Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Data security
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Technologies == === Disk encryption === {{Main|Disk encryption}} [[Disk encryption]] refers to [[encryption]] technology that encrypts data on a [[hard disk drive]]. Β Disk encryption typically takes form in either [[software]] (see [[disk encryption software]]) or [[Electronic hardware|hardware]] (see [[disk encryption hardware]]). Disk encryption is often referred to as [[on-the-fly encryption]] (OTFE) or transparent encryption. === Software versus hardware-based mechanisms for protecting data === Software-based security solutions encrypt the data to protect it from theft. However, a [[malware|malicious program]] or a [[hacker]] could [[data corruption|corrupt the data]] to make it unrecoverable, making the system unusable. Hardware-based security solutions prevent read and write access to data, which provides very strong protection against tampering and unauthorized access. Hardware-based security or assisted [[computer security]] offers an alternative to software-only computer security. [[Security token]]s such as those using [[PKCS#11]] or a mobile phone may be more secure due to the physical access required in order to be compromised.<ref>{{Cite book |last1=Thanh |first1=Do van |last2=Jorstad |first2=Ivar |last3=Jonvik |first3=Tore |last4=Thuan |first4=Do van |title=2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems |chapter=Strong authentication with mobile phone as security token |year=2009 |chapter-url=https://ieeexplore.ieee.org/document/5336918 |pages=777β782 |doi=10.1109/MOBHOC.2009.5336918|isbn=978-1-4244-5114-2 |s2cid=5470548 }}</ref> Access is enabled only when the token is connected and the correct [[Personal identification number|PIN]] is entered (see [[two-factor authentication]]). However, dongles can be used by anyone who can gain physical access to it. Newer technologies in hardware-based security solve this problem by offering full proof of security for data.<ref>{{cite news |last1=Stubbs |first1=Rob |title=Why the World is Moving to Hardware-Based Security |url=https://www.fortanix.com/blog/2019/09/why-the-world-is-moving-to-hardware-based-security |access-date=30 September 2022 |agency=Fortanix |date=Sep 10, 2019}}</ref> Working off hardware-based security: A hardware device allows a user to log in, log out and set different levels through manual actions. Many devices use [[Biometrics|biometric technology]] to prevent malicious users from logging in, logging out, and changing privilege levels. The current state of a user of the device is read by controllers in [[peripheral devices]] such as hard disks. Illegal access by a malicious user or a malicious program is interrupted based on the current state of a user by hard disk and DVD controllers making illegal access to data impossible. Hardware-based access control is more secure than the protection provided by the operating systems as operating systems are vulnerable to malicious attacks by [[Computer virus|viruses]] and hackers. The data on hard disks can be corrupted after malicious access is obtained. With hardware-based protection, the software cannot manipulate the user privilege levels. A [[Hacker (computer security)|hacker]] or a malicious program cannot gain access to secure data protected by hardware or perform unauthorized privileged operations. This assumption is broken only if the hardware itself is malicious or contains a backdoor.<ref>{{Citation | last1 = Waksman | first1 = Adam | last2 = Sethumadhavan | first2 = Simha | title = Silencing Hardware Backdoors | periodical = Proceedings of the IEEE Symposium on Security and Privacy | location = Oakland, California | url = https://www.cs.columbia.edu/~simha/preprint_oakland11.pdf | year = 2011 | url-status = live | archive-url = https://web.archive.org/web/20130928035803/https://www.cs.columbia.edu/~simha/preprint_oakland11.pdf | archive-date = 2013-09-28 }}</ref> The hardware protects the operating system image and file system privileges from being tampered with. Therefore, a completely secure system can be created using a combination of hardware-based security and secure system administration policies. === Backups === {{Main|Backup}} [[Backup]]s are used to ensure data that is lost can be recovered from another source. It is considered essential to keep a backup of any data in most industries and the process is recommended for any files of importance to a user.<ref>{{cite web |url=https://www.staysmartonline.gov.au/Protect-yourself/Doing-things-safely/backups |url-status=dead |archive-url=https://web.archive.org/web/20170707171638/https://www.staysmartonline.gov.au/Protect-yourself/Doing-things-safely/backups |archive-date=2017-07-07 |title=Back-ups {{!}} Stay Smart Online}}</ref> ===Data masking=== {{Main|Data masking}} [[Data masking]] of structured data is the process of obscuring (masking) specific data within a database table or cell to ensure that data security is maintained and sensitive information is not exposed to unauthorized personnel.<ref>{{cite web|url=http://mask-me.net/datamaskingwiki/wiki/26/data-masking-definition|title=Data Masking Definition|archive-url=https://web.archive.org/web/20170227062337/http://mask-me.net/datamaskingwiki/wiki/26/data-masking-definition|archive-date=2017-02-27|url-status=live|access-date=1 March 2016}}</ref> This may include masking the data from users (for example so banking customer representatives can only see the last four digits of a customer's national identity number), developers (who need real production data to test new software releases but should not be able to see sensitive financial data), outsourcing vendors, etc.<ref>{{Cite web |url = http://searchsecurity.techtarget.com/definition/data-masking |title = data masking |access-date = 29 July 2016 |url-status = live |archive-url = https://web.archive.org/web/20180105180354/http://searchsecurity.techtarget.com/definition/data-masking |archive-date = 5 January 2018 }}</ref> ===Data erasure=== {{Main|Data erasure}} [[Data erasure]] is a method of software-based overwriting that completely wipes all electronic data residing on a hard drive or other digital media to ensure that no sensitive data is lost when an asset is retired or reused. <ref name="Wei2011">{{cite q | Q115346857 | journal = FAST'11: Proceedings of the 9th USENIX conference on File and storage technologies | access-date = 2022-11-22 | ref = {{sfnref|Wei|2011}} }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)