Chapter 15 - 02 - Discuss Various Data Security Controls - 13_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
OCR
Tags
Related
- Data Security Exam 212-82 PDF
- Chapter 15 - 01 - Understand Data Security and its Importance - 01_ocred_fax_ocred.pdf
- Chapter 15 - 01 - Understand Data Security and its Importance - 02_ocred_fax_ocred.pdf
- Chapter 15 - 01 - Understand Data Security and its Importance - 03_ocred_fax_ocred.pdf
- Chapter 15 - 02 - Discuss Various Data Security Controls - 01_ocred_fax_ocred.pdf
- Chapter 15 - 02 - Discuss Various Data Security Controls - 12_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Data Security Email Encryption: Gmail O Gmail sup...
Certified Cybersecurity Technician Exam 212-82 Data Security Email Encryption: Gmail O Gmail supports S/MIME encryption, along with SecureGmail and Google Chrome extension to encrypt email messages @ Steps to Encrypt an Email Message Using S/MIME Encrypt Message Enable S/MIME, and share a key with each other Encryption Password: @ Compose a message, and click the lock icon located at the right of the fecipient This i the password that the recpent 3) wil have 10 U Ue 10 view the SeCLre MeIsage Send the email message Password Hint (Optional): a4ad of teling Te The tecpents the password grve them a hirt hirdthat ondy they would bn @ Steps to Encrypt Message using SecureGmail Install SecureGmail from the Chrome Web Store OOOOOG Click the lock button to compose the encrypted email Click the Send Encrypted button Provide an Encryption Password and a Password Hint to decrypt the email at the recipient side k Click the Encrypt & Send button Manually share the password with the recipient cil. All Rights Reserved, Reproductionis Strictly Prohibited Email Encryption: Gmail Gmail, the email service offered by Google, is used in many organizations to send and receive emails. Google uses the standard method of Gmail TLS encryption. All messages going through Gmail be encrypted only when both sender's and receiver's email services support TLS (mostly all major mail providers support TLS). Besides offering the basic level of encryption, Gmail also supports S/MIME (secure/multipurpose Internet mail extensions) encryption. SecureGmail (Chrome extension), Firefox, etc. are some other ways of encryption in Gmail. However, these options are available only for paid G Suite Enterprise and G Suite Education accounts, and not for the free Gmail accounts. Steps to Encrypt an Email Message Using S/MIME S/MIME encrypts data in transit. Both the sender and receiver have to enable S/MIME for it to work. After enabling S/MIME, they share “keys” to identify each other. Now, S/MIME can be used to send encrypted email messages in the following manner: = Compose a message. = Add the name of the recipient to the To field. = Click the lock icon located to the right of the recipient. = (Click on View Details if you want to change S/MIME settings or view the recipient’s encryption level. = Send the email message. The S/MIME encryption level is displayed in three colors. = Green: Email message is encrypted with S/MIME encryption. Module 15 Page 1834 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security = Gray: Email message is encrypted with TLS encryption. = Red: No encryption. Avoid sending personal information until you have securely encrypted an email. Steps to Encrypt Messages Using SecureGmail SecureGmail is a Google Chrome extension by Streak. You can install it from the Chrome Web Store. Once this is done, to the Gmail page to activate it. It is activated if a lock is displayed next to the Compose button. Now, follow the steps given below to encrypt the email message. = Click the lock button to compose the encrypted email. Mail Mail -~.v CG More More -~ Inbox (6) i Starred Sent Mail Drafts PR (204) PR (204) Reqs (10) Reqs (10) More ~ ! '@&Prayank 1&Prayank v “+- \ Figure 15.82: Email Composition = Notice two changes: The header will display Secured with a lock symbol, and Send button will change to Send Encrypted. Mewaaqe Meowsage Secured B8 New Message F. [} 0 o > o i Figure 15.83: New Message - Secured Module 15 Page 1835 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security = Click the Send Encrypted button after composing the email. =®= Provide an Encryption Password and a Password Hint to decrypt the email at the recipient side. Encrypt Message Encryption Password: [This is the password = S== password that the recpient(s recpient(s) " will : have 10 use 1o e R 10 view the secure message. Password Hint (Optional): Instead of teling the recipients the password, give them a hint that only they would know Encrypt Encrypt & Send Figure 15.84: Figure 15.84: Encrypt Encrypt Message Message = (Click the Encrypt & Send button. = Manually share the password with the recipient. Steps to Encrypt Gmail Through Firefox If Google Chrome is not the primary Internet browser in the system, you can still encrypt mails using Firefox. Add the Encrypted Communications Firefox extension and restart your browser to activate it. = Compose an email. = Right-click and select Encrypt Communication. = Enter a password and select OK. Steps to open the encrypted email by a recipient: *=* You will need the Encrypted Communications plug-in. = Right-click on the message and select Decrypt Communication. = Enter the assigned password. Module 15 Page 1836 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Data Masking Q Data masking or data obfuscation is the process of hiding original data with random characters Algorithm Description Character Scrambling Characters are jumbled into a random Masks sensitive data at rest, or data order to mask the original data Temporarily masks sensitive data in transit stored in an original database without affecting the original data at rest environment A lookup table is added to provide an alias Lookup Substitution for the original value Its purpose is to provide masked data Nulling Out or Deletion Data becomes null for unauthorized users Its purpose is to apply role-based security for for the development and testing of databases/applications applications Data in an individual column is randomly Shuffling shuffled or swapped A series of data transformations is The database proxy alters the SQL query A data set is changed by a random applied on the actual production data Number/Date Variance issued by the analyst before transferring it to percentage of its real value to generate high-quality masked data, the database, to return the masked data to which is then replicated in different Only a part of the data is masked with a the analyst environments. Masking Out mask character. For example: X Data Masking Data masking or data obfuscation is the process of hiding original data with random characters or other data. Its main purpose is to minimize unnecessary exposure of sensitive information like personally identifiable information (PIl), protected health information (PHI), payment card information (PCI-DSS), and intellectual property (ITAR). It replaces vulnerable, or sensitive data with fictitious functional data that seems real, allowing it to be safely used in operations where original data is not required. In data masking, the basic format of the data remains the same, but its key values are changed. For example, a long card number is masked as follows: 2424 6789 4545 3421 will be masked as 2424 XXXX 3421 Reasons to Include Data Masking in Data Security/Data Masking and Security = Protecting nonproduction data In many organizations, multiple copies of production data are required for nonproduction purposes such as application development and testing, employee training, business analytics modeling, etc. Multiple copies of sensitive data increase their chances of going into malicious hands. While allowing the safe sharing of sensitive data, the data masking techniques also plays a vital role in securing these data sets and meeting compliance requirements without affecting business operations. = Protection against insider threats Data masking allows employees to access the masked data instead of accessing the real production data to get their jobs done, which can mitigate the risk of a data breach from malicious insiders. Module 15 Page 1837 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Protection against third parties Data masking makes is safe to send personal identifiable data, payment card information, or PHI to third parties, such as market researchers. Compliance with regulations Data masking helps organizations comply with key regulations such as the general data protection regulation (GDPR) passed by the European Union to make personal more data secure. Types of Data Masking There are different types/strategies of data masking. To select a data masking type, consider the size of the organization, the location (cloud vs. on-premise), and the complexity of data you wish to secure. Data masking types include the following: 1. Static data masking (SDM) SDM masks sensitive data at rest, or data stored in an original database environment. SDM is implemented to provide realistic data for the development and testing of applications. Realism is necessary as it helps development and testing teams to detect the defects in the early stages of a development cycle. The SDM also secures data for use in analytics and training, and facilitates compliance with standards and regulations. SDM applies a series of data transformations on the actual production data to generate high-quality masked data. Various approaches are used to perform SDM. Statistical Data Masking Certain alternatives to SDM, such as differential privacy method and DataSifter method, rely on the stochastic perturbations of data to preserve some statistical properties of the original data. Dynamic data masking (DDM) DDM temporarily masks sensitive data in transit without affecting the original data at rest. DDM is mainly used to provide role-based security for databases/applications, and it uses database and proxy approaches to mask a database. The database proxy alters an SQL query issued by the analyst before transferring it to the database so that the masked data is returned to the analyst. On-the-fly data masking Similar to DDM, on-the-fly data masking occurs on demand but for one record at a time. An extract transform load (ETL) process occurs wherever the data is masked within the memory of a given database application, which is helpful for agile companies targeting continuous delivery or continuous deployment practices. Data masking and the cloud There are different modes for creating test data and moving it from on-premises to the cloud, or among environments inside the cloud. If data is masked before being ingested Module 15 Page 1838 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security into a cloud-native data repository, attackers would not gain anything from the stolen data following a breach. A few cloud-native data services offer built-in masking tools that make the implementation of masking easier in the cloud. Data Masking Techniques Some techniques for implementing data masking to obscure confidential data are as follows: 1. Encryption Different encryption algorithms are used to mask data. Users who have an authorized key can only access the data. 2. Character scrambling Characters are jumbled into a random order to mask the original data. For example, an emp_id #123456 in a production data set will be masked as #425613. 3. Lookup substitution A lookup table is added as an alias for the original value. It hides the authentic data to protect it from security breaches. 4. Nulling out or deletion Data becomes null for unauthorized users. This technique only helps avoid the visibility of the data element. 5. Shuffling Data in an individual column is randomly shuffled or swapped. The output set appears real but does not disclose any sensitive information. 6. Number and date variance Number and date variance is helpful in financial and date fields. Each number/date in a data set is masked by a random percentage of its real value. 7. Masking out Only a part of the data is masked with mask characters (for example, an X). This technique is mainly used to mask credit card details. For example, when an operator bills a customer's credit card for an item, they will see only the last four digits, while all other digits will be masked as XXXX XXXX 7685. Module 15 Page 1839 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
