Encryption
Data Protection Via Encryption
In our daily affairs at work we sometimes need to deal with information that needs to be protected such as personal , medical, academic or governmental data. The protection of this information is actually legislated by laws (see: http://en.wikipedia.org/wiki/Canadian_privacy_law). Best practices dictate that we must protect sensitive data:
- At the point of capture.
- When it is transferred over a network (such as the internet).
- When it is at rest (such as when it is sitting on the computer's hard drive or on a USB memory key or USB storage unit).
Download: Information Handling Matrix
Achieving Data Protection
Information that is handled by computers, normally in plain-text mode, can be "encrypted" or transformed by scrambling it in such a way that it becomes unreadable by entities that do not possess the key to unscramble it and make it readable again. Encryption ensures confidentiality but other techniques are still needed to ensure integrity and authenticity of the information, especially when it is being transferred from one point to another.
Why do we need to protect the data?
Because it has become far too easy to intercept information and capture it as it travels over the internet or be stolen from unprotected repositories. If the information is encrypted in all these points, the stolen data becomes unreadable for the interceptor and this removes the risk of having it compromised. Data interception can be achieved using specialized software such as Data Sniffers to “grab” the traffic flowing into or out of a computer attached to a network.
How can I ensure that my data is protected by some form of encryption?
First, by ensuring that when the data is being captured - such as when I am entering a password on some internet web form (banking websites, social networks, internet mail, etc) – it is done so by a website that uses Secure Socket Layers (SSL) (Info on SSL) on the internet address. To be precise, the internet address I am sitting on must use "HTTPS" at the beginning of the internet address as supposed to the traditional "HTTP" format that most websites use. A second way of identifying a secure website is by looking for the padlock symbol either at the beginning of the internet address or at the end of it. If the padlock symbol is present and the address begins with HTTPS you are most likely using a secure website.
More on website encryption here: http://windows.microsoft.com/en-CA/windows-vista/When-to-trust-a-website
Encryption of information when it is at rest
It is important to protect information that is at rest, specifically when it is stored either on a local hard drive and more importantly on a removable USB key or USB storage unit. The risk of exposing/leaking data by having these falling into the wrong hands is a high price to pay. Protection in these cases can be achieved by using personal encryption tools such as Truecrypt (http://http://www.truecrypt.org/).
Computer users should take measures to reduce risk of leaking of data at rest by:
- Restricting physical access to servers, USB or network storage units and USB keys containing sensitive data.
- Installing security updates.
- Configuring computer systems properly to avoid unwanted electronic exposure.
- Installing appropriate anti-virus software.
- Coding web applications following OWASP guidelines.
- Following safe password usage guidelines <link to password policy page).
For usage of Truecrypt follow this link http://www.truecrypt.org/docs/?s=tutorial
Notice
Upgrade your MAC ID password today
McMaster is strengthening its password system and all MAC ID passwords established before February 19, 2013 must be changed.
- Upgrade before
May 29, 2013
Service Desk
| Hours: | Monday - Friday 8:30 am - 4:30 pm |
|---|---|
| Phone: | 905-525-9140 x24357 (2HELP) |
| Email: | uts@mcmaster.ca |
| Location: | Main Campus BSB Rm. 245 |
| Service Catalogue: | |
| http://www.mcmaster.ca/uts | |
Service Bulletins
- There are no Service Bulletins at this time