ZDNet UK / News and Analysis / Infrastructure / Networking

10 steps to secure data

By Deb Shinder, TechRepublic, 19 April, 2006 09:55

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

integrity, Eavesdropping, IPSec, Espionage, Encryption, Hackers, Data, Hacking, DRM, Security, Theft

...containers inside a partition that act like a hidden disk within a disk. Other users see only the data in the "outer" disk.

Disk encryption products can be used to encrypt removable USB drives, flash drives, etc. Some allow creation of a master password along with secondary passwords with lower rights you can give to other users. Examples include PGP Whole Disk Encryption and DriveCrypt, among many others.

#6: Make use of a public key infrastructure
A public key infrastructure is a system for managing public/private key pairs and digital certificates. Because keys and certificates are issued by a trusted third party (a certification authority, either an internal one installed on a certificate server on your network or a public one, such as Verisign), certificate-based security is stronger.

You can protect data you want to share with someone else by encrypting it with the public key of its intended recipient, which is available to anyone. The only person who will be able to decrypt it is the holder of the private key that corresponds to that public key.

#7: Hide data with steganography
You can use a steganography program to hide data inside other data. For example, you could hide a text message within a JPG file or an MP3 file, or even inside another text file (although the latter is difficult because text files don't contain much redundant data that can be replaced with the hidden message). Steganography does not encrypt the message, so it's often used in conjunction with encryption software. The data is encrypted first and then hidden inside another file with the steganography software.

Some steganographic techniques require the exchange of a secret key and others use public/private key cryptography. A popular example of steganography software is StegoMagic, a freeware download that will encrypt messages and hide them in .TXT, .WAV, or .BMP files.

#8: Protect data in transit with IP security
Your data can be captured while it's travelling over the network by a hacker with sniffer software (also called network monitoring or protocol analysis software). To protect your data when it's in transit, you can use IPsec — but both the sending and receiving systems have to support it. Windows 2000 and later Microsoft operating systems have built-in support for IPsec. Applications don't have to be aware of IPsec because it operates at a lower level of the networking model.

Encapsulating Security Payload (ESP) is the protocol IPsec uses to encrypt data for confidentiality. It can operate in tunnel mode, for gateway-to-gateway protection, or in transport mode, for end-to-end protection. To use IPsec in Windows, you have to create an IPsec policy and choose the authentication method and IP filters it will use. IPsec settings are configured through the properties sheet for TCP/IP, on the Options tab of Advanced TCP/IP Settings.

#9: Secure wireless transmissions
Data that you send over a wireless network is even more subject to interception than that sent over an Ethernet network. Hackers don't need physical access to the network or its devices; anyone with a wireless-enabled portable computer and a high gain antenna can capture data and/or get into the network and access data stored there if the wireless access point isn't configured securely.

You should send or store data only on wireless networks that use encryption, preferably WPA, which is stronger than WEP.

#10: Use rights management to retain control
If you need to send data to others but are worried about protecting it once it leaves your own system, you can use Windows Rights Management Services (RMS) to control what the recipients are able to do with it. For instance, you can set rights so that the recipient can read the Word document you sent but can't change, copy, or save it. You can prevent recipients from forwarding email messages you send them and you can even set documents or messages to expire on a certain date/time so that the recipient can no longer access them after that time.

To use RMS, you need a Windows Server 2003 server configured as an RMS server. Users need client software or an Internet Explorer add-in to access the RMS-protected documents. Users who are assigned rights also need to download a certificate from the RMS server.

Related stories

America debates data retention

Compliance: Turning IT cost into benefit

PKWare stretches ZIP protection

IBM looks to hardwired DRM

Security fears over London's blanket Wi-Fi

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

raskolnikof

fantastic that the so called piracy bills have been withdrawn. however, these anti-democracy supporters are still in the shadows so lets be alert...

10 minutes ago by raskolnikof on SOPA, Protect IP support wavers in face of online protest
Tony Douglas

Please God no; teach them anything you like - thinking rationally, the uses and misuses of data, what data is and what it's not - but leave the...

2 hours ago by Tony Douglas via Facebook on Kids are the future. Teach ’em to code.
BrownieBoy

@Jack, > Works really well for thieves.... Nice attempt to deflect the argument by tossing in a point that's totally irrelevant, even it were...

17 hours ago by BrownieBoy on AMD Ultrathins to challenge Intel Ultrabooks
bootlegger

Make that 13 people now - I got refused today at Manchester airport. I thought I was up to date on this legislation - I knew of the EU ruling from...

20 hours ago by bootlegger on UK airport body scans will not be opt out
tinycg

Don't forget to check out apps like GoodReader or SlideShark either, they're indispensible for people on the go in presentation situations. Best...

22 hours ago by tinycg on Four top iPad apps for people on the move
TerryRK

Well it seems there is something a number of us agree on. Why is the Ubuntu Unity launcher so ugly? I thought perhaps it was something to do with...

1 day ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
Freebies202

Duplicate comments are not made intentionally. Its very good to know that now you are keeping check on this problem because sometimes a commenter...

2 days ago by Freebies202 on Microsoft fixes blog comments, speeds up blogs with open source
kevinmchapman

"the very significant number of users" and "many (most) of us" - you have no evidence for these statements. It is a fact that most users are saying...

2 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
Marg Menzies Harrison

Another grammar faux pas is the improper use of "you". When sitting down down in a restaurant, for example, I get cringe when the waitress...

2 days ago by Marg Menzies Harrison via Facebook on 10 flagrant grammar mistakes that make you look stupid
zdnetukuser

And NOW, folks, for Canonical's next trick... Kubuntu is late. Here's a pencil. Draw your own conclusions. cf.:...

2 days ago by zdnetukuser on Linux Minterface
Moley

@kevinmchapman. The discussion here reflects the very significant number of users who really do like the traditional menu system and who wish to...

2 days ago by Moley on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

Er, no... It is an efficient means of finding the application/file/setting you need in one place. The icons are a simply a fallback for when you...

2 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

Isn't the provision of a text based search an admission by the developers that the mass of icons approach does not work? I don't need to use a...

2 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

"Unity and GNOME 3 both abandon the old text-based cascading menus in favour of a graphical icon-driven system." Point truly missed. Both use a...

2 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

whs001 - Thank you, I'm glad you liked the article. I absolutely agree with you on your first point. I should perhaps have made it clearer that...

2 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
Dennis Nilsson

If we allow corporate interest to dictate the way our government circumvents due process against foreign entities then we should accept the same...

2 days ago by Dennis Nilsson via Facebook on ACTA stumbles in Germany
GHar123

I totally dislike pirating of works, I fear that artists will be deterred from creating works if they think that they are going to get ripped off....

2 days ago by GHar123 on ACTA stumbles in Germany
JCB33

How dare film makers, artists or anybody that invests in creativity stop us pirating their works for free. I want to be able to walk into my local...

3 days ago by JCB33 on ACTA stumbles in Germany
Moley

@GrueMaster. I prefer horses for courses rather than one size fits all. I, and I suspect most other computer users, do not really wish to have...

3 days ago by Moley on A tale of two distros: Ubuntu and Linux Mint
greycynic

The product that scares me every time I have to use it is the Office 2007 version of Excel. The first bug that I found was applying the median...

3 days ago by greycynic on Ten flawed products that derail productivity

Latest in Networking

Ofcom to make it easier to change broadband service

Google set to build backbone of its 1Gbps fibre network

Nicira reveals network virtualisation details

Featured white papers

Manage Projects More Efficiently Using Online Meetings

Citrix Online

Manage Projects More Efficiently Using Online Meetings

Whether your business is a medium-sized organisation or a large conglomerate, projects are a part of your everyday... Read more

Using cloud-based solutions to fight DDoS attacks

VeriSign

Using cloud-based solutions to fight DDoS attacks

As distributed-denial-of-service attacks grow in size, complexity and frequency, security organisations are discovering that in-house solutions are no longer... Read more

How to prime your WLAN for employee devices

Aruba Networks

How to prime your WLAN for employee devices

Companies are finding the wireless LAN is under pressure as employees are bringing their own devices to... Read more

Inside ZDNet UK

NASA switches off last mainframe

NASA switches off last mainframe

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

BlackBerry Bold 9790

BlackBerry Bold 9790

How to handle data replication

How to handle data replication

Ten factors that make Ubuntu 11.10 a hit

Ten factors that make Ubuntu 11.10 a hit

Toshiba Portégé Z830-10P Review

Toshiba Portégé Z830-10P Review

BT's archive: Pictures from the vault

BT's archive: Pictures from the vault