Encrypt Data or Invite Disaster

[David Farber <dave () farber net>]

Begin forwarded message:

From: "John F. McMullen" <observer () westnet com>
Date: June 27, 2005 7:30:54 PM EDT
To: johnmac's living room <johnmacsgroup () yahoogroups com>
Cc: Dave Farber <farber () cis upenn edu>
Subject: Encrypt Data or Invite Disaster


From eSecurity Planet -- http://www.esecurityplanet.com/prevention/ 
article.php/3515811

Encrypt Data or Invite Disaster
By Steven Warren

In todays workplace, stealing information doesnt require a covert  
Special Forces team: It is often done by an employee armed with a 5  
GB USB flash drive. And your unsecured, unencrypted network invites a  
hacker to compromise a server or workstation holding sensitive data.

But you dont have to be vulnerable. There are plenty of options  
available today for securing/encrypting your data and many of these  
options are just overlooked.

Consider in recent news the security breach where hackers obtained  
access to more than 40 million credit card accounts. Could this have  
been avoided?

Yes! If the data had been encrypted, we wouldnt have 40 million  
people losing sleep.

In other news, Citigroup announced that 4 million consumer records,  
stored on magnetic computer tapes, were mysteriously lost during a  
shipment by UPS to a credit reporting agency.

Guess what? Those tapes were not encrypted. And the list of examples  
goes on.

With this string of incidents, it is very clear what has to happen.  
We must start encrypting our data. It is essential.

Options From Enterprise to Workstation

Encrypting your data does not have to be an expensive rollout like  
moving from NT 4.0 to Active Directory. There are many types of  
encryption, from complete encryption at the enterprise level down to  
the often overlooked encryption of an individuals workstation. With  
so many options, your perfect solution is surely available.

For example, MCI is now evaluating stronger security measures  
following the theft of a laptop containing Social Security numbers  
and names of 16,500 current and former MCI employees. The laptop was  
stolen from the employees car. The computer was password protected  
but there has been no comment on whether the data was encrypted.

I believe encryption is as important as a firewall. You wouldnt leave  
your network unprotected by a firewall -- we all know thats as  
foolish as just giving a hacker your enterprise or domain admin  
password. Nor should you leave your sensitive data unencrypted;  
encryption ensures that your data is secure.

But how, specifically, might encryption be useful to you?

When you send an email of sensitive information, encryption provides  
security that no unauthorized parties have access to your data. If  
your password is encrypted, it cannot be duplicated by anyone else so  
it ultimately proves your identity when you sign on to a computer or  
use a smart card or an RSA device.

When you sign an email with an encrypted signature, the email cannot  
be changed or modified without changing the digital signature. Using  
digital signatures provides you with proof that a document has not  
been compromised.

Create and Enforce An Encryption Policy

Encryption can be used for email exchange as well as to encrypt  
documents on your hard drive. Encryption is used when logging onto a  
system, SSL connections on the web, and on anything that is sensitive  
within your business model.

Just as you have a disaster recovery plan, you should also create an  
encryption plan for your organization. Make it corporate policy to  
digitally sign every email. Configure encryption over your remote  
connections. Use encryption technology to encrypt the entire contents  
of your hard drive.

With the amount of data being too frequently compromised, not having  
an encryption plan for your company is security suicide. September 11  
was the disaster recovery wake-up call for many companies who lost  
everything because they didnt have a plan in place; many companies  
quickly got their acts in gear after the fact to have disaster  
recovery sites configured.

Not having an encryption plan may not quite stop you dead in your  
tracks as failure to have disaster recovery did for some, but it  
could cause your stock to fall, profits to decline, and peace of mind  
to be shattered. Do yourself a favor and configure an encryption plan  
for your company today.


Steven Warren is an IT consultant for the Ultimate Software Group and  
a freelance technical writer. He has a forthcoming 'how-to' book on  
VMware Workstation and holds

Copyright 2005 Jupitermedia Corporation
*** FAIR USE NOTICE. This message contains copyrighted material whose  
use
has not been specifically authorized by the copyright owner. The
'johnmacsgroup' Internet discussion group is making it available without
profit to group members who have expressed a prior interest in receiving
the included information in their efforts to advance the  
understanding of
literary, educational, political, and economic issues, for non-profit
research and educational purposes only. I believe that this  
constitutes a
'fair use' of the copyrighted material as provided for in section 107 of
the U.S. Copyright Law. If you wish to use this copyrighted material for
purposes of your own that go beyond 'fair use,' you must obtain  
permission
from the copyright owner.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

   "When you come to the fork in the road, take it" - L.P. Berra
   "Always make new mistakes" -- Esther Dyson
   "Any sufficiently advanced technology is indistinguishable from  
magic"
    -- Arthur C. Clarke
    "You Gotta Believe" - Frank "Tug" McGraw (1944 - 2004 RIP)
    "To achieve, you need thought. You have to know what you
     are doing and that's real power." -- Ayn Rand


                          John F. McMullen
   johnmac () acm org johnmac () computer org johnmac () m-net arbornet org
                  johnmac () tmail com johnmac () echonyc com
           jmcmullen () monroecollege edu johnmac () alumni iona edu
              ICQ: 4368412 Skype, AIM & Yahoo Messenger: johnmac13
                  http://www.westnet.com/~observer
                 BLOG: http://johnmacrants.blogspot.com/


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/