Protecting Data

Sep 16, 2024

Take quiz

Review flashcards

Data Protection Techniques

Geographic Restrictions

  • Policy decisions based on location of data and user.
  • Use of IP address and subnets to determine user location.
    • Accurate in private networks.
    • Challenging for mobile devices.
  • Geolocation technologies:
    • GPS for precise location.
    • 802.11 wireless databases for identifying location through SSIDs.

Geofencing

  • Access control based on physical location.
  • Policies may restrict data access to specific locations (e.g., corporate facilities).

Importance of Data Protection

  • Crucial for business continuity.
  • Data is distributed across various locations:
    • Storage drives, networks, CPUs, and memory.
  • Use of encryption and security policies to protect data.

Encryption

  • Converts plaintext to unreadable ciphertext.
  • Requires decryption keys for restoring original data.
  • Concept of confusion: substantial change from original data.
  • Example: "hello world" encrypted using PGP.

Hashing

  • Represents data as a string of text (message digest/fingerprint).
  • Cannot recreate original data from a hash.
  • Used for password storage and file integrity checks.
  • Example: SHA-256 algorithm producing distinct hashes for similar inputs to avoid collisions.

Obfuscation

  • Makes understandable data difficult to interpret.
  • Protects code bases and hides malicious scripts.
  • Example: PHP code obfuscation.

Data Masking

  • Hides portions of data, often used for protecting sensitive information.
  • Example: Credit card receipts showing only last four digits.

Tokenization

  • Replaces sensitive information with tokens.
  • Used in payment systems like mobile phones and smartwatches.
  • Tokens are one-time use, preventing reuse if intercepted.

Data Segmentation

  • Separates data into smaller, secure databases to limit damage from breaches.
  • Allows different security levels for different data types.

Permission Restrictions

  • Rights and permissions associated with user accounts.
  • Includes authentication factors and checks during login.
  • Limits user access to certain data and functionalities.