by Osvaldo Callegari
When we say open information we want to talk about information available, visible and at the hand of anyone.
When a person suffers a theft or theft of his equipment call it agenda, netbooks, notebook, smart phone sees the loss of months or perhaps years of work pass in a second, it is clear that the backups he made of the systems are not up to date and at the moment, that is why it is necessary to go back to everything done previously. This from good to first implies an important stress that perhaps some specialist compares it as for example with other work disorders.
Now, the most significant issue is that what was stolen from him is exposed and at the hand of anyone! It is worth saying that if what was stolen was information from your company, there is not enough regret to justify it, since the information will be used in order to harm that company.
To do this we will indicate possible tools, useful tips and the trends of computer security of 2009.
Well we said that open information must be secured, not always security methods are the most practical but often are tedious, the user ends up leaving everything open and the good of God without measuring the consequences.
Application tools and products
As usual in this column, products are analyzed to bring a broader security picture to the user, in order to keep a guide of necessary implementations according to current demands.
The current security tools against information theft are:
•Encryptors, with renewable methods
• Backups or backups of information, automatic and manual
•PGP email security
•Information shredders with government-level processes
•Followers of stolen equipment.
They do not necessarily carry a given order, since together they improve the security of our data. Some could be prioritized more than others, but all are necessary.
Data transmissions are vitally important and have become a necessity today. Whether it's by exchanging private business messages or trade secrets, you must protect your sensitive information from hackers, your boss, or the secret services.
Resonant impact for today's businessman
We live in a world where insecurity, unwanted people can have access to your personal information (emails or personal desktop documents) and that they often use against you.
One of the systems addressed has the consent and recognition of important North American magazines such as PC-MAGAZINE ™, PC-WORLD™. The system mentioned is called Invisible ™ Secrets
This program has six fundamental functions for protection:
1. Hide and show files: Programs or documents secured by a password can be hidden.
2. Encrypt and decrypt files: Just like hiding, files can be encrypted. It is advisable not to lose the access key as there is no way to recover them definitively.
3. Self-decrypting packets: Encrypted packets allow you to automatically unpack information when it reaches its destination without the need for an auxiliary program.
4. Destruction of documents and traces over the Internet: with this option you can destroy a document or file without the possibility of recovering it. It uses a DoD 5220.22-M data shredder used by the US government. The same happens with the sites visited with our browser, it deletes absolutely everything without leaving traces.
5. IP to IP, Secure password transfer: through this module passwords can be transferred from one computer to another knowing your IP address.
6. Application blocking: it is possible to lock an application from running and leave it operational again using a password
Invisible Secrets 4 provides the following encryption algorithms (put excel table)
It uses an accessory called a Criptboard, a kind of container similar to the Windows Recycle Bin ™. In that container are available all the functions: hide, encrypt, decrypt, delete, self-extracting encrypted package.
When we talk about hiding information is that currently they can be saved and hidden within images or sound files, this seems to come out of a double zero agent movie.
The system allows you to run hidden and command key combinations to activate or deactivate them at any time. Within the options you can choose the encryption context, the standard data shredder or government level.
Many countries restrict encryption programs. It is advisable to read in advance if you are authorized in your country for the product to be legal. In some cases part of the encryption is allowed, if so, contact the support for the particular case.
There are other ways and methods to hide information such as Carrier. This is a file in which you can hide data using specific methods. Carriers are usually multimedia files, for example: images, sounds, web pages, networks.
IS provides five carriers: JPEG, PNG, BMP, HTML and WAV
JPEG and PNG carriers can be placed on a web page on par with other images and only the recipient can know which is the correct image and download it without revealing their identity. There are no limitations on data length for JPEG and PNG.
BMP carriers give the best security, but the data that can be hidden depends on the size of the BMP file. In this carrier, the least significant steganographic bit is used.
The WAV carrier is a sound file. This method is very safe but also depends on the size of it. It uses the least significant steganographic bit.
The HTML carrier is a hypertext file, Internet page. This one is very powerful, it has no restrictions on the length of the sensitive data, but a very large page always gives reasons for suspicion.
All of them can be sent through the email client.
It is important to note that in the conversion from one carrier to another it is possible that the data of the original carrier is lost, so the conversion of the software must be verified before making any move.
There is also the possibility of developing and implementing new carriers.
For its part, steganography is the art and science of hiding information by embedding messages within others, turning that data into apparent and harmless messages. It operates by replacing less significant bits or unused data on common computers, files such as sound graphics, texts, html or each diskette drive, all with bits of different invisible information. Hidden information can be plaintext, ciphertext, or images.
Unlike encryption, steganography cannot be detected and is used where encryption is not allowed, or is most commonly used to supplement it.
An encrypted file can hide information using steganography and if it is decrypted the hidden information cannot yet be seen.
Steganography literally means covert writing, and dates back to ancient Greece, where they were common practices. These consisted of hiding messages on tables by covering them with wax. The messengers peeled each other, a message was recorded and their hair grew and when they reached their destination they shaved them and read the message. Of course this took some time.
We also work with AES, short for Advanced Standard Encryption, a symmetric 128-bit block. This is a technique developed by Belgian cryptographers, Joan Daemen and Vincent Rijmen. The U.S. government adopted this algorithm since 2000 replacing the DES model.
Top ten 2009
The most important trends in IT security for this year according to what experts predict.
Mobile devices
1.On laptops (notebooks, netbooks) encryptions may become mandatory in government agencies and other organizations that store customer or patient data that must be pre-installed in new equipment. This will prevent the spread and concern that mobile data will be protected.
2.The theft and theft of smartphones has grown significantly and consequently the resale of them and their contents.
3.Governments seek more measures regarding open data, would increase penalties for crimes against private information.
4.Attacks on specific targets will increase, as in the case of government agencies, attacks generated from cyber cafes.
5.Worms in cell phones could infect at least a hundred thousand phones, jumping one at a time through wireless data networks.
Cell phones come increasingly powerful with applications rich in functionality in addition to improvements in their operating systems, this makes fertile ground for malware manufacturers that would potentially increase their sales.
6.Voice over IP, these systems will also be targets of attacks, this technology has not yet become aware of the security risks that lie ahead.
7.Spyware continues to grow excessively. The developers of this dilemma will make a lot of money with the distribution centers to come.
8.Vulnerability researchers will provide users with tools to establish insecure gaps in their computers.
9.Rootkits and bots on the rise, rootkits can change the operating system to hide an attack and the presence of malware being impossible to remove it without a clean operating system.
10.Network access control will be common and grow in sophistication. Large networks will protect their access from mobile computers in turn verifying them before entering the network from viruses and other malicious code.
Data protection is inversely proportional to the ease of use, it is often a matter of adapting to new schemes. Making an analogy with our home, as if we had several locks with several keys, we must remember every night to close one by one to have a medium protection, with the data the same thing happens, but researchers are improving the user interface to make it very simple, practical and as less cumbersome as possible.
We will expand in other articles the importance of a good backup (Backup), currently no one is exempt from losing information. That is why we will develop the experiences that different companies have had in the use of it with a success story.
The brands and products mentioned in this article belong to trademarks and registered products of their own companies, the programs and or systems analyzed have a license of use by which the scope and guarantees of the same are established. The information provided should only be used as a guide to improve safety. Thanks to SANS Org for the authoritative information, to Neobyte for its Invisible Secrets product.
If you want to contact the author write to the email [email protected]
Leave your comment