But who cares if so meo ne steals yo ur f iles if

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: t can be sto len o r used to launch a security attack. This might include hunting f o r discarded passwo rds written o n P o st-it no tes, reco vering unshredded printed user acco unt listings, scanning e-mails o r pro gram printo uts f o r system clues, reco vering tape backups, resurrecting f iles f ro m discarded hard drives, and mo re. Other co mpro mises might take place via sh oulder surf ing, simply lo o king o ver so meo ne’s sho ulder to glean a passwo rd o r see o ther pro prietary inf o rmatio n that might be displayed o n a wo rker’s screen. Firms might also f all victim to vario us f o rms o f eavesdro pping, such as ef f o rts to listen into o r reco rd co nversatio ns, transmissio ns, o r keystro kes. A device hidden inside a package might sit inside a mailro o m o r a wo rker’s physical inbo x, scanning f o r o pen wireless co nnectio ns, o r reco rding and f o rwarding co nversatio ns.J. Ro bertso n, “Hackers Mull P hysical Attacks o n a Netwo rked Wo rld,” San Francisco Chro nicle, August 8, 2008. Other f o rms o f eavesdro pping can be acco mplished via co mpro mised wireless o r o ther netwo rk co nnectio ns, malware keylo gger o r screen capture pro grams, as well as hardware devices such as replacement keybo ards with keylo ggers embedded inside, micro pho nes to capture the slightly unique and identif iable so und o f each key being pressed, pro grams that turn o n built-in micro pho ne o r cameras that are no w standard o n many P Cs, o r even James Bo nd-style devices using Van Eck techniques that attempt to read mo nito rs f ro m af ar by detecting their electro magnetic emissio ns. The Encryption Prescription During a ro utine physical transf er o f backup media, Bank o f America lo st tapes co ntaining the private inf o rmatio n—including So cial Security and credit card numbers—o f hundreds o f tho usands o f custo mers.J. Mardesich, “Ensuring the Security o f Sto red Data,” CIO Strategy Center, 2009. This was po tentially devastating f o dder f o r identity thieves. But who cares if so meo ne steals yo ur f iles if they still can’t read the data? That’s the go al o f encryptio n! Encrypt ion scrambles data, making it essentially unreadable to any pro gram that do esn’t have the descrambling passwo rd, kno wn as a key. Simply put, the larger the key, the mo re dif f icult it is f o r a brute-f o rce attack to exhaust all available co mbinatio ns and crack the co de. When well implemented, encryptio n can be the equivalent o f a ro ck so lid vault. To date, the largest kno wn brut e­f orce at t acks, demo nstratio n hacks launched by grids o f simultaneo us co de-cracking co mputers wo rking in uniso n, haven’t co me clo se to breaking the type o f encryptio n used to scramble transmissio ns that mo st bro wsers use when co mmunicating with banks and sho pping sites. The pro blem o ccurs when data is nabbed bef o re encryptio n o r af ter decrypting, o r in rare cases, if the encrypting key itself is co mpro mised. Extremely sensitive data—trade secrets, passwo rds, credit card numbers, and emplo yee and custo mer inf o rmatio nsho uld be encrypted bef o re being sent o r sto red.J. Mardesich, “Ensuring the Security o f Sto red Data,” CIO Strategy Center, 2009. Deplo ying encryptio n dramatically lo wers the po tential damage f ro m lo st o r sto len lapto ps, o r f ro m hardware reco vered f ro m dumpster diving. It is vital f o r any lapto ps carrying sensitive inf o rmatio n. Encryptio n is also emplo yed in virtual private netwo rk (VP N) techno lo gy, which scrambles data passed acro ss a netwo rk. P ublic wireless co nnectio ns po se signif icant security threats— they may be set up by hackers that po se as service pro viders, while really launching attacks o n o r mo nito ring the transmissio ns o f unwitting users. The use o f VP N so f tware can make any passed-thro ugh packets unreadable. Co ntact yo ur f irm o r scho o l to f ind o ut ho w to set up VP N so f tware. In the Bank o f America example abo ve, the bank was burned. It co uldn’t verif y that the lo st tapes were encrypted, so it had to no tif y custo mers and incur the co st asso ciated with assuming data had been breached.J. Mardesich, “Ensuring the Security o f Sto red Data,” CIO Strategy Center, 2009. Encryptio n is no t witho ut its do wnsides. Key management is a po tentially co stly pro cedural challenge f o r mo st f irms. If yo ur keys aren’t secure, it’s the equivalent o f leaving the keys to a saf e o ut in public. Encryptio n also requires additio nal pro cessing to scramble and descramble data—drawing mo re po wer and slo wing co mputing tasks. Mo o re’s Law will speed things alo ng, but it also puts mo re co mputing po wer in the hands o f attackers. With hacking threats o n the rise, expect to see laws and co mpliance requirements that mandate encrypted data, standardize encryptio n regimes, and simplif y management. How Do Web Sites Encrypt Transmissions? Mo st Web sites that deal with f inancial transactio ns (e.g., banks, o nline sto res) secure...
View Full Document

This document was uploaded on 01/31/2014.

Ask a homework question - tutors are online