Introduction
Data Security is a term used to describe how our data is protected and managed in a safer manner. The Security of our data has a become a very popular subject in the last years, this due to the fact that technology keeps evolving everyday and new forms of attacks are being created as well. To counter and prevent such attacks, new methods to secure our data need to be created and this is where the Data Security comes into play, creating new hardware and software to home and business users so their data can be maintained safe. Whole Disk Encryption
When we talk about whole disk encryption, means taking an entire volume and encrypting the data on it with coding algorithms that make it unreadable to anyone trying to steal it or protect it in the case of accidental loss. Whole disk encryption encrypts every single file on the disk, if this disk for example is booted into another system in an attempt to access it, only the authorized user is going to be able access its information. A good example of a whole disk encryption used in many department of defense computers is the BitLocker, which used 128-bit algorithm to encrypt all the files on a volume. This technology is critical to business and government due to the handling of sensitive and classified data protecting it from falling into the wrong hands and making misuse of it. Nonetheless it is highly encouraged as a home user to encrypt their data as well as this can protect personal and family information stored in personal use computers.
FIREWALLS
We also have firewalls, In computing, a firewall is a network security device that monitors and controls the incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet, that is assumed not to be secure or trusted. Firewalls are often categorized as network firewalls or host-based firewalls. Network firewalls are a software appliance running on general purpose hardware or hardware-based firewall computer appliances that filter traffic between two or more networks. Host-based firewalls provide a layer of software on one host that controls network traffic in and out of that single computer or system. In plain terms the firewalls purpose is to prevent malicious traffic reaching he resources that it is protecting. For example, firewalls function as packet filters, inspecting the packets that are sent between computers on the internet. When a packet passes through the firewall, its source and destination address, protocol, and destination port number are verified against the firewall’s rule set. Any packets that aren’t specifically allowed onto the network are dropped, meaning that they are not forwarded to their destination. Firewalls may be used for computers, networks and servers. Attacks against servers became common, so the need for a firewall that could protect the servers and the applications running on them, not only the resources working through the server.
Strong Passwords
Strong Passwords have always been important when it comes to protecting data, but what does it really mean to have a strong password? When you look at passwords they always should be as long and as complicated as possible. In the past years the Army has been very strict when it comes to password handling and it is always recommended the use of alphanumerical and special characters when you are creating your password. However this are not the only parameters you should look at when you are creating a passwords, they also should not have any word or phrase that is commonly used or easy to guess, for example the use of your first name, last names, relative names or so should not be inputed as passwords. On another aspect you should always take in consideration that the harder the passwords is the more likely it will be to forget and therefore the more likely the users will be tempted to write them down making the system vulnerable of being infiltrated.
-Password Policies: Passwords Policies can also be used to maintain the systems secured. There are different alternatives in which this can be implemented. To start off it is recommended to change passwords on a time basis this helps prevent attackers from gaining knowledge of passwords by the use of Key Loggers to by means of Brute Force Attack. Another policy that can be implemented is as stated before the use of alphanumerical passwords in combination with special characters, this makes it harder for the attacker to decipher your password.
IDS (Intrusion detection system)
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported to an administrator or collected centrally using a security information and event management (SIEM) system, per say a log. A SIEM system combines outputs from multiple sources, and uses alarm filtering techniques to distinguish and identify malicious activity from false alarms. There is a wide variety of IDS, from virus scanning software to hierarchical systems that monitor the traffic of an entire backbone network. The most common classification is either a network (NIDS) or host-based (HIDS) intrusion detection systems. A system that monitors important operating system files is an example of a HIDS, while a system that analyzes incoming network traffic is an example of a NIDS. It is also possible to classify IDS by detection approach: the most well-known variants are signature-based detection, that recognizes bad patterns, such as malware; and anomaly-based detection, the basic approach is to use machine learning to create a model of trustworthy activity, and then compare new behavior against this model. Some IDS have the ability to respond to detected intrusions, which are typically referred to as an intrusion prevention system.
IPS (Intrusion Prevention System)
Intrusion prevention systems, also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, report it and attempt to block or stop it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are able to actively prevent or block intrusions that are detected. IPS can take actions such as sending an alarm, dropping detected malicious packets, resetting a connection or blocking traffic from the offending IP address. An IPS also can correct cyclic redundancy check (CRC) errors, defragment packet streams, mitigate TCP sequencing issues, and clean up unwanted transport and network layer options. Intrusion prevention systems can be classified into four different types:
Network-based intrusion prevention system (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.
Wireless intrusion prevention systems (WIPS): monitor a wireless network for suspicious traffic by analyzing wireless networking protocols.
Network behavior analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware and policy violations.
Host-based intrusion prevention system (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.
Other than the different classifications, there are three methods that the IPS may utilize:
Signature-Based Detection: Signature based IDS monitors packets in the Network and compares with pre-configured and pre-determined attack patterns known as signatures.
Statistical anomaly-based detection: An IDS which is anomaly based will monitor network traffic and compare it against an established baseline. The baseline will identify what is “normal” for that network – what sort of bandwidth is generally used; what protocols are used that it may raise a False Positive alarm for a legitimate use of bandwidth if the baselines are not intelligently configured.
Stateful Protocol Analysis Detection: This method identifies deviations of protocol states by comparing observed events with “predetermined profiles of generally accepted definitions of benign activity.
Data Backup
A Backup in common language is a duplicate copy of key information on the system, preferably stored in a location other than the one where the information is currently stored, for example an external hard drive. Backups can and may include both paper and computer data. Computer data is usually backed up using a backup program or software within the system.
Why is it important to make backups of your data? There are several reason that make backups important:
Accidental deletion
Applications errors
Natural disasters
Physical attacks
Server failure
Virus infection
Workstation failure
An ideal way to backup your information is by creating a backup plan, this identifies what information is to be stored, how its going to be stored, and for how long it will be stored. There are 3 types of backups you can utilize:
Full Backup: A full backup is a complete copy of all the files on a disk. The full backup while maintain all the information on the system at that point of time where it was performed. Once the system goes back into operation, and any changes are made on the system the backup is no longer current.
Incremental Backup: An incremental backup is used usually after a full backup, the Incremental backup is a partial backup that stores only the data that has been changed since the last full or the last incremental backup. Every time an incremental backup is done it must be retained until a full backup can be performed again.
Differential Backup: A differential backup works similar to an incremental backup, difference is, it backs up any files that have been changed or altered since the last full backup was made, it makes duplicate copies of files that have not changed since the last differential backup. The downside of a differential backups is that it accumulates duplicate data making each differential backup larger overtime its performed.
Data classification and handling policies
The purpose of this policy is to establish a framework for classifying and handling data based on its level of sensitivity, value and criticality to the organization as required by the Organizations Information Security Plan. Classification of data will aid in determining baseline security controls for the protection of said data. There are three classification levels depending on how sensitive is the data:
Confidential- Data should be classified as Confidential when the unauthorized disclosure, alteration or destruction of that data could cause a significant level of risk to the Organization or its affiliates. Examples of Confidential data include data protected by state or federal privacy regulations and data protected by confidentiality agreements. The highest level of security controls should be applied. Access to Confidential data must be controlled from creation to destruction, and will be granted only to those persons affiliated with the Organization who require such access in order to perform their job, only “need to know” basis. Access to Confidential data must be individually requested and then authorized by the Data Owner who is responsible for the data.
Internal/Private Data- Data should be classified as Internal/Private when the unauthorized disclosure, alteration or destruction of that data could result in a moderate level of risk to the Organization or its affiliates. By default, all information assets that are not explicitly classified as Confidential or Public data should be treated as Internal/Private data. A reasonable level of security controls should be applied to internal data. Access to Internal/Private data must be requested from, and authorized by, the Data Owner who is responsible for the data. Access to Internal/Private data may be authorized to groups of persons by their job classification or responsibilities, “role-based” access, and may also be limited by one’s department.
Public Data- Data should be classified as Public when the unauthorized disclosure, alteration or destruction of that data would results in little or no risk to the Organization and its affiliates. While little or no controls are required to protect the confidentiality of Public data, some level of control is required to prevent unauthorized modification or destruction of Public data. Public data is not considered sensitive; therefore, it may be granted to any requester or published with no restrictions. The integrity of Public data should be protected. The appropriate Data Owner must authorize replication or copying of the data in order to ensure it remains accurate over time.
These classifications are the contributing factor to who and how is the data used, and where is it stored. For example, there are two types of data: physical and digital, being computer based. Every piece of data should be labeled with its classification level, that way it lets the employees know how they should handle the information. If you should have for example a binder of confidential information, not everyone in the organization should have access to this information. Confidential information must have certain parameters, when not in use, it should be stored in a secure location and it should be necessary for two authorized employees to be present to access the data. This way we prevent only one person having access and making the opportunity for them to steal confidential data. Another good parameter is using a digital log, registering what information was extracted and by who. The misuse or inappropriate handling of this information may compromise the organization or Laws and Regulations could be broken.
Internal/ Private data is still sensitive but not as much. The employees that should have access to this information, are the ones that need it to be able to accomplish their daily mission. Normally it is information that is spread throughout the workforce of the organization. It should still be secured, but doesn’t necessarily need to be locked. But that doesn’t mean that it should be information that anyone can access.
Public Data doesn’t have any special requirements, as long as it is maintained in order and organized for the benefit and use of the organization. That doesn’t mean that we can leave it on our desks at the end of the work day or just throw it out without evaluating the information it withholds.
This applies to physical and computer based data. The user must have the appropriate security clearance and certificate to access the information. If the data must be destroyed, it must be done correctly according to the organization policy and protocol.