Category Archives: Data Loss Prevention

Protecting data from unauthorized access and use

December 28, 2012

Protect Your Communication Using Free Tools: Secure E-mail and Hiding Messages with Steganography

es66715 coversecret Protect Your Communication Using Free Tools: Secure E mail and Hiding Messages with Steganography

Is There More To This Image?

How we communicate has become extremely easy in today’s digital society.  Most mobile devices offer software that integrates with social networks, business applications and e-mail. People share anything from where they are eating to what they are about to eat in near real-time (personally I find it annoying). This convenience makes securing communication more difficult since most digital messages leave a digital fingerprint as well as usually transmitted over nonsecure sources. My team has demonstrated how hackers can steal data in transit using man-in-the-middle attacks with tools like the Pine Apple (more HERE), BeEF (more HERE), and compromising mobile devices to pull up old text messages and e-mails.

How can you protect your communication? Best practice is investing in multifactor authentication to trusted systems, VPN technology for communication outside of a secure network, data loss prevention monitoring what data is permitted to leave a secure network, internal network security products and host based security to stop key loggers and other threats. Communication solutions should offer a mix of confidentiality (protecting the information), integrity (can’t modify the message), availability, authenticity (message is genuine) and non-repudiation (guarantee sent and received).

Meeting best practice typically requires investments in multiple technologies however what about the average user looking to send a sensitive message? There are methods to send messages securely using free tools. One option is using a secure e-mail solution. Hushmail offers free PGP-encrypted e-mail and file storage. If you look at the image below, you will see the checkbox for encrypting the outgoing message as well as how Hushmail enforces a strong passphrase promoting secure e-mail standards. The downside of Hushmail is it doesn’t offer some of the flashy features other e-mail services include such as chat or customizable backgrounds.

Screen Shot 2012 12 26 at 7.46.40 PM Protect Your Communication Using Free Tools: Secure E mail and Hiding Messages with Steganography

Setting up a Hushmail account

Screen Shot 2012 12 26 at 7.47.54 PM1 Protect Your Communication Using Free Tools: Secure E mail and Hiding Messages with Steganography

 Sending Encrypted E-mails Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

7 Comments

Filed under Data Loss Prevention, General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 5, 2011

Securing Your Digital Image. Threats From Social Media Services

social media2 300x250 Securing Your Digital Image. Threats From Social Media ServicesMost likely you are part of one or more social media networks. The most common social media services are Facebook, Linkedin, Myspace, Bebo, Friendster, etc. What many users don’t realize is social media information could be leveraged as a source for your personal information. It’s extremely important to pay attention to what information you provide on public websites such as social media services and utilizing available security features to limit access to that data.

Facebook publicly shows they have more than 750 million active users with an average of 130 friends per user. 50% of active Facebook users log on daily and people in general spend over 700 billion minutes per month browsing Facebook. This makes Facebook’s database a very desirable target for information about people. Listing “Going on vacation for two weeks” may be nice for friends to know however criminals could capitalize on being informed your home is vacant. Uploading obscene pictures such as being intoxicated could impact a future job during a recruiters background check. Once data is submitted to Internet, its VERY hard to completely remove it.

8711729 a hacker with robbery mask holding a keyboard isolated on white background 150x113 Securing Your Digital Image. Threats From Social Media ServicesResearchers at the 2011 Defcon conference showcased an application based on leveraging social media and facial recognition software to capture sensitive information about unknown people. By scanning a photo of random people, the researchers were able to determine people’s names, home address, SS#, employment information, health records, as well as similar data for significant others and family members. Basically the application could obtain details about people from pictures that could be used to steal digital identities for criminal purposes.

The best defense against this type of threat is monitoring how you use social media websites. Always ask yourself before you post something “could somebody use this picture or information in a negative way?”

Another defense is limiting access to data you post online such as leveraging imbedded security features from social media services. Here are some tips for securing your Facebook account. Similar features and concepts should be used for other social media websites.

  • Create friend categories and apply policy. An example is restricting some access from work friends that is available for family members.
  • Limit the ability for friends to “Check you into places”. Personally I’m not a fan of this feature but at the very least make sure you control when you are checked in. Imagine a friend jokingly checking you into an adult club which displays on all your public social websites. Also limit specific friend categories from seeing where you check in.
  • Set your contact information as private
  • Limit what information is provided to applications. Studies show many are not secure.
  • Enable Facebook security. Turn on secure browsing (HTTPS) and email and/or texting alerts when a new device logs into your account.
  • Remove yourself from search results if you are tired of high school people you can’t remember trying to reconnect with you. It’s under privacy settings.
  • Remove yourself from public search via permitting sites like Google to see your social media data. This is found under Facebook privacy settings. Also turnoff instant personalization. Its under settings
  • Disable friends from tagging you. It’s under customized settings. You don’t want a humiliating picture of someone else tagged as you.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

1 Comment

Filed under Data Loss Prevention, General Security

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

August 3, 2011

An Overview Of Data Loss Prevention – DLP 101

An Overview Of Data Loss Prevention – DLP 101
Data Loss Prevention (DLP) is a topic that keeps IT up at night due to a lack of knowing how vulnerable they are as well as how to remediate. In many cases, data loss is a people problem caused by users unknowing violating policy. Violations can cause your agency to end up in the headlines with huge fines. Leading DLP vendors aim to reduce risk through technologies that fall into four DLP categories. The standard DLP categories are endpoint, network, data center and email-based products that work together as one solution.

Everybody uses email, which is a very common means to leak data. A strong email solution should have an unsecure and secure way to transfer data. DLP should be used as a gateway to either move emails with sensitive data to a secure transfer method or deny based on a violation of policy. Leaders in this space have built in libraries for keywords and popular compliance standards. Best practice not only denies or auto encrypts sensitive emails but includes a return email to the sender explaining what policy was violated.

People may attempt to get around email security solutions by sending data using web based email platforms such as Gmail, instant messaging or online file sharing. Network based DLP solutions sit on the wire and look for sensitive data either inline or passively. Many content security proxies offer the ability to filter online usage and leverage DLP as an additional means to enforce policy. Without a proxy or end-point enforcement component, network based DLP solutions are typically passive meaning they can only notify after a policy has been violated.

End user devices are very hard to control regarding DLP. Typical DLP solutions use an agent to enforce policies while users are on and off the network. The agent controls what can be printed, sent to an external drive, instant messaged and permitted in email applications. The difficult part is developing a policy that doesn’t trigger multiple false positives, which will quickly blowup your helpdesk. Some DLP solutions focus on the data rather than endpoint by using encryption to follow the data and leverage an agent or online login to gain access to the files. This makes it a little easier on endpoint management however is more of a pinpoint approach to identifying what should be considered sensitive rather than enforcing general policies for DLP on endpoints.

A key area for protecting data is securing the data center. Strong DLP solutions can define sensitive data, determine where the data resides and assign policies for controlling access. Reports can showcase who are the data owners and match violations to specific policies. Encryption can be added to follow the data once it leaves a folder to ensure proper use and eventually expire access. Regardless if its Symantec, RSA or whoever, its best practice to kickoff a DLP project with an audit to better understand the data and risk associated with losing that information. DLP is not a set and forget solution. Consulting expertise is highly recommended.

VN:F [1.9.22_1171]
Rating: 3.7/5 (3 votes cast)

2 Comments

Filed under Data Loss Prevention

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,