CEHv6 module 55 preventing data loss

Trang 1

Ethical Hacking and CountermeasuresVersion 6

Module LVPreventing Data Loss

Ethical Hacking and Countermeasures v6

Module LV: Preventing Data Loss

Exam 312-50

Trang 2

News

Source: http://ap.google.com/

 News

Personal Data Lost on 650,000 Credit Card Holders

A data loss has been reported by GE Money, which maintains credit card operations for JC Penney and many other retailers The missing information includes Social Security numbers of more than 150,000 people

The credit card information that was stored on a backup computer tape, stored at a warehouse run by Iron Mountain Inc., was found missing

But according to Richard C Jones, a spokesman for GE Money, there was "no sign of theft or anything of that kind happened," and no proof of fraudulent activity on the accounts has been found

Trang 3

Module Objective

• Data Loss

• Causes of Data Loss

• How to Prevent Data Loss

• Impact Assessment for Data Loss Prevention

• Tools to Prevent Data Loss

This module will familiarize you with:

Module Objective

This module will familiarize you with:

 Causes of Data Loss

 How to Prevent Data Loss

 Impact Assessment for Data Loss Prevention

 Tools to Prevent Data Loss

Trang 4

Module Flow

Causes of Data Loss

Tools to Prevent Data Loss

Impact Assessment for Data Loss Prevention How to Prevent Data Loss

Data Loss

Module Flow

Trang 5

Introduction: Data Loss

Data loss refers to the unexpected loss of data or information

Backup and recovery schemes must

be developed to restore lost data

Data loss refers to the unexpected loss of data or information Data can be lost by any one number of issues, such as application errors in the software, configuration errors, physical damage of the system, or the accidental deletion of data by the user

Organizations should follow the policy of backing up their critical data at regular intervals A backup and recovery policy should be implemented within the organization so that employees follow the procedure to safely retrieve the lost data in the event of a disaster

Trang 6

Causes of Data Loss

• Intentional deletion of a file or program

• Power failure, resulting in data not being saved to permanent memory

• Hardware failure, such as a head crash in a hard disk

• A software crash or freeze, resulting in data not being saved

• Software bugs or poor usability, such as not confirming a file delete command

• Data corruption, such as filesystem corruption or database corruption

Failure

Causes of Data Loss (cont’d)

• Theft, hacking, sabotage, etc.

• A malicious act, such as a worm, virus, hacker, or theft

The data can be lost due to some failures in the system or any corruption in the files Data can be lost due

to the following failures in the system:

 When the data is in the process of saving and the power is off

 Hardware failure when there is a headcrash in the hard disk

 An operating system failure that results in file system corruption or invalid file directories

 Any software failure due to some bugs or improper installation

Trang 7

Trang 8

How to Prevent Data Loss

• Back-up critical files: Backup regularly using windows in-built backup utilities or use any backup tool

• Run Anti-Virus Program: Install Anti-Virus Software and run them regularly to cleanup your Computer System from Viruses & Trojans

• Use power surge protectors: A power surge, is one of the most common occurrences that can damage data and potentially cause a hard drive failure

• Experience required: Never attempt any operation, like hard drive installations or hard drive repairs, if you do not have such skills

• Shut down your computer: Always quit programs before shutting down the computer

• Never shake or remove the covers on hard drives or tapes

• Store your backup data offsite: Use Tape Drives, Compact Disk(CD),and Floppy Drives to Store your backups

• Be aware of your surroundings: Keep your computers and servers in safest and secure locations

Tips to prevent Data loss:

When the data is lost, there are some recovery techniques, which, if followed, will help in retrieving the lost data

The tips to prevent data loss are as follows:

 Backup the critical files: Backup critical files at regular intervals using inbuilt software in the OS

or external third party applications

 Run antivirus to check for viruses and Trojans: Run antivirus programs to check the sanity of the data and other system files

 Use power surge protectors: There is a chance of hard disk being corrupted incase of power fluctuations Use power surge protectors to protect the computer from such power failures

 Experience required: Always seek expert advice while installing any applications or modifying the files It is recommended that an expert should be called in to sort out issues related to operating systems

 Shut down your computer: Ensure that the programs/applications running on the system are closed before you shut down the computer

 Avoid physical shocks on the system while it is switched on

 Store your backup data offsite: An alternative of storing the backup data other than system are devices such as compact disks (CDs), floppy drives, or removable devices

 Be aware of your surroundings: Keep the system and server in a secured and safe location away from the heat

Trang 9

Impact Assessment for Data Loss

Prevention

Source: http://www.informationweek.com/

Trang 10

Tools to Prevent Data Loss

Trang 11

Security Platform

BorderWare Security Platform removes the need to deploy a new device to protect against new messaging applications by integrating Email, IM, and Web security with a single policy and single security platform

It is a content monitoring and filtering tool which prevents data leakage

• Consolidated content monitoring and filtering to prevent data leakage

• Comprehensive, stronger security for Email, IM, and Web

• Reduced time, effort, and costs with a set-and-forget policy management approach

• On-demand scalability and flexible deployment

• Modular approach enables enterprises to buy what they need now and add

 Comprehensive, stronger security for email, IM, and web

 Reduces time, effort, and costs with a set-and-forget policy management approach

 Consolidated content monitoring and filtering to prevent data leakage, enforce corporate compliance, and ensure acceptable web use

Trang 12

Check Point Software: Pointsec

Source: http://www.checkpoint.com/products/datasecurity/index.html

Pointsec data encryption solutions by Check Point provide data protection on laptops, PCs, mobile devices, and removable media By leveraging a strong and efficient blend of full disk encryption, access control, port management, and removable media encryption, Pointsec solutions deliver comprehensive data security

Trang 13

Trang 14

Trang 15

Content Inspection Appliance

The Code Green Network’s line of Content Inspection Appliances is a solution for protecting customer data and safeguarding intellectual property

It provides a complete solution for preventing the loss of personal information across the network

• Monitors, enforces, and audits all popular Internet communication channels including email, WebMail, IM, FTP, and online collaboration tools (such as Blogs and Wikis)

• Automatically encrypts sensitive email messages according to policy

• Deploys quickly with pre-defined policy templates

• Demonstrates and manages compliance using policy and incident management capabilities

Features:

 Code Green Networks line of Content Inspection monitors, enforces, and audits all popular Internet communication channels including email, web mail, IM, FTP, and online collaboration tools (such as blogs and wikis)

 It automatically encrypts sensitive email messages according to the policy

 It deploys quickly with pre-defined policy templates

 It demonstrates and manages compliance using policy and incident management capabilities

Trang 16

CrossRoads Systems: DBProtector

It provides database security at a logical business policy level and stops 'authorized misuse' of database information

DBProtector provides policy-based intrusion detection, prevention, and compliance auditing

DBProtector sits in the data path and inspects SQL statements before they reach the database

• Inspects database activities

• Enforces security policies

• Alerts on suspicious activities

• Captures audit trails for compliance reporting, security forensics, and electronic discovery

• Provides separation of duty between security personnel and database/network administrators ensuring regulatory compliance

Features:

 Crossroads Strongbox DBProtector inspects database activities

 It enforces security policies

 It gives alerts on suspicious activities

 It captures audit trails for compliance reporting, security forensics, and electronic discovery

 It provides separation of duty between security personnel and database/network administrators ensuring regulatory compliance

Trang 17

Trang 18

DeviceWall

• Preventing the transfer of files to or from unauthorized portable devices

• Automatically encrypting data copied to approved devices

• Providing complete audit trails of device and file accesses

DeviceWall protects data, both on and off the network, by:

DeviceWall prevents unwanted data transfer to or from portable devices such as USB flash drives, iPods, PDAs, and wireless connections by automatically enforcing security policies

User access can be blocked, limited to read-only, or left unrestricted according to individual’s security privileges and device type in use

Source: http://www.devicewall.com/pro/

DeviceWall protects the data, both on and off the network, by:

 Preventing the transfer of files to or from unauthorized portable devices

 Automatically encrypting the data copied to approved devices

 Providing complete audit trails of device and file accessed

Trang 19

Trang 20

Exeros Discovery

Exeros Discovery software automates discovery and maintenance of business rules, transformations, hidden sensitive data, and data inconsistencies across structured data sources

It uses a unique technology of data-driven mapping to replace the traditional manual process of analyzing source data and mapping it to another data set

• Discovery Studio: A graphical user interface for data analyst to view data, maps, and transformations discovered by Discovery and to edit, test, and approve any remaining data maps and business rules

• Discovery Engine: Multiple, scalable, and high-performance engines that automatically discover business rules, transformations, sensitive data, and data inconsistencies

Exeros Discovery has two main components:

Source: http://www.exeros.com/html/products.asp

Exeros Discovery software automates the discovery and maintenance of business rules, transformations, hidden sensitive data, and data inconsistencies across structured data sources It uses a unique technology

of data-driven mapping to replace the traditional manual process of analyzing source data and mapping it

to another data set Using Discovery, there is involvement of lower risk and costs, faster deployment, and greater completeness and accuracy for any data relationship management project

It has two main components:

 Discovery Studio: A graphical user interface for the data analyst to view data, maps, and transformations discovered by Discovery and to edit, test, and approve any remaining data maps and business rules

 Discovery Engine: Multiple, scalable, and high-performance engines that automatically discover business rules, transformations, sensitive data, and data inconsistencies

Trang 21

Trang 22

• Media players, including iPods, Creative Zen, and others

• USB drives, Compact Flash, memory cards, CDs, floppies, and other portable storage devices

• PDAs, BlackBerry handhelds, mobile phones, smart phones, and similar communication devices

• Network cards, laptops, and other network connections

GFI EndPointSecurity allows administrators to actively manage user access and log the activity of:

Source: http://www.gfi.com/endpointsecurity/

GFiEndPointSecurity prevents data leakage/theft by comprehensively controlling access to portable storage devices with minimal administrative effort It prevents the introduction of malware and unauthorized software on the network It gives administrators greater control as they are able to block devices by class, file extensions, physical port, or device ID It allows administrators to grant temporary device or port access for a stipulated timeframe

It allows administrators to actively manage user access and log the activity of:

 Media players, including iPods, creative Zen, and others

 USB drives, CompactFlash, memory cards, CDs, floppies, and other portable storage devices

 PDAs, BlackBerry handhelds, mobile phones, smart phones, and similar communication devices

 Network cards, laptops, and other network connections

Trang 23

Trang 24

Trang 25

GuardianEdge Data Protection

Platform

GuardianEdge Data Protection Platform consists of GuardianEdge applications for hard disk encryption, removable storage encryption, and device control

Framework also provides a common infrastructure and common administration of services

Features:

Whole-disk encryption Transparent to end-users Enterprise-ready

 It delivers strong pre-boot user authentication and full-disk encryption

 It provides access and usage control for PC peripheral ports and removable media outlets

 It encrypts flash memory cards, portable hard drives, and other storage devices

Trang 26

ProCurve Identity Driven Manager (IDM)

ProCurve Identity Driven Manager configures security and performance settings based on user, device, location, time, and client system state

IDM provides network administrators with the ability to centrally define and apply policy-based network access rights that allow network to automatically adapt to the needs of users and devices as they connect

It allows network administrators to efficiently manage the users and devices connecting to their network

Source: http://www.hp.com/rnd/products/management/idm/overview.htm

ProCurve Identity Driven Manager, a plug-in to ProCurve Manager Plus, dynamically configures security and performance settings based on user, device, location, time, and client system state IDM provides network administrators with the ability to centrally define and apply policy-based network access rights that allow the network to automatically adapt to the needs of users and devices as they connect, thereby enforcing network security while providing appropriate access to network users and devices IDM is a powerful tool that allows network administrators to efficiently manage the users and devices connecting

to their network

Trang 27

Tiêu đề	Preventing Data Loss
Trường học	EC-Council
Chuyên ngành	Cybersecurity
Thể loại	study guide

Định dạng
Số trang	55
Dung lượng	2,56 MB