10 things you can do to make sure your data doesnt walk out the door, Database Articles, Global Guide Line Technology is a Mega IT Portal.
Google
Join Global Guide Line community

     Home                    

   First Website Guide       

   Learn HTML                 

   Learn CSS                    

 

   Learn XML                    

   Learn XSLT                  

   Learn Java Script          

   Learn SEO                   

   Learn SQL                   

   Database Articles         

   Web Hosting Guide      

   Services                       

   Contacts                       

10 things you can do to make sure your data doesn't walk out the door.
     Back             Next     

Hacker attacks that bring down the network get a lot of attention, so companies concern themselves with protecting against those threats. But if your organization is focusing on this type of security only, it a little like putting all your efforts into preventing a bomber from blowing up the building but neglecting to worry about the burglar who sneaks in through a back door and makes off with all your valuables.

Unfortunately, the same security precautions that prevent DoS attacks, viruses and worms, and other high profile attacks may not be addressing a much more insidious problem: theft of company data for corporate espionage or other purposes. Yet the disclosure of your trade secrets to a competitor or the release of private company information to the media could, in some cases, result in a much greater loss than network downtime.
 Lets look at what you should be doing to keep your data from walking out the door.

1: Practice the principle of least privilege

There are two opposing philosophies by which you can set your network access policies. The first, the all open policy, presumes that all data is available to everyone unless you explicitly restrict access. The second, the at least privilege policy, operates on the assumption that all data is off-limits to a given user unless that user is explicitly given access to it. The latter is like the need-to-know policies of government intelligence agencies: Unless a user has a demonstrated need to have access to a particular file, he or she can access it.

2: Put policies in writing

You may think it should be obvious that your employers are not to copy important company information and take it home or e-mail it outside the internal network without permission. However, unless you put such policies in writing and have workers sign for receipt, you may be hard pressed to penalize them for violating that policy. Unwritten rules are much more difficult to enforce.

Your policies should be specific and give examples of what prohibited. Workers may not understand, unless you spell it out, that e-mailing a company document as an attachment to someone outside the network (or even to their own home account) is just as much a violation of policy as copying that document to a USB drive and physically taking it out the door.

Wording of the policy, however, should make it clear that the prohibition is not limited solely to the examples you give.

3: Set restrictive permissions and audit access

The first step in protecting data is to set the appropriate permissions on data files and folders. It goes without saying that data on Windows networks should always be stored on NTFS-formatted drives so you can apply NTFS permissions along with any share permissions. NTFS permissions are more granular than share permissions and apply to users accessing the data on the local machine as well as over the network.

Give users the lowest level of permissions possible for them to get their work done. For example, give Read Only permissions to prevent users from modifying files.

You can also set up auditing on files and folders that contain sensitive data, so that you can see who accessed it and when.

4: Use encryption

Another advantage of storing data on NTFS-formatted drives is that you can apply Encrypting File System (EFS) encryption. EFS is supported by Windows 2000 and later operating systems and will prevent other users from opening the file even if they have NTFS permissions. With Windows XP/2003 and later, encrypted folders can be shared with other users by assigning them special permissions through the encryption dialog box.

One way data can be stolen is by stealing the entire computer, especially if it a laptop. With Vista Enterprise and Ultimate editions, you can use BitLocker full drive encryption to protect data in case of theft of the computer. Read more about using EFS and BitLocker to protect against data theft.

5: Implement rights management

Some data theft can be prevented by keeping the wrong people from being able to access that data using the methods above. However, what about theft by people that you need to give access to? You can use Windows Rights Management Services (RMS) and the Information Rights Management (IRM) feature in many versions of Office 2003 and Office 2007 to prevent users from forwarding, copying, and otherwise misusing e-mail messages and Office documents (Word, Excel, and PowerPoint files) that you send to them. Find out more about RMS/IRM

6: Restrict use of removable media

One of the most popular ways to sneak digital information out of an organization is by copying it onto some sort of removable media or device. USB thumb drives are inexpensive and easy to conceal, and high capacity SD, CF, and other flash memory cards can hold a huge amount of data. Users can also copy files to their iPods or other MP3 players or to CD or DVD writers. You can permanently restrict the installation of USB devices by removing the ports physically or filling them with a substance. You can also use software to disable the use of removable devices on each individual computer or throughout the network.

In Vista, you can restrict use of removable media (USB devices and CD/DVD burners) through Group Policy. For other operating systems, there are third-party products, such as Portable Storage Control (PSC) from GFI.

7: Keep laptops under control

Another way a user can make off with files is to connect to the internal network with a laptop or handheld computer, copy the files to its hard disk, and then take the computer off premises. You need to maintain control over what computers connect to your LAN, not just remotely but by plugging directly into a hub or switch onsite, as well.

You can use IPSec to prevent computers that are not members of the domain to connect to your file servers and other computers on the LAN.

8: Set up outbound content rules

Firewalls can do more than keep undesirable traffic out of your network. They can also keep specified traffic from leaving your network. Your data can walk out the door physically or can be sent out a virtual door via e-mail, peer-to-peer file sharing, etc. You can set up your firewall to block certain types of outbound protocols, such as those used by P2P software.

You can also set up your mail server to block sending of outbound attachments and block outbound content by keywords using content filtering appliances, software, or services such as:

9: Control wireless communications

Even if you block sending of certain types of data through your firewall or filtering systems, a determined person may be able to connect a company laptop to a different wireless network within range, one that does have blocking mechanisms in place. Or he or she might connect the computer to a cell phone that has Internet access and use the phone as a modem.

Keep track of wireless networks that may be available from your company premises and if possible, block their signals.

10: Beware creative data theft methods formats

Remember that your data can walk out in many different formats. A user can print out a document and carry it out in paper form or a thief can steal printed documents from trash cans if the paper has not been shredded. Even if you have implemented a technology such as rights management to prevent copying or printing documents, a person could take a digital or film photograph of the content onscreen or even sit and copy the information by hand. Be aware of all the ways your data can leave the premises and take steps to protect against them



     Back             Next     

 

[ About ] [ Contact ] [ Home ]
[ Links ] [ Site Map ] [ Services ] [ Privacy ]
Copyright © 2005-2006 www.globalguideline.com All rights reserved. Join Global Guide Line community.