secure email programs. Secure email programs use public key encryption for sending and receiving messages. This works well when both the users are using secure email programs otherwise the user should send emails without using secure email programs.
- Secure Shell. Previously computer users used telnet application to connect to remote systems. But telnet transfers the information in clear text. To avoid this problem 'Secure shell' has been introduced which sends the data in the encrypted form. It uses public key cryptography for encryption and also ensures confidentiality and data integrity.
Another method of securing the data is by taking the backup of the original data in to another disk or tape. This backup helps the users to retrieve the original data in case of hard disk failures.
Securing data by disposal.
When the data which user does not require any more is deleted, care should be taken while deleting the data so that the data can not be reconstructed by an unauthorized person. Deleting the information and formating does not ensure that the data is safely deleted.
In order to delete the data permanently, some software tools are available which will prevent the data from being reconstructed. Some operating systems allow formatting command in such a way that it not only formats but also adds zero in to that place. The easiest way of deleting the data is by using wiping program which not only formats the disk but also adds some garbage data in to it.
There are several algorithms available for secure disposal.
- Single pass: Here the data is overwritten with 1's and 0's for only one time.
- DoD 5520.22-M Standard: This standard overwrites the addressable locations with characters and its complements and compare it with other.
- Gutmann method: This method overwrites the data for nearly 35 times and this will be done by taking in to the account various encoding algorithms used by various disk manufacturers.
Linux and Unix systems implement a file destruction command to protect files that contain sensitive content from being recovered by someone else. The 'shred' command overwrite the specified files repeatedly, in order to make it harder for even very expensive hardware probing to recover the data. It additionally provides the feature to shred and then delete a file from the hard disk.
Another Linux/Unix command that can be used to format a disk drive completely is the 'dd' command. When certain switches to this command are used, the entire disk is rewritten to zeros.
Tools are available at the following links:
http://dban.sourceforge.net/
http://www.heidi.ie/eraser/
http://micro2000.com/erasedisk/
