Encryption used to be the mainstay of military and other government agencies who need to secure the information they handled preventing anybody who may get access rendering the information useless. Everybody knows about it yet not many use it for the protection of their vital information stores, why? Well there are a hundred reasons why people mistrusts such an extreme measure as encrypting data and one is reliability of technology on which it is used on. Computers as we know have become cheaper and cheaper that has been good on one side but it also raises the risk of failure due to cheaper parts and higher risk for data loss due to failure. I know a lot of people would be going against me on this one but if you have experienced a hard disk crash during my many years of computer use and association with them in my previous line of work as a technical support supervisor, you’d know what I mean.
The technology we have today is of the highest level of quality and technological complexity of the computers I started to work with (386’s and 486’s) but the robustness of these gadgets and gizmos we call peripherals are still quite low except for the extreme types that are too expensive for the ordinary user to afford. Imagine a failed motherboard that has fried circuits, no problem for the hard disks are seldom affected by such incidents. Get the board out and swap it out and you connect the hard disk and you have your data available. Imagine you have a failure in the hard drive itself; you get some software and try to recover that information hoping you get enough of the sensitive files your boss needs in the morning. Now, imagine having a hard disk that was encrypted and had some of its sectors rendered useless, now that’s a nightmare for the encrypted data is useless with the key and the code stored into the hard disk itself.
Government Laptops and Computers get encrypted
Due to the recent problems associated with the loss of government laptops and security breaches such as the incident where the laptop of a Federal Trade Official was reported to have been compromised by reportedly Chinese operatives while on a trip overseas, the US Federal government has begun to encrypt their laptops in hopes of bolstering their security to prevent such security risks in the future. Let us just hope that they do it fast enough for no one wants to get their personal and financial information released online or obtained by enemies of the state (terrorists in layman’s terms). Of the estimated 2 million laptops the US government and the many agencies have, only 800,000 have had the encryption system developed by the Department of Defense and the General Services Administration.
Encryption is one of the most secure way pf keeping data safe from unauthorized access which renders them useless without the proper software or security keys. Comparable to the dial combination on a bank vault, the encryption process turns files onto a useless bundle of information that cannot be read or used for other purposes.
All this effort to boost security of information that is gathered and collated by the various agencies and even private businesses that have ties with the government though contracts have had their computers encrypted to ensure the information they handle and use stays secure and out of the hands of criminals who aim to use them against the government.
Encrypted Hard Disks – Data Secure —Naaaahhhh!!!!
As the evolution of the lowly hard drive goes with the increase of storage capacity into the terabyte range and hardware based-encryption it seems that data cannot be more secure once it is stored within the said hard disk. Well, according to WindowsIt Pro, not totally for based on their testing of several hard drives that come as wireless removable storage devices you connect to your USB 2.0 ports, it ain’t that secure after all. The device/s tested was even secured by a wireless security key that used rfid technology to unlock the drive for use by authorized users only (which in the real world is anyone who has the keychain key).
The name and brand which we would not name for obvious reasons have indeed admitted the weakness and that the advertised capability of the drive was wrong. As it turns out, the true 128-bit AES security system was used only by the RF chip and the controller on the drive which was easily defeated by removing the drive from the case and connecting to a now standard SATA drive connector. The drive was encrypted, but not at the ‘military grade’ levels that were advertised for the encryption chip used only a basic encryption level which was not up to par with accepted high-encryption standards.
Both the manufacturers of the controller boards, casing and key, have acknowledged the flaw and promise a more robust system (which is to use a more secure encryption chip that is said to come out this year but is still only in development) by the end of the year. So we guess the false advertising with regards to the encryption standard of the drives should be changed from ‘Strong 128-bit AES encryption’ to ‘standard encryption’, which would only be fair for people do make choices based on the products qualities and capabilities.
IT Security in Public Schools
It has happened again, information with vital importance getting stolen lost into oblivion but not as grave as the incidents with the UK government, this time in a US Public School. This has been the second break-in in the said school since November last year and it is causing disgust with all concerned, students, teachers and staff alike. The school, Dorothy Hains Elementary school has been broken into twice in a span of a few months when vandals broke in, burning walls and other school equipment. The recent exploit also has office equipment, namely an administration computer which has the social security numbers of all the students and teachers. The principal has expresses utter disgust and desperately wants the disks back so as not to cause more disruption in the school’s operation.
IT Security is now getting on all the to headlines for with more and more information being centralized it becomes easier to loose vital information in so little a crime as petty theft. The recent blunders of the UK government with thousands of constituent information such as tax data and other financially important information highlights the need for more security and may call for more strict control and security on information, it’s use, storage and transport. The FBI, one of the world’s premier crime fighting agencies of the US suffers attacks on various levels through the internet considering the fact that it employs some of the most sophisticated counter-intelligence systems in the world how would an elementary school fare? You be the judge, and let us demand for better control and security of information from governments that it be guarded and kept. One way to curb this would be to impose more strict policing and penalties for violators to deter future venture into the area of IT Security that is Identity Theft.
Passwords and back-up…still the best defense against data loss
Security experts agree and still recommend that passwords be as tough as possible to prevent access to information on computer systems/networks. Yeah, it sounds very redundant and has become a bit tiring to read but it truly is the best protection ever for a computer may it be in the office or home. Encryption is one of the most promising technologies that has swept the IT security arena but even these robust encryption technologies (hardware/software based) protection technologies can be circumvented given enough time and resources.
Some companies have even turned to military-grade encryption which is tough and almost impossible to break but a wrong move along the way (encryption, transmission and decoding) can lead to catastrophic data loss. Carbonite has another approach to data security by actually backing up data offsite from subscriber’s computers may they be corporate or home users. The initial process of copying and indexing may take a few hours or even days depending on the amount of data to be copied but the subsequent back-up process which is simultaneous (which means that it works in the background when there is not much going on in terms of resource use) as one connects to the internet. So you can be working all day and stop fro a few minutes for a coffee break and return to a computer that has all the necessary information backed up by the system automatically.
Data loss due to hardware failure, software corruption due to malicious code (viruses and the likes) and people simply being reckless and deleting information without following the proper assessment of the information still cost a lot of money to recover from and the approach Carbonite uses is a better option. The system uses secure military-grade encryption which even the Carbonite servers cannot break and use adding to it the use of SSL in the transmission of the information for one mean back-up solution. As a user in the article says, it is like getting an insurance policy for your data. More on the said technology in the coming posts so do return and check us out from time to time for more information on the latest and hottest information from all over the world in terms of IT Security. Merry Christmas and a Happy New year to all.
[tags]Data Security, Data Backup, Strong Passwords[/tags]
Another Bummer – Lost UK Driver’s data
In addition to the very much weak security regarding the handling of information by government agencies, the UK Government suffers yet another blow with news that information for almost three million UK drivers is missing from a facility in Iowa in the US. The contractor for the British Government has lost the said hard drive from it’s secure facility in the said state and that there has no news yet as to where the information has gone to.
This adds another blow to the already tarnished reputation of Prime Minister Brown’s government for the recent loss of at most 8 CD’s containing tax and child support information in the UK. The said disks are still missing to this point and the reason behind the loss still unclear. In related news, the British Transport office in Ireland has also lost information regarding 6,000 motorists containing information from driver’s license numbers, addresses, and many more driver related information including the type of vehicle they drive.
This is poor showing for the British which has suffered a great deal of criticism from it’s parliament on the way information is handled and how it is mishandled. The incidents highlights more and more the need for more stringent control of information and the transport of such beginning from the roots as to why such a junior British government official had access to copy and burn CD’s straight off a supposedly secure government server. The recent incident has the missing hard disk formatted specially but sources will not confirm whether the said disk was encrypted. The said special formatting would render the disk and the information it contains unusable at best which was for use on special machinery (computers).