|
Information Security Office
|
The following is a list of tools that can be used to secure sensitive information. This list will help individuals locate,
store, and remove sensitive information on their systems. As each department and individual may have different requirements,
many combinations of the tools will be the norm across the university. The tools listed here are just a starting point.
There are many other commercial and free tools available depending on the technical capabilities of the individual protecting
sensitive information. Each individual should check with their information technology staff to answer any questions regarding
which tools to use and how to use them. Special care should be taken when encrypting sensitive information that is necessary
for business purposes. The passwords, passphrases, or encryption keys should be securely maintained so that a manager or other
authorized personnel can access the information in the case of a forgotten password or emergency.
Additional guidance and training related to these and other tools will be available through Media and Computer Services as they
are developed. Until such time, the IT staff of each department should familiarize themselves with these tools so that they may
provide guidance and technical support.
One method for locating sensitive information on systems running Windows, Linux, Unix, or OS X operating systems is to utilize the "Spider" tool developed by security administrators at Cornell University. Detailed instructions for using the "Spider" tool have been included by the Cornell administrators. Using this tool will generate a list of files that may or may not contain sensitive information related to Social Security and credit card numbers. Special attention should be paid to the fact that this tool may misidentify certain files as containing sensitive information. These are generally limited to image files such as JPG and TIFF but may include text documents. Each text file identified should be reviewed individually to determine whether or not it contains sensitive information.
| Tool Name | Operating System |
|---|---|
| Cornell's Spider | Window/Linux/OS X |
Encryption software is, most often, operating system specific. Although Windows offers Encrypted File System and OS X offers FileVault for their users as default parts of their operating systems these encryption techniques expose these files once the user has logged into the system even if they are not utilizing the encrypted file. Files containing sensitive information should remain encrypted until the user needs to access that specific file. Each operating system, however, does have internal and third party options that will allow for the encryption of individual files and folders. Windows users have the option of selecting WinZip or TrueCrypt. WinZip will be provided by the university and TrueCrypt can be downloaded on an individual basis. Linux users can also utilize the capabilities of TrueCrypt although this is currently only available as a command line utility. Apple users running the OS X operating system can utilize the internal functionality of OS X to create encrypted disk images.
| Tool Name | Operating System |
|---|---|
| WinZip 11.1 | Windows |
| Truecrypt | Windows/Linux |
| Secure Disk Image | OS X |
When files and folders are deleted from a computer it becomes inaccessible to the user. The information, however, is still contained within the computer until that information has been overwritten by new information. There are many freely available software tools that can retrieve deleted file and folders and make them accessible. Along these same lines there are software tools that users can use to completely delete a file or folder so that it can not be restored. Eraser is a free program that works on Windows systems. Wipe is a program that can be downloaded for Linux systems although it is included in several distributions by default but must be run as a separate command. The Apple operating system OS X handles this by default for the user so no extra software or user action is necessary.
In some cases deleting the whole file would destroy additional information that is necessary. In the cases where the Social Security Numbers can be removed by deleting the information, the file can be maintained. Special attention should be paid to these files, however, as many programs retain information through version tracking or review capabilities. This version and tracking information is completely hidden from the user but can be restored thereby potentially exposing the deleted information. Microsoft Office, one of the programs with this capability, provides a utility that will remove all hidden information completely. Microsoft makes this too available through their support website.
| Tool Name | Operating System |
|---|---|
| Eraser | Windows |
| Microsoft Remove Hidden Data Tool | Windows Office 2003 and XP |
| Wipe | Linux |
| Mac Built-in Secure Delete | OS X |
The use of encryption means that users will be generating more passwords. Large numbers of passwords usually lead people to generating weak passwords or cause them to use the same password across multiple systems and applications. To help with this situation there are several software tools available. The following password storage tools can help users generate strong passwords and maintain an encrypted list of passwords that the user has created across multiple systems and applications. Although password storage tools can be used to escrow passwords, pass phrases, and encryption keys within a department, they must be managed and maintained very careful or the information it protects will become permanently inaccessible.
| Tool Name | Operating System |
|---|---|
| Keepass | Windows |
| KeepassX | Linux/OS X |
| Password Safe | Windows |
| Password Gorilla | Windows/Linux/OSX/BSD/Solaris |