Protecting Data Flashcards
Organizational Data
Data is the lifeblood of many organizations. It’s everywhere; on a storage drive, on the network, in a CPU. Protecting the data requires security policies and encryption. Also it must be controlled through user access/permissions.
Data Sovereignty
Data that resides in a country is subject to the laws of that country. Legal monitoring, court order, etc. Laws may prohibit where data is stored.
Data Masking
“Data obfuscation” - Hiding some of the original data, think about credit cards. ***8888. It protects personal information. The data may still be in the system but viewing it is controlled through permissions. There are different techniques; Substituting, shuffling, encrypting, masking out etc.
Encrypting Data
Original information is called “plaintext”. Encrypted is called “ciphertext”. If you have the proper key, they can be converted into one or the other. Encrypted data is meant to confuse as part of the encryption mechanism.
Diffusion
If you change one character of the input, the ciphertext completely changes.
Data at-rest
The data on a storage device is called Data At-Rest. Any data stored on a hard drive, SSD, flash drive, etc is data at-rest. Some of these storage devices may be entirely encrypted. It could be whole disk encryption, database encryption, or file or folder level encryption. Permissions should be applied to the data to ensure that only authorized users can access the data.
Data in-transit
Also known as data in-motion. This is data transmitted over the network. Data is moving between switches, routers, and different devices. Often the data is allowed using a firewall or intrusion prevention system (IPS). The data may be encrypted in transit via Transport Layer Security (TLS) or Internet Protocol Security (IPsec).
Data in-use
Data is actively processing in memory. (System RAM, CPU registers, and cache). The data is almost always decrypted. The attackers can pick the decrypted info out of RAM.
Tokenization
Replaces sensitive data with a non-sensitive placeholder.
-SSN 266-12-1112 converted to appear as 681-61-8539.
This is a common process used with credit card processing. It uses a temporary token during payment. The attacker captures a token that wont be able to be used later. This is not encryption or hashing. This process is completed using a third party Remote Token Service Server. The card is registered with the service server, the server sends a token to the device (mobile phone) and the token is used during checkout. The checkout system is also already in communication with the remote token service server and is able to take the token and verify it with the server.
Information Rights Management (IRM)
Microsoft Office documents or PDF’s that are “read only” or unable to make changes. The idea is simply to restrict access to unauthorized persons. Can prevent copy and paste, control screenshots, printing, restrict editing.