Results 1 to 2 of 2

Thread: Data Security: Secure the server data by your self

  1. #1

    Data Security: Secure the server data by your self

    Data Cracking
    I have read lot of articles about data security. Most of them focus on cracking by social engineering, sniffers, man in the middle attacks, deciphering raw data etc. Even a small mistake by the user can hamper his personal data. Monthly financial statements, credit reports, online shopping accounts, and so on can be cracked easily. Also we often read about fraud cases by the company employee.
    Laws can protect the data but not completely. Most of the people are still relying on others for protecting their personal information. Can we remove this dependency on others with simple solutions? Is it really possible to protect our data by ourselves? Wouldn’t it be great if data is hidden even if our credentials are compromised?
    Extra Protection
    One of the frustrating things about the protection is that password needs to be easy to be remembered. This leads many users to incorporate the personal information into their password and most of the passwords are same or have a slight change for many accounts.
    What if individual uses the SSL key to encrypt the data before saving into the server? So if password is known to the intruder, he will not able to view the data. Here individual means self, group, company etc. How is it possible? There are various ways to implement this solution.
    Currently I thought about the three possibilities to implement the extra protection
    1. Application itself is providing security: user creates ssl key (public and private) & store them at location and inform the location to application.

    Pros: user doesn’t need to put extra efforts for protecting.

    Cons: applications may implement the security differently and user may require managing the multiple keys which could be difficult to remember.

    2. Most convenient way to view the data is through http. What if we get the data from network layer (In Windows get the data through NDIS) , use a key to encrypt (say private key) it and send to the server. While receive the data from the server use key (say public key) to decrypt the encrypted data.

    Cons: a. Difficult to provide support for other platform.
    b. Extracting information could be difficult from the application.

    3. What if http adds one tag in to its parser say <encryption> </encryption> tag. Keys for the encryption is stored in browser with some identification for groups, login etc. whenever user visits the site browser will use appropriate key to decrypt the encrypted data.

    Solution 3 could be implementing for other communication protocols. It may provide support on other platform as well and very generic way to implement the pages by self.

    Looking in the future:
    By “self protection” individuals can share the information by means of Cloud computing, p2p & mails. A small scale companies can buy space from hosting sites and secure the data by “self protection”.
    Obviously this is not the end for the protecting the data. Based on “biometric” methods individual may use to protect the data, but until then a digital “self protection” might be a great thing to start with.

    By Abhijeet Phatak

  2. #2
    Hi Abhijeet! How about clearing browser history often? It prevents intruders from knowing where you have been and where you might have stored some information online.

Similar Threads

  1. Need a simple, secure way to transport & access sensitive data?
    By Prof Wonmug in forum
    Replies: 10
    Last Post: 01-04-10, 12:26 PM
  2. Security data visualization
    By Neil Jones in forum
    Replies: 1
    Last Post: 12-08-08, 12:19 AM
  3. Use Server Log Data to Improve Your Security
    By Tech Manager in forum Networking Forum
    Replies: 0
    Last Post: 05-14-08, 04:54 PM
  4. Secure Deletion of Data from Magnetic and Solid-State Memory
    By Humboldt in forum General Discussion Board
    Replies: 3
    Last Post: 09-06-01, 12:52 PM
  5. Secure Deletion of Data from Magnetic and Solid-State Memory
    By Humboldt in forum Network Security
    Replies: 0
    Last Post: 09-06-01, 12:50 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts