Time
56 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

Importance of Data Security In this lesson we cover the importance of data security. You'll learn why data security is a concern, what types of products exist to address security breaches and define several key types of data breaches and data security risks. For example, using Chats and IMs as an example, we take a look at how users can interact on the internet access, using open/unlocked workstations attached to the network, and other examples the security breaches that occur from a lack of good security practices. And we contrast them with why best practice solutions, sound, ongoing corporate & technology policies & practices. We also reinforce why good end user communication to assure they know about and understand the restrictions put in place are all interrelated when it comes to data security and the security of network assets. [toggle_content title="Transcript"] This is section 4.3. We discuss the importance of data security. Starting off this section, we look at data loss prevention. We could have data, financial data, medical, trade secrets, or personal identifiable information. We have to give consideration for the state in which we have this data. How is it being used, utmost security is our concern. It could be data in motion. If our data is moving via email, we want to ensure that we have security for it. IPSEC could be used for that. Data on our networks should also be secure, only authorized users should have access to network resources. Authentication is to provide access. Authentication is there to ensure that only authorized users have access to the network resources and thereby access to data on our network. We also should use the principle of least privilege to assign permissions. Only specified users with proper permissions should have proper access to resources on the network. Careful consideration has to be given to chat sessions, via instant messaging. Yes, we put in security measures to prevent data loss but you allow your users chat message over instant messaging. One, how do you know who is on the other side? You don't see who is on the other side. Probably they walked away...stepped away from the machine, somebody else is there. Some people have the habit of trying to chat with more than one person at the same time. You are chatting with person A, B, C and D. Something you should only tell to "D", you accidentally go tell to person "A". Now information has been lost to user "A" and you had no intention of doing that. It is also possible that we can do file transfer, via instant messaging. You disable all your ports. You disable that users cannot put in their USB but users can transfer files via instant messaging. Careful consideration should be given to the use of instant messaging. Yes sometimes they facilitate work but we have to give consideration for...we don't see the person on the other side. In many cases when we do instant messaging, when we chat across the internet, we tend to lower our guards. Before you know it your users might end up disclosing information that they shouldn't disclose to someone they don't even know is on the other side. We should also consider data at rest. Whether this data, financial, medical, trade secrets or personal identifiable information, whether it resides on our database, we should ensure we have encryption for our database so that unless the proper keys are provided, unauthorized persons have no access to the content of the database. This way we can secure data that we save on the database against unauthorized disclosure to guarantee confidentiality. Files being shared on the network, we have to do proper data handling, data labelling to ensure that secure files are not shared to unsecured locations on the network. Your files should only be shared in proper NTFS location to ensure that the permission assigned or the security assigned is still maintained by NTFS. Whether the files are residing on your desktop or your laptop, you should also do best practice to ensure data loss prevention. One, use passwords. Have particular accounts for every user logging on to that laptop or desktop. Measures should also be taken to secure the laptop. Device encryption should also be employed, whereby we could encrypt the entire content of the hard disk. Encrypt the entire content of your hard disk to prevent data loss or theft whether it is on your desktops or your laptops. Data in use, we should also prevent data loss for data in use. Many of us have left papers in the copier. You go make a photocopy and you leave the paper back there. The original is left in the copier. Somebody coming behind you has access to that document. Some people also let go of their copier machines after a period of use. This copier machines have a hard drive in them. Every image copied by the machine is also saved in the hard drive. If we must let go of our copier machines, best practice, we remove the hard drive so that nobody else can retrieve this information once they have possession of the copiers. It is also practice that we print from our scanner, we print from our fax machine and these documents are left sat on the printer for hours on end. Anybody having access to a common printer will have access to those documents. Best practice is that if you must print sensitive documents you have a local printer, buy your machine where you print such documents to. Some organizations have a fax server such that their fax messages are not just sat on the fax printer. The fax messages go to your inbox. If you need to print it, you print it, you go get it. That way your documents are not left lying at the machine for hours on end. This could lead to a compromise of confidentiality. Removable media. Our USB drives, optical drives, these also could...many people have used USB and you forget them on the system; tom drives you have also used optical drives, CD or DVD or blue ray disc and you forget them on the system. These are also methods by which data could leak. The next user has access to those devices. We should do best practice to ensure that we are always in possession of all the media that carries sensitive information for us. What about your screen? You step away from your pc you always...best practice should lock your screen. When you do lock your screen, ensure you use a password otherwise somebody else having access to your system can just tap a key on your keyboard, bump your mouse and now they see everything you are looking at. But with the use of a password screensaver, your password has to be keyed in before anybody has access to your screen. The very delicate one is the clipboard. Many of us copy and paste and then we done with the system, we just walk away. Okay you've close all the applications , you've closed everything you were working with but the information in your clipboard could still be dumped onto word, onto paint or some other applications, notepad... That way somebody else could see what you were looking at. It could be on your laptop or your desktop. The content of the clipboard could also be discovered. Best practice if you are done with the system, shut the machine down. That way the machine will lose all those content and that way you are able to prevent data loss and prevent theft of data be it on your laptop or your desktop. These are measures by which we could prevent data loss, we could ensure data loss prevention as well by following best practice whether our data is in motion, at rest or in use. We want to protect all our data wherever they find themselves on the network or infrastructure which we use. The next thing we talk about is hardware based encryption devices. For hardware based encryption devices we have the Trusted Platform Module and the Hardware Security Module: the HSM. The TPM, the Trusted Platform Module. These are TPM chips that are soldered to the computer motherboard. They generate the crypto keys that are used by the system and the applications. These keys are generated by these chips that are soldered to the motherboard. They are also maintained by these chips. If you want to do special projects, you don't just go to a store by the roadside and buy yourself a system. You rather would order the system from the system providers; the examples like HP and dell where they build you systems that have TPM, the Trusted Platform Module. For systems that require the HSM, the Hardware Security Module, these are advanced and specialized crypto processors. These crypto processors can address large encryption calculations. Not just any system will do encryption sufficiently. You don't just want to walk into a store by the roadside and buy a system say "okay I want to do some cryptography and regular systems can meet the requirements for you." Rather you want systems that have the HSM, the Hardware Security Module. The processors are designed to handle large encryption calculations. They provide key generation, manage and secure key storage. This is how we best do cryptography on our systems. [/toggle_content]

Video Transcription

00:04
this is section 4.3. We discuss
00:08
the importance of that, our security.
00:11
So starting off this section, we look at that our loss prevention.
00:15
We could have that our financial data, medical, trade secrets or personal, identifiable information
00:22
on we have to give consideration for
00:24
the state in which we have these data. How is it being used on almost security is of our concern
00:32
Now. It could be that emotion. If our that is moving their email, we want to ensure that we have security for I. P say could be used for that
00:41
data on our networks should also be secure. Onley authorized users should have access to network resources. Authentication is to provide access. Authentication is there to ensure that only authorized users have access to the network resources on there by, um,
00:59
I says to dotty, I don't know a network.
01:00
We also used the principle of least privilege toe assigned permissions. Only specified users with proper permissions should have proper access to resources on the network.
01:15
Careful consideration has to be given to chat sessions that instant messaging.
01:19
So yes,
01:21
way put in security measures to prevent that our loss, But you allow your users,
01:27
you chat message
01:30
over instant messaging.
01:32
One.
01:33
How do you know who's on the other side?
01:36
You don't see who's on the other side? Probably They walked away, stepped away from the machine.
01:41
Somebody else is there. Some people have the habit off trying to chat with more than one person at the same time. So you're chatting with person A, B, C and D on something you should only tell to D you accidentally go tell tow person A. Now information has been lost to use the A,
01:59
and you had no intentions of doing that.
02:01
It is also possible that we can do file transfer that instant messaging. So, yes, you disable all your ports, you disable that users cannot put in the U. S. B, but users can transfer files were instant messaging, so careful consideration should be given to the use of instant messages? Yes, Sometimes they fascinated work, but
02:21
we have to give consideration, for
02:23
we don't see the person on the other side on In many cases where we do instant messaging when we chat across the Internet, we tend to lower our guards on Before you know it, your users might end up disclosing information that the shooting disclose toe someone they don't even know
02:40
is on the other side.
02:43
We should also consider data at rest,
02:46
whether these data financial, medical, trade, secret or personally identifiable information whether it recites on our database, we should ensure we have encryption for our databases so that unless the properties are provided on authorized persons who have no access to the content of the data bees, this way we can secure that I that we save on the database
03:07
on against unauthorized disclosure
03:09
toe guarantee confidentiality
03:12
files being shared on the network.
03:15
No, we have to do proper
03:19
that are handling
03:21
that are labeling to ensure that secure files are not shared toe on secure locations on the network. Your files should only be shared improper ante F s locations to ensure that the permissions are signed or the security assigned is still maintained by ante F s.
03:38
Now, whether the files are reciting on your desktop or your laptop, you should also do best practice to ensure that our loss prevention one use passwords have particular accounts for every user logging into that laptop or desktop. Measures should also be taken to secure the laptop device. Encryption should also be employed
03:59
whereby we could include the entire content of the hardware,
04:01
the hard disk
04:02
and I and keep the entire content of your hard disk to prevent that are lost or theft. Whether it's on your desk top on your laptops
04:12
that I use, we should also prevent that are lost
04:16
for that I use. Many of us have left papers in the copier.
04:21
You go make a photocopy and you leave the paper, but that the original is left in the copier. Somebody coming behind you has access to that document.
04:30
Some people also let go off the copier machines. After a period of use. These copier machines have a hard driving them.
04:39
Every image copied by the machine is also saved in the hard drive. So if we must let go off our copier machines, best practice. We remove the hard drive so that nobody else can retrieve this information
04:54
once they have possession of the copiers.
04:57
It is also practiced that
04:59
we print from our scanner. We print from our fax machine on these documents. I left south on the,
05:06
um on the printer for hours on end.
05:11
Anybody having access to a common printer would have access to those documents.
05:15
You know. So best practice is that if you must print sensitive documents, you have a local printer
05:21
by your machine where you print such documents, too.
05:26
Some organizations have a fax server, such that their fax messages are not just sat on the fax printer,
05:34
so the fax messages go to your inbox. If you need to print it, you printed, you go get it that way. Your documents are not left lying at the machine for hours on end. This could lead to a compromise off confidentiality.
05:50
Removable media.
05:53
How USB drives. Ah,
05:57
optical drives. These also cooled.
06:00
I mean, many people have used us bees. Now you forget them in the system. Tom drives. You've also used optical discs CD or DVD or blue ray discs on you. Forget them on the system. These are also methods by which that would lead. The next user has access to those devices, so we should do
06:18
best practice to ensure that we're always in position off all the media
06:23
that carries sensitive information for us.
06:27
What about your screen? You step away from your PC, you always best practice you lock your screen on when you do, lock your screen and show you use the password. Otherwise, somebody else having access to your system can just have a key on your keyboard. Bump your mouth on. Now they see everything you're looking at. But with the use of a password screen saver,
06:47
your password has to be Keating before anybody has access to your screen.
06:53
The very delicate one is a clipboard. Many of us copy and paste, copy and paste on. Then we don't with the system, we just walk away,
07:00
okay? You've closed all the applications, you've closed everything you're working with. But the information in your clipboard could still be dumped
07:09
onto word
07:11
on to paint or some other applications. No part on that way, somebody else could see what you were looking at.
07:18
It could be on your laptop or your desktop. The contents of the clipboard could also be empty. Could also be discovered. Best practice. If you're done with the system, shut the machine down. That way, the machine would lose all those content on that. We were able to prevent that. Our loss on prevent theft
07:36
off that are be it on your laptop or your desktop. So these are measures by which we could prevent that our loss. We could ensure that our loss prevention as well by following best practice whether our data is in motion at rest or in use. We want to protect all our data wherever they find
07:55
themselves on the network or infrastructure,
07:58
which we use. The nesting we talk about is hardware based encryption devices
08:03
for hardware bears the encryption devices. We have the trust, that platform you do
08:07
on the hardware security model, the HSM. So we have the T p m. The T p m. The trust that platform models. These are
08:16
TPM chips that are sold out to the computer motherboard. They generate the crypto keys that I used by the system on the applications. So these keys are generated by these chips that are sold out to the motorboat. They also maintained by these chips. If you want to do special projects,
08:33
you don't just go to a store by the roadside and buy yourself a system. Your other would order the system from the system providers example like HP and Dell, where they build you systems that have TPM trust that platform model
08:46
for system that require HSM the hardware security model. These are advanced on specialized crypto processes.
08:56
You know this crypto processors can address, like encryption calculations. Not just any system will do
09:03
encryption sufficiently. You don't just want to walk into a store by the roadside and biases times. Okay? I want to do something.
09:09
Cryptography on regular systems commit the requirement for you. Rather, you want systems that have each sm the hardware security model. The chips,
09:20
the processes are designed toe handle,
09:24
large encryption calculations. They provide
09:28
key generation, manage and secure key storage.
09:31
So this is how we best do cryptography on our systems.

Up Next

Fundamental System Security

Commonly referred to as INFOSEC, refers to the processes and methodologies required to keep information confidential.

Instructed By

Instructor Profile Image
John Oyeleke
Lead IT Security Instructor
Instructor