Sedulity Groups | How To Secure Your Data
The most valuable thing in our computer or network is the data we create. After all, that data is the reason for having the computer and network in the first place. Anybody for whom data is important, security is more important than that and if you’ll not follow the security guidelines then it would be very difficult to secure your information from the external attacks. Operating systems and applications can always be reinstalled, but user-created data is unique and if lost, may be irreplaceable. Here are some tips on Data security from loss and/or unauthorised access which are mentioned below as following;
Encryption
Encryption has become a critical security feature for thriving networks and active home users alike. This security mechanism uses mathematical schemes and algorithms to crawl data into unreadable text. It can only by decoded or decrypted by the party that possesses the associated key.
(FDE) Full-disk encryption offers some of the best protection available. This technology enables you to encrypt every piece of data on a disk or hard disk drive. Full disk encryption is even more powerful when hardware solutions are used in conjunction with software components. This combination is often referred to as end-based or end-point full disk encryption. You should also use zipping software such as WinZip or Win Rar to compress and encrypt your documents.
Strong User Authentication
Authentication is another part of data security that we encounter with everyday computer usage. Just think about when you log into your E-mail or blog account. That single sign-on process is a form authentication that allows you to log into applications, files, folders and even an entire computer system. Once logged in, you have various given privileges until logging out. Some systems will cancel a session if your machine has been idle for a certain amount of time, requiring that you prove authentication once again to re-enter. The single sign-on scheme is also implemented into strong user authentication systems. However, it requires individuals to login using multiple factors of authentication. This may include a password, a one-time password, a smart card or even a fingerprint.
Often Backup
Data Security would not be completed without a backup solution to your critical information. The most important part in protecting your data from loss is to take the back up regularly. So it’s up to you that how often you take the Data Back Up. That depends — how much data can you afford to lose if your system crashes completely? A week's work? A day's work? An hour's work?
Though your data may appear secure while restrained away in a machine, there is always a chance that your data can be compromised. You could suddenly be hit with a malware infection where a virus destroys all of your files. Also if someone could enter your computer and steal data by sliding through a security hole in the operating system. A reliable backup solution will allow you to restore your data instead of starting completely from scratch and will save lot of time as well.
Use file-level and share-level security
To keep others out of your data, the first step is to set permissions on the data files and folders. If you have your data in network shares, you can set share permissions to control which user accounts can and cannot access the files across the network. With Windows 2000/XP, this is done by clicking the Permissions button on the Sharing tab of the file's or folder's properties sheet.
However, these share-level permissions won't apply to someone who is using the local computer on which the data is stored. If you share the computer with someone else, you'll have to use file-level permissions (also called NTFS permissions, because they're available only for files/folders stored on NTFS-formatted partitions). File-level permissions are set using the Security tab on the properties sheet and are much more persistent than share-level permissions and in both the cases, you can set permissions for either user accounts or groups, and you can also allow or deny various levels of access from read-only to full control.
Protect documents with Password
Many applications, such as Microsoft Office applications and Adobe Acrobat, will allow you to set passwords on individual documents where, you must enter the password in order to open the document. To protect your document with password in MS Word, go to Tools | Options and click the Security tab. You can require a password to open the file and/or to make changes to it. You can also set the type of encryption standard that you want to use.
Unfortunately, Microsoft's password protection is relatively easy to crack where it’s an easy job for a professional hacker to break the password and get the access to your information. However, still its recommended that you protect your data with the password as the probability to crack the password is by undetermined hackers is comparatively less.
Hide data with steganography
You can use steganography to hide your data behind the other data as it’s also an important technique to encrypt your important data. For example, you could hide a text message within a JPG file or an MP3 file or even inside another text file (although the latter is difficult because text files don't contain much redundant data that can be replaced with the hidden message).
The data is encrypted first and then hidden inside another file with the steganography software like S-Tools, Encryptor, MP3Stegz, Paranoid etc. Some steganographic techniques require the exchange of a secret key and others use public/private key cryptography. A popular example of steganography software is StegoMagic, a freeware download that will encrypt messages and hide them in .TXT, .WAV, or .BMP files.
Make use of a public key infrastructure
A public key infrastructure is a system for managing public /private key combinations and digital certificates. Because keys and certificates are issued by a trusted third party (a certification authority, either an internal one installed on a certificate server on your network or in a public one, such as VeriSign) certificate-based security is stronger.
We can protect our data that we want to share with someone else by encrypting it with the public key of its intended recipient, which is available to anyone. The only person who will be able to decrypt it is the holder of the private key that corresponds to that public key.
Secure Wireless transmissions
Data that we send over a wireless network is even more subject to interception than that sent over an Ethernet network. Hackers don't need physical access to the network or its devices; and anyone with a wireless-enabled portable computer and a high gain antenna can capture data and/or get into the network and access data stored there if the wireless access point isn't configured securely.
You should send or store data only on wireless networks that use encryption, preferably WPA, which is stronger than WEP.
Protect data in transit with IP security
Your data can be captured while transition over the network by a hacker with sniffer software (also called network monitoring or protocol analysis software). To protect your data when it's in transit, you can use IPsec, however; the only condition is that both the sending and receiving systems have to support it. Windows 2000 and later Microsoft operating systems have built-in support for IPsec. Applications don't have to be aware of IPsec because it operates at a lower level of the networking model.
Encapsulating Security Payload (ESP) is the protocol IPsec uses to encrypt data for confidentiality. It can operate in tunnel mode, for gateway-to-gateway protection, or in transport mode, for end-to-end protection. To use IPsec in Windows, you have to create an IPsec policy and choose the authentication method and IP filters it will use. IPsec settings are configured through the properties sheet for TCP/IP, on the Options tab of Advanced TCP/IP Settings.
EFS Encryption
This is a built-in certificate-based encryption method (Windows 2000, XP Pro, and Server 2003 support the Encrypting File System) to protect individual files and folders stored on NTFS-formatted partitions. Encrypting a file or folder is as easy as selecting a check box which you could easily do by just clicking the Advanced button on the General tab of its properties sheet. Note that you can't use EFS encryption and NTFS compression at the same time.
EFS uses a combination of Asymmetric and Symmetric encryption system, for both security and performance. To encrypt files with EFS, a user must have an EFS certificate, which can be issued by a Windows certification authority or self-signed, if there is no certification authority on the network. EFS files can be opened by a designated recovery agent with Windows XP/2003, but not with Windows 2000, and we can also designate other user accounts that are authorized to access your EFS-encrypted files.