Computer Data Security
The information on this page is provided to supplement the leaflet on Computer
Data Security published by the Diocese of Ottawa. The data provided here is by
no means exhaustive. There are many other tools available that are not listed
and many of these are no doubt excellent. This page lists tools that are known
to the diocesan Communications Committee and considered to be of good
quality and reliability. As always, you must make sure that any software
you consider will meet your particular needs.
Your computer’s operating system may include some of these tools already, such
as a firewall, data encryption, and backup software. They will get the job
done but typically provide only basic functions.
The information is directed at PCs running Microsoft Windows operating system.
Other operating systems typically have fewer issues with malicious security
threats, such as viruses and Internet attacks. Threats such as disk failure are
common to all computers regardless of who makes them and which operating system
they run.
Microsoft provides security information and links to other software on its Security at Home
website.
Integrated Security Suites
These provide protection against a range of threats
related to viruses and Internet connections. The package typically includes one
year of virus definition updates, and additional updates require an annual fee.
The individual parts of the package, such as the virus scan component, can be
purchased separately.
McAfee Internet Security Suite
Norton Internet Security
PC-cillin Internet Security
ZoneAlarm
AntiVirus Software
Kaspersky Labs
Spyware Detection and removal
Microsoft
Windows AntiSpyware (Free)
SpywareBlaster
SpyBot
Search and Destroy
Backup Software & Hardware
Backing up data is like going to the dentist. Everyone knows they should do it
regularly but many put it off as long as possible. In fact, many people do
their first backup just after they recover from their first disk failure.
You can back up your files to many different media. With the current low price
of hard drives, they provide the most convenient and fastest backups. For true
security you should encrypt the data and keep a copy at a different site. Some
backup products store your files in a single large file and you will need to
have that software available to restore the data. Other programs simply create
a copy of the individual files—restoring data is as simple as copying the files
back to their original location.
If you back up to a removable medium, such as tape, make sure that you will
have access to replacement hardware and software if your system is damaged and
stolen. Tapes full of backups are useless if they cannot be read.
Why not simply copy all your files to another hard drive and not use any
special software? This works, but if you have a lot of data every backup will
take a long time. Backup software will only copy files that have changed,
considerably reducing the time required.
SmartSyncPro
NTI Backup
Genie Backup Manager
Encryption Software
Encryption software protects data even when someone has physical access to the
computer or media containing the data. Data encryption allows safe storage
and/or transportation of data. Products such as Winzip
allow you to package up a group of files for easy storage and transportation. Their main
use is to compress files to reduce their size but they often allow data to be
encrypted and password protected. Early versions of Winzip
would password protect data but are not considered very secure. You need a
recent version that includes AES encryption.
Windows XP Professional can encrypt regions of your disk drive. However, if you
have problems with your system and have to reinstall the operating system,
recovering the encrypted data will be impossible unless you have prepared for
that in advance. These preparations are complex.
Other products, such as Dekart Private Disk, provide
on-the-fly encryption of all your data. Dekart
Private Disk allows you to create a very large file that becomes a new drive
letter on your system. The data stored on that drive is encrypted and stored
within the large file. The encrypted data can only be created, accessed,
or modified after a password is entered and the drive mounted (i.e., made
accessible). Once the drive is mounted, accessing the data is the same as
accessing data on any other drive. If you use a hard disk for backup, you can
create a secure region on that disk as well and backup your data to it. This
provides security for the backup. The data on the encrypted drive can be backed
up either by mounting it (adding the drive letter to your system) and backing
up the files, or by unmounting it and backing up the
large file that forms the encrypted disk.
Encrypted data is only as secure as the password protecting it
Dekart Private
Disk
Winzip
Router Manufacturers
Routers are normally used to allow multiple computers to share an Internet
connection. They also provide an additional layer of isolation between the
computer and the hazards of the Internet. They are a good security investment,
even for a single computer. Routers can be purchased at most computer equipment
retailers who can also make recommendations. Some of the main router
manufacturers are:
Linksys
D-Link
Netgear
Many routers provide for wireless networking. Wireless networking can be made
secure but many systems offer little or no security without additional set-up.
Wireless is a good choice if you know how to make it secure—otherwise
use wired networks. A badly set up wireless network will allow other people to
use your Internet connection and have access to your computers.
An example of a secure system
The following outlines one possible way to make a
computer system secure:
·
Connects to the Internet through a router at all times;
·
Runs an anti-virus package that updates every day;
·
Firewall software installed and activated;
·
Requires users to login using username and password;
·
Users must set up a screen saver to activate when machine is not
used and requires password to clear screen saver.
·
Dekart Private Disk is installed on the system and used to create an
encrypted drive in a region of the main disk drive. The file containing the
encrypted drive is made small enough to fit on a single DVD for backup. All
user data is kept on the encrypted disk, including e-mail. The encrypted disk
must be mounted using a password every time a user logs onto the system.
Backups on this system are made to an external hard drive that has a second encrypted
region on it. Software such as Smart Sync Pro is used as
it creates an exact copy of the files on the main encrypted
drive. The backup encrypted drive is only mounted when a backup is
performed and unmounted immediately afterwards.
For offsite storage, the encrypted file is unmounted
and the large file that contains the data is copied to a DVD, along with the
installation files for the Private Disk software. If the original system and
backup are stolen or destroyed, the DVD can be used to install the software on
a different system and then mount the encrypted drive and copy the data. The
only additional information required is the password.
This approach to backups does not protect the computer operating system and
installed software. If the hard drive fails it would require
reinstallation of the operating system and software from the original media.
The user data would then be recovered from the backup media.