Download Introduction

Instructor’s Manual
Chapter 9
Data Protection
Answer Key
Introduction
1.
a) What is the difference between data and information?
Data are raw facts. Information is meaning extracted from data.
b) How can data be protected while it is being transmitted?
It can be encrypted (e.g., using a cryptographic system).
c) How can data be protected while it is being processed?
Data can be protected by making sure applications are securely coded and hosts
are hardened.
d) What are some ways that data can be attacked when it is stored?
It can be accessed by unauthorized persons, destroyed, copied without permission,
and taken outside the organization (i.e., data loss).
e) How can data be protected while it is being stored?
It can be properly backed up, encrypted, and when necessary, destroyed.
Restrictions on access to the data can also be implemented while it is being
stored.
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
Data Protection: Backup
The Importance of Backup
2.
a) List the ways in which data can be lost, adding some of your own.
Data can be lost by mechanical failure, environmental casualties, malware, lost or
stolen devices, and human error.
b) How does backup ensure availability?
Backup will ensure availability because you will still be able to access your files
from backup copies, even if your primary hard disk fails.
c) Have you ever had to use a backup to restore a file? Explain.
Student responses will vary.
Scope of Backup
3.
a) Distinguish between file/directory data backup and image backup.
File/directory data backup copies data (not programs, registry settings,
configurations). Image backup copies data and all those other things.
b) Why is file/directory backup attractive compared with image backup?
File/directory backup is more attractive compared to image backup because it
takes up less storage space and is much faster.
c) Why is image backup attractive compared with file/directory data backup?
Image backup is attractive because it requires minimal additional work to restore
a functioning, fully capable PC.
d) What is shadowing?
Shadowing frequently records a backup copy of each file actively being worked.
If there is a failure, little will be lost.
e) What is the advantage of shadowing over file/directory data backup?
The advantage of shadowing is that it allows for more current file changes to be
restored.
f) How is shadowing limited?
Shadowing is limited because when the capacity of the storage is exceeded, the
oldest files are deleted first.
Full versus Incremental Backups
4.
a) Why don’t most companies do full backup every night?
Full backups take a long time and thus companies usually only conduct full
backups weekly.
b) What is incremental backup (be precise)?
9–2
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
Incremental backups only back up data that has changed since the most recent full
backup.
c) A company does a full backup one night. Call this backup Cardiff. On three successive
nights, it does incremental backups, which it labels Greenwich, Dublin, and Paris. In
restoration, what backups must be restored first and second?
Cardiff, then Greenwich. (Dublin and Paris come next.)
Backup Technologies
5.
a) What are the advantages of centralized backup compared with local backup?
Centralized backup alleviates the key problems associated with local backup,
which are:
Limited ability to enforce backup policy
Limited ability to audit which computers were backed up per policy, how backups
were done, or how data was protected
b) Define CDP.
CDP is continuous data protection. This is where two sites back up each other.
c) Why is CDP attractive?
CDP is attractive because other sites can take over very quickly in case of a
disaster, with little data loss.
d) Why is it expensive?
CDP is expensive because ample bandwidth is needed between CDP sites to allow
the real-time backup of data.
e) Why is backup over the Internet to a backup storage provider attractive for client PC
users?
The main reason for this being attractive is because it is very convenient.
f) What security risk does it create?
There is the concern that the company owning the PC loses control over its data,
which is a very large security risk.
g) What is mesh backup?
Mesh backup is peer-to-peer backup onto other client computers. It sends backup
data in parcels to many other client PCs.
h) What are its technical challenges?
First, mesh backup operation must not slow down the computer on which packets
are being written or from which packets are being retrieved. Second, specific
client PCs are not always available for packet retrieval, so parcels need to be sent
out redundantly. The most difficult technical problem is security. When a client
PC receives a backup parcel, its user must not be able to read it, modify it, or
delete it.
i) Why is mesh backup desirable?
9–3
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
Mesh backup is desirable because it could make client PC backup automatic and,
thus, eliminate the human factor in failing to conduct regular backups. It also
utilizes corporate PC power that is often underused, compared to expensive
separate backup hardware.
Backup Media and RAID
6.
a) Why is magnetic tape desirable as a backup medium?
Magnetic tape can store vast amounts of data at the lowest cost per bit of any
backup medium.
b) Why is tape not desirable?
Tape is not desirable because it is painfully slow and there are many different tape
formats and readers (not much standardization like optical media).
c) Why is backup onto another hard drive attractive?
This method is attractive because it is a very fast method of backup.
d) Why is it not a complete backup solution?
This is not a complete solution because it could also be lost if a computer is stolen
or damaged in a fire. This method is also too expensive for long-term storage.
e) How can this limitation be addressed?
Many companies use a hybrid backup method, using additional hard drives for
storage for as long as possible, then transferring to tape at a pre-determined time
or data size.
f) How much data can be stored on a dual-layer DVD?
Up to 8GB
g) What is the advantage of burning backup data onto optical disks?
The advantage would be that almost all users have optical disk burners.
h) Is storing backups on optical disks for several years likely to be safe?
Probably not, because the life of optical disks is still unknown and is probably
short.
Disk Arrays—RAID
7.
a) How can disk arrays ensure data reliability and availability?
A system using an array of drives increases reliability because redundant data are
stored on multiple disks. Failure of a single drive in the array would not
precipitate data loss. An array of drives can also increase read-write performance.
Disk performance is increased because data can be written to, or read from,
multiple disks simultaneously.
b) Explain RAID 0.
9–4
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
A RAID 0 configuration increases data transfer speeds and capacity by writing
simultaneously to multiple hard disks. Writing data across multiple disks is
known as striping. The striped set of disks is fast, but offers no reliability. If one
of the drives fails, data on all disks are lost.
c) Explain RAID 1.
In a RAID 1 configuration, the client operating system writes data to both the
primary hard drive and the backup hard drive at the same time. No striping is
used, so data transfer speeds remain approximately the same. Storage capacity
also remains the same because the additional drive is just a mirror of the primary
drive.
d) Explain RAID 5.
A RAID 5 configuration stripes data across multiple disks to increase data transfer
speeds. Reliability is provided by parity bits that enable reconstruction of data
stored on other disks. A RAID 5 configuration can recover from a single drive
failure, but not a multi-drive failure.
Computing Parity
8.
9.
a) What is parity?
Parity bits enable reconstruction of data stored on other disks in case of failure.
Parity bits are stored on disks such that they can be used to reconstruct the
original parts of any lost disk in the array.
b) How does the XOR operator work?
The XOR parity bit will be a 1 if one or the other bits is a “1,” but not both bits
are 1s. The parity bit will be a 0 if both bits are either “1” or “0.”
c) How can parity be used to restore lost data?
Suppose Disk 3 (of 3) experienced complete failure. Data from Disk 1 (Part 1,
Part 3, and Parity 5 & 6), together with data from Disk 2 (Part 2, Part 5, and Parity
3 & 4) could be used to recalculate the lost data on Disk 3 (Part 4, Part 6, and
Parity 1 & 2). No data would be lost. After all calculations are done, the data on
new Disk 3 will be identical to the data before the fire.
d) How long would it take to recalculate the data on a lost disk?
It depends on the number of disks, size of the disks, read/write speeds, etc. It
could take anywhere from several hours to several days. Rebuild times vary
widely.
a) What are the advantages of RAID 5 over RAID 1?
A small amount of storage capacity is lost by storing the parity bits (RAID 5), but
it is much less than it would be if the entire array were mirrored (RAID 1). The
recovery/rebuild time on RAID 5 would be much longer than on RAID 1. No
recalculation of the lost data is necessary in RAID 1.
b) Which RAID level discussed in this chapter has the fastest read-write speeds?
RAID 0
9–5
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
c) Is RAID 5 appropriate for home users? Why, or why not?
RAID 5 would be great for home users, but it is likely too expensive and difficult
to configure. The tech-savvy end user could have a RAID 5 configuration at
home, but most end users won't.
Data Storage Policies
10.
a) What should backup creation policies specify?
Backup creation policies should specify what data should be backed up, frequency
of backups, restoration test intervals, and other related guidance.
Policies should address different types of data and computers to ensure the right
backup is provided for the resource.
b) Why are restoration tests needed?
Restoration tests are needed because if the data is important enough to spend
precious time and resources to backup, it needs to be available when called upon.
Not testing will almost guarantee some failure that could have been addressed
with simple testing.
c) Where should backup media be stored for the long term?
Backup media should be stored on another site.
d) What should be done about backup media until they are moved?
Backup media should be stored in a fireproof and waterproof safe until they are
moved.
e) Why is the encryption of backup media critical?
Encryption of backup media is critical because backup data can be lost or stolen.
Encrypting the data protects the company from expensive losses of PII or trade
secrets.
f) What three dangers require control over access to backup material?
The dangers of lost, stolen, or damaged backup material require control over
access to the data
g) If Person A wishes to check out backup media, who should approve this?
The manager of the person requesting media should approve the checkout.
h) Why are checkouts of backup media suspicious?
Checkouts of backup media are rare, so every checkout should be examined
carefully. There must be a valid operational reason for retrieving the backup
media.
i) Why should business units and the legal department be involved in creating retention
policies?
There are many business and legal requirements regarding the retention of certain
types of data; these departments should be involved in creating retention policies.
9–6
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
j) What should backup audits include?
Backups, like all other processes, require audits to make sure the established
policies are being followed. Backup audits should examine backups for
compliance with policy, including tracing what happened to samples of data that
should have been backed up.
E-Mail Retention
11.
a) Why is retaining e-mail for a long period of time useful?
Retaining e-mail is useful in that it provides a history to be searched.
b) Why is it dangerous?
It is dangerous because if it can be searched, info in the e-mail could be used
against you.
c) What is legal discovery?
Legal discovery is the process wherein a firm must provide records related to a
lawsuit, including e-mails.
d) What are courts likely to do if it would be very expensive for a firm to discover all of
its e-mail pertinent to a case?
Courts do not care; the firm will have to pay to get the e-mails recovered.
e) What can happen if a firm fails to retain required e-mail?
A firm can be fined or lose a lawsuit if they fail to retain e-mail.
f) What is accidental retention?
Accidental retention is when e-mail or other files are located on backup tapes
when they were thought to be deleted.
g) How long can third-party e-mail providers keep your e-mails?
Indefinitely
h) Is there a specific law that specifies what information must be retained for legal
purposes?
No, there are multiple laws that specify what information must be retained.
i) What two requirements in the U.S. Rules of Civil Procedure are likely to cause
problems for firms that do not have a good archiving process?
In the initial discovery meeting, which occurs shortly after a lawsuit begins, the
defendant must be able to describe what information it has and how it will provide
it. This requires a good in-place archiving system.
The firm must be able to put a hold on all destruction of potentially relevant
information if the possibility of a lawsuit is foreseen. It needs a good in-place
archiving system to be able to do this.
j) Why is message authentication important in an archiving system?
Without message authentication, there is no way to prove who sent a particular email.
k) Comment on a corporate policy of deleting all e-mail after 30 days.
9–7
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
Deleting e-mail after 30 days will inevitably get the firm in big trouble, fined, or
possibly losing lawsuits.
User Training
12.
a) Are e-mail messages sent by employees private?
No e-mails sent over corporate resources should be considered private.
b) What should employees be trained not to put in e-mail messages?
Employees should be trained not to say anything in e-mail that they would not
want to see in court.
Spreadsheets
13.
a) Why is spreadsheet security an IT security concern?
Spreadsheets are a major focus of new compliance regulations resulting from the
Sarbanes-Oxley Act of 2002. Spreadsheets are highly concentrated with PII and
are used for many proprietary financial calculations that would be disastrous to
have hacked or deleted. Also, manipulation of spreadsheets is a key technique of
criminals attempting fraud.
b) What two protections should be applied to spreadsheets?
Two protections are extensive testing for errors and fraud indicators, and the use
of spreadsheet vault servers.
c) Briefly list the functions of a vault server.
Spreadsheet vault servers offer the following:
• strong access control, authentication, authorizations, and auditing
• limited access to what a particular user can do and see in a spreadsheet
• extensive auditing
• version control of files
• cryptographic protection between PC and server
• active detection tools looking for policy violations
• strong management tools to state and update policies
d) Comment on vault server authorizations.
Vault server authorizations go beyond what a person can do with a file. They also
limit what files a user can see on the spreadsheet (like when the user can see
values in the cells but not the formulas that created them).
e) Describe vault server auditing.
Vault server auditing includes check in/check out of files and individual cell
changes. Individual cell change logs can be used for forensic analysis when
required.
9–8
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
Database Security
14.
a) What is a relational database? Explain.
Relational databases store their data in relations, commonly referred to as tables.
Entities are types of objects that represent persons, places, things, or events.
Entities are things (nouns) you want to store information about. Attributes, the
columns in the table, are characteristics (adjectives) about the entity that you want
to collect.
b) Why would a database administrator want to restrict access to certain tables?
For example, an accountant at a hospital would not need to see tables containing
patient medical records. Even though the accountant may be an honest and hardworking employee, his job does not require access to tables containing patient
medical records. Conversely, a medical doctor would not need access to tables
containing financial data.
c) Why would a database administrator want to restrict access to certain columns?
For example, only a few employees might be allowed to retrieve information in
the salary column. Other employees could read other attributes in the Employee
table, but not salaries.
d) Why would a database administrator want to restrict access to certain rows?
For example, access to employee data can be restricted to rows for each
department. Each department could view their own employee records, but not the
records for other departments.
e) How would limiting data granularity protect the underlying database?
For instance, in analyzing data for personnel, privacy concerns may restrict
searches to being no more detailed than sums and averages at the department
level.
f) What is a data model?
A data model consists of entity names, attributes, and the structure of
relationships between entities.
Database Access Control
15.
a) What is a DBMS?
Database management systems (DBMS) such as Microsoft SQL Server,
MySQL, IBM DB2, and Oracle can manage database structures, and restrict
access to individual databases.
b) Can a DBMS manage multiple databases? Why?
Yes, a DBMS (like Microsoft Access) can access many different databases. The
DBMS simply manages access to the database.
c) How can validation protect against a SQL injection attack?
9–9
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
Incoming data can be validated by making sure they are in the expected data type
(e.g., text, integer, or binary), size (e.g., 32 bits, 10 characters, or less than 5 KB),
or format (e.g., DD/MM/YY or (555) 555-5555).
d) How can sanitation protect against a SQL injection attack?
Incoming data can be sanitized to remove unacceptable characters that could be
used to manipulate the SQL statement.
Database Auditing
16.
a) What types of database events should be audited?
Logins, changes, warnings, exceptions, and special access should be audited.
b) How could SQL triggers be used to secure a database?
Triggers can also be used to implement audit policies and detect noncompliance
with security policies.
c) What is a DDL trigger?
Data Definition Language (DDL) triggers can be used to produce automatic
responses if the structure of the database has been altered.
d) What is a DML trigger?
Data Manipulation Language (DML) triggers can be used to produce automatic
responses if data have been altered.
e) What type of sensitive data exists at your organization?
Answers will vary.
Database Placement and Configuration
17.
a) What is a multi-tiered architecture? Why is it important?
A multi-tiered architecture separates the presentation (webserver), application
processing (middleware server), and database management (database server)
functions. It protects other layers by separating functions. If one layer is
compromised, it won't necessarily compromise the other layers.
b) How could a multi-tiered architecture stop or mitigate the effects of an attack?
A tiered architecture provides a greater level of protection to the database because
vulnerabilities or attacks on one layer won’t necessarily affect other layers. For
example, a DoS attack against the webserver won’t overwhelm the database
server and shut down the database.
c) Why is changing the default database listening port important?
Attackers use automated port scanners to look for databases running on known
default ports. Changing the default port can slow down an attacker.
Data Encryption
18.
a) Why is encryption usually attractive for sensitive data from a legal standpoint?
9–10
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
From a legal standpoint, loss of encrypted data comes with negligible risk of
exploitation and the costly responsibility to report lost unencrypted data.
b) How long must an encryption key be to be considered strong today?
An encryption key must be at least 8 characters long to be considered strong
today.
c) What happens if the encryption key is lost?
If the key is lost, this could be disastrous for the firm. People with legitimate
access will also be locked out.
d) How do companies address this risk?
Companies address the risk of lost encryption keys by holding copies of the keys
in escrow, either on-site or off.
e) Why is entrusting users to do key escrow risky?
The user may not do it, or may not be able to find it, and if fired, may refuse to
give it up, locking up all the data on the computer.
f) In what sense is encryption usually transparent to the user?
Encryption is usually fully transparent to the PC user. As long as you know the
password for your computer, you can work with encrypted directories and files
exactly as you do with unencrypted directories and files.
g) Why is this attractive?
It is attractive because once the user is logged in, he or she can see all encrypted
data.
h) Why is this dangerous?
Encryption is only as good as the security of accessing a computer. If a computer
is poorly secured with inadequate or no passwords, encryption will not matter if
the attacker has full access to the PC.
i) What must users do to address this danger?
Users must have strong login passwords.
j) How does encryption make file sharing more difficult?
File sharing requires files to be unencrypted prior to sharing; adding encryption
adds another step to the file sharing processes.
Data Loss Prevention
19.
a) What is Data Loss Prevention (DLP)?
Data loss prevention (DLP) is a set of policies, procedures, and systems designed
to prevent sensitive data from being released to unauthorized persons.
b) Are there some types of data that are too risky to collect?
9–11
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
Yes, healthcare records, credit card information, or social security numbers (SSN)
may have additional legal requirements related to proper storage and handling.
Loss of these data may lead to enormous liabilities. The potential cost of being
sued may outweigh the benefit of having them on file.
c) In your judgment, do most organizations adequately protect their data? Why?
Student answers will vary.
d) What is PII? Please give a couple examples of PII.
Personally identifiable information can be used to uniquely identify a person.
Examples include name, SSN, driver license number, tax ID number, address,
photo, etc.
e) What is data masking?
Data masking obscures data such that it cannot identify a specific person, but still
remains practically useful.
Web Scraping with Yahoo Pipes
20.
a) Could web scraping be a threat to a corporation? Why?
Yes, a competitor could use web scraping to harvest product information, pricing,
recommendations, etc. This could result in a lost competitive advantage.
b) What are mashups? Give an example.
Mashups combine content from multiple websites. Student answers will vary. One
example would be Google Maps and real estate listings.
c) What is the difference between a spider and a web scraper?
Spiders or crawlers navigate the Web by following hyperlinks from one page to
another. Web scrapers, or web data extractors, extract only small parts from
webpages, and then aggregate the extracted data from various webpages.
d) Is web scraping ethical, legal, criminal? Why?
There are some unresolved legal issues related to web scraping. While web
scraping may be against the terms of use of some websites, we don't know if it is
illegal or not. It's also unclear whether or not it is ethical.
Information Triangulation
21.
a) How are linking attributes used to connect disparate databases?
Attributes from one database match, or closely match, attributes in a second
database. For example, a person’s name from a public voter list could be
associated with medical data through linking attributes.
b) Explain information triangulation?
Data from multiple sources can be combined to identify individuals in a form of
information triangulation. The combination of two compliant “anonymous”
datasets can be used to create a third dataset that is noncompliant, and possibly
against the law.
9–12
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
c) What are the odds of correctly identifying a person based on their ZIP code, date of
birth, and gender? Why?
Professor Latanya Sweeney at Carnegie Mellon University combined data from a
public voter list with seemingly anonymous medical data. She found that it was
possible to correctly re-identify 87 percent of individuals using ZIP code, birth
date, and sex.
d) What is profiling?
Profiling uses statistical methods, algorithms, and mathematics to find patterns in
a dataset that uniquely identifies an individual.
Document Restrictions
22.
a) What is DRM? Give an example of how DRM works.
Digital Rights Management restricts what people can do with certain types of
data, such as copyrighted material. Examples may include music, books, pictures,
etc.
b) Why is DRM desirable?
DRM is desirable because it can be used to protect trade secrets, sensitive
personal data, and copyrighted material.
c) Give some examples of use restrictions that a company may wish to impose on a
document.
A firm may only allow a person to download a document but not save it locally,
print it, change it, or take other actions.
d) How can many DRM protections against unauthorized printing be circumvented?
If the information appears on the screen, screen capture software can make a copy
to be put in another file for saving, printing, and other undesired actions.
e) What is the purpose of data extrusion management?
Data extrusion management attempts to prevent restricted data from leaving the
firm without permission.
f) How can DLP systems be effective when placed at the gateway, on clients, and on a
database server?
DLP systems can filter all incoming and outgoing content including e-mail,
instant messaging, FTP transfers, unapproved webmail, and so on. Client content
can be scanned before data are sent. This would prevent illicit content from being
passed across the local network. DLP systems can actively search out, tag, and
monitor sensitive data anywhere on corporate databases. They can also monitor
access to sensitive data.
g) What is watermarking?
Watermarking is adding invisible information to a file that can be used to identify
the source.
h) In what two ways can watermarking be used in data extrusion management?
9–13
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
Files can be watermarked for internal use only, and these files can be filtered out
if attempts are made via e-mail attachments, FTP, or other means to send them
outside the firm.
Also, each copy of a file can be given a different watermark. If a file is extruded
to the outside world and then found again, the file can be traced back to its first
receiver through the file’s specific watermark.
i) Why is it desirable to prevent a computer from working with removable media?
It is easy to steal data through removable media.
j) Why should restrictions on removable media be enforced technologically?
Non-technological restrictions on the use of removable media are almost
impossible to enforce.
k) Why have document protections not been used heavily in organizations?
They are very difficult to enforce and companies usually restrict access and
functionality from documents in uncomfortable ways.
Employee Training
23.
a) Why do employees have to be trained about data security?
Yes, most employees must be trained on data security policies and procedures.
Oftentimes, employees are unaware that they are violating data security policies.
They may be unaware of how their actions could lead to data loss.
b) Do you know someone who has posted information about work on their blog or social
networking site? Was it positive or negative?
Answers will vary. It's not uncommon for most students to say that they know
someone who has posted negative comments about their employer.
c) From a security point of view, do you think social networking sites have made
corporations more, or less, secure?
Answers will vary. In general, social networking has improved communication
and connected people in unique ways. However, it has also created unique
security problems that did not previously exist. In this sense, it has made it less
secure.
Data Destruction
24.
a) Why is it important to destroy data on backup media and PCs before discarding them
or transferring them to someone else?
If they contain sensitive information, this information may be used subsequently
by unauthorized parties.
b) What is the difference between basic file deletion and wiping?
Basic file deletion happens when you empty the Recycle Bin. The pointers
referring to certain sectors are removed, but the data in those sectors remain. Only
the reference to the sectors has been removed. The file has been logically, but not
physically, removed. Wiping, or clearing, is logically and physically erasing data
9–14
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
so that it is unrecoverable. Even recovery software cannot restore files if they
have been securely deleted. The hard drive remains usable, but prior data cannot
be recovered.
c) Is it safe to wipe a hard disk and then give it to someone else? Why, or why not?
Yes, secure file deletion, known as wiping or clearing, is logically and physically
erasing data so that it is unrecoverable. Even recovery software cannot restore
files if they have been securely deleted. The hard drive remains usable, but prior
data cannot be recovered. You could safely give it to someone else without
worrying about them recovering your data.
d) What does degaussing do?
It demagnetizes the media.
e) Name some effective methods of data destruction?
Media can be shredded, melted, or degaussed (demagnetized).
f) How can optical disks be destroyed?
The best way to destroy an optical disk is to destroy it physically. It is
recommended to run a disk through a shredder.
Conclusion
Thought Questions
1.
2.
3.
4.
Is there data in your organization that should be encrypted, but isn’t? Why?
Answers will vary. Typically, most organizations contain at least some data that
they feel should be encrypted, but isn't. It's usually not encrypted because they 1)
don't make the time to encrypt the data, or 2) don't know how to encrypt it. Most
wish there was an automated way of encrypting important data.
Could you get enough information from the Internet to take out a loan in another person’s
name?
Typically not, unless it is stolen. Enough data can be stolen through the Internet to
perform identity theft many times over. However, taking out a large loan usually
requires a photo ID (e.g., driver's license), SSN, and an in-person interview.
These are substantial barriers, but not impossible to overcome.
How much data would you lose if your computer’s hard drive crashed right now? Could
you reduce the amount of data that would be lost? How?
Answers will vary. A small number of students do weekly backups. A fairly large
portion of students do backups once a month, or every couple of months. Another
group will fall into the category of never having performed a backup.
What effect do you think cloud computing will have on data security?
Answers will vary. Some students will argue that data security will be better with
cloud computing because systems administrators who manage the cloud will have
9–15
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
5.
6.
more experience at securing data. Others will argue that it creates a single point of
failure. One weakness in the cloud will expose an enormous amount of data.
What do you think the impact of social networking will have on data security? Provide
your reasoning.
Answers will vary. Most students will respond that social networking will create
more data security problems. For example, attackers can learn your date of birth if
your friends post happy birthday messages that can be seen publicly.
Why do so many data thefts originate from outside the victim’s host country (Hint:
Extradition)?
Many countries won't, or can't legally, extradite their citizens for computer-based
crimes. Criminals know this and take full advantage of the fact that they won't be
prosecuted. Some of the data thefts may be state-sponsored.
Hands-on Projects
NOTE: Screenshots for individual students will vary.
PROJECT 1
TrueCrypt® makes securing your private files easy. Using TrueCrypt you can create a mountable
drive from part of your existing hard drive. The new drive is then fully encrypted. You can just
drag-and-drop your files into this new drive.
Once you are done accessing your files you just unmount the drive with TrueCrypt. It
will then look like a normal file (albeit a big one). All your data is safely encrypted. You can
mount the drive again with TrueCrypt to access your files.
The ability to move files directly to another drive without having to enter a password for
each individual file saves a lot of time and effort. TrueCrypt is a great solution if you are
working with a large volume of files that require encryption. Let’s go through a quick example.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Download TrueCrypt from http://www.truecrypt.org/downloads.
Click Download for the version of your operating system (i.e., Windows).
Click Save.
If the program doesn’t automatically open, browse to your download directory.
Right-click the executable you downloaded and select Run as administrator.
Click I Accept, Accept, Next, Install, OK, No, and Finish.
Double-click the TrueCrypt icon on your desktop.
Click Tools, and Volume Creation Wizard.
Click Next, Next, and Select File.
Browse to your My Documents directory.
Select any text file with your name showing in the file name. (You can create one if
necessary. In this case, it was RandyBoyle.txt.)
12. Click OK.
13. Take a screenshot.
14. Click Next.
9–16
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
Enter 20 MB for the size of the container.
Click Next.
Enter a password that you can remember. (In this case, “tiger1234” without quotes.)
Click Next, Format, Yes, OK, and Exit.
Click on the Q: drive in TrueCrypt. (You can select any available drive.)
Click Select File.
Browse to your My Documents directory.
Select the text file you chose earlier. (In this case, RandyBoyle.txt.)
Click Open.
Click Mount.
Enter the password you chose earlier.
Click OK.
Open Windows Explorer.
Drag-and-drop any file from your My Documents directory to the newly created drive. (In
this case, the Q: drive.)
Take a screenshot.
Close Windows Explorer.
Back in TrueCrypt click on the Q: drive.
Click Dismount.
Open Windows Explorer.
Browse to your My Documents directory.
Note the size of the text file you selected earlier. (In this case, RandyBoyle.txt is now 20
MB.)
Take a screenshot showing your new text file.
PROJECT 2
After people learn that all of the files they have deleted in the past could be recovered they only
want to know one thing − how to permanently delete those files. It’s not that they are trying to
hide anything. They may just want to protect their privacy.
File shredders permanently delete files so they are unrecoverable. Some file shredders
can permanently delete files that are still recoverable. They do this by "wiping" the free space on
the hard disk. Free space may contain files that were not securely deleted.
Individuals and companies also need to make sure all confidential data are deleted from
hard drives before they dispose of them. Recovering files from discarded hard drives is
extremely easy to do. Eraser® will delete any files on your hard drive that were not securely
deleted. It will not delete any existing data. It only wipes the free space.
1. Download Eraser from http://eraser.heidi.ie/.
2. Click Downloads.
3. Click on the latest stable build. (At the time of this writing, it was Eraser 6.0.10.)
4. Click Save.
5. Select your download folder.
6. If the program doesn’t automatically open, browse to your download folder.
7. Right-click the Eraser executable file you downloaded.
9–17
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
8. Select Run as administrator.
9. Click Next, Accept, Next, Typical, Install, and Finish.
10. Click Start, All Programs, and Eraser. (You can also click on the Eraser icon that was put on
your desktop.)
11. Right-click the empty Eraser table and select New Task.
12. Click Add Data.
13. Select Unused disk space.
14. Select the drive you want to clean. (A small USB works faster than your hard drive.)
15. Click OK, and OK.
16. Right-click the task labeled "Unused disk space."
17. Select Run now.
18. Double-click the task labeled "Unused disk space" to see the progress of the wiping.
19. Take a screenshot while it is running. (If it takes too long, you can click Stop. If you selected
your C: drive, it will take hours to complete.)
20. Open Windows Explorer (i.e., your file browser).
21. Browse to your downloads folder.
22. Right-click any file you want to delete. (You can select any of the prior downloads.)
23. Select Eraser, and Erase.
Project Thought Questions
1.
2.
3.
4.
5.
6.
What would you see if you opened the text file you used in this project?
It is full of jumbled up characters.
What is the purpose of a “hidden” volume? (This was an option when you created the
first volume.)
In case you are forced to open your encrypted drive, you could give a fake
password and it would open a secondary “hidden” volume showing the files you
chose. This is for the truly paranoid.
What are keyfiles and how do they work?
The TrueCrypt website states, “Keyfile is a file whose content is combined with a
password (for information on the method used to combine a keyfile with
password, see the section Keyfiles in the chapter Technical Details). Until the
correct keyfile is provided, no volume that uses the keyfile can be mounted.” This
will stop a criminal even if they use a keylogger to get your password. Without
the keyfile, they won’t be able to access your encrypted drive.
Can TrueCrypt encrypt an entire drive (e.g., an external hard drive)?
Yes, it can easily encrypt an external hard drive. You can keep all your data from
prying eyes even if they have administrator-level privileges on your machine.
What methods does Eraser use to “shred” the files?
It overwrites the file with multiple passes. There are multiple methods for erasing
files. The DOD 5220 standard is typically sufficient.
Can you right-click any file and shred it directly (or securely move it to another
directory)?
9–18
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
7.
8.
Yes, you can right-click on files and delete them directly.
Why does it take so long? Could it go faster?
Yes, it could go faster if you select a different protocol.
Why isn’t this functionality included with Windows?
It’s not clear exactly why it’s not included as part of Windows. Most users
actually believe their files are permanently deleted when they empty the recycle
bin. It might be helpful not to permanently delete files because users may need
them recovered later.
Case Discussion Questions
1.
2.
3.
4.
5.
6.
How should a corporation respond to a large-scale loss of customer data?
Once a corporation realizes that they have experienced a large-scale data loss,
they should immediately contact law enforcement, forensic computer examiners,
and then their customers. They should be open and forthright about how the loss
occurred, the steps they are taking to mitigate its effects, and efforts that are
underway to keep it from happening again.
How might a corporation be hurt by acknowledging a large-scale data loss?
Many corporations fear the reputational damage that might be done if they admit
to a large-scale data loss. Consumers may perceive that the company has weak
security protections in place to safeguard their data. As a result, consumers may
cease to do business with that company.
As data loss admissions become more widespread, how would they affect consumers’
willingness to share information with corporations?
Consumers may become weary of sharing their confidential information with
corporations if they see widespread data losses occurring. They may choose to
give corporations false, or “dummy,” information about who they are. Or they
may perceive the relationship as too risky and simply cease using the service.
How should a corporation decide the appropriate level of resources to devote to securing
its data?
A good guide to understanding the appropriate level of resources to allocate to
securing corporate data is to look at existing regulation requirements. For
example, if a company stores credit card information, they will need to adhere to
PCI-DSS standards. If they store patient information, they will need to adhere to
HIPAA standards. They should also consider following industry best practices for
their respective industry. Certain corporations may need to take additional
precautions if they are in an industry that is a prime target for cyber espionage by
external nation states.
Why is the healthcare sector such a big target for data thieves?
Healthcare data often contain all the information necessary to initiate identify
theft. Healthcare records often contain names, addresses, dates of birth, social
security numbers, credit card numbers, etc.
Why are corporations worried about insider threats with respect to data loss?
9–19
Copyright © 2015 Pearson Education, Inc.
Chapter 9: Data Protection
Corporate Computer Security, 4th Edition
Randall J. Boyle and Raymond R. Panko
7.
Corporations are especially concerned about insider threats because of the access
they have to corporate data. Insiders can easily extricate (steal) large amounts of
data without being noticed. They know the systems, procedures, logs, and may be
motivated to steal the data.
Why have the incidents of data loss seen a rise in the past few years?
Following a fall in reported incidents in 2009-2010, the trend reversed with a
higher number of incidents reported in 2011, and total incident numbers in 2012
almost returning to 2008 levels. This could be explained by a maturing regulatory
environment in which incidents are being identified and monitored more
thoroughly. But it is also likely to be a result of the dramatic increase in the
sophistication and variety of attacks we have seen in the last 18 months.
Perspective Questions
1.
2.
What was the most surprising thing you learned in this chapter?
Student answers will differ.
What part was the most difficult for you?
Student answers will differ.
9–20
Copyright © 2015 Pearson Education, Inc.