TEXAS my state!

Confidential Data



Image Source: http://tinyurl.com/4rgel6

It’s been awhile since I’ve written about protecting your privacy. This Slashdot
article reminded me how important of a topic it is to discuss and
keep fresh.

"Our HR department is implementing new software. The HR Director has
tasked me with sending our data out of our network to the consultant
that’s loading it in to the new package. Obviously this data includes
items such as SSN, name, birth date, etc. Upon being told that I would
not email this data to her, the consultant asked what my security
requirements were for sending the data. What would be on your wishlist
for the best way to send sensitive data to someone outside your
firewall?"

Like some of the commenters, I agree that it’s critical that you avoid
sending confidential data over the Web unencrypted. PGP/GPG have become
the standard ways to share information that is encrypted. In my
district, confidential student data is first encrypted with Pretty Good
Privacy (PGP) and then sent via secure FTP (sFTP). This comment seems to
validate my district’s approach…

If the data set is fairly small, then encrypted e-mail might be a valid
solution. If it’s small to middling in size or you need to do frequent
transfers SFTP or FTPS would be viable(presuming you’re not using keys
generated in the last two years on a debian box). The simplest solution
would be to encrypt the data, put it on a CD/DVD/Portable HD, and send
it by courier or deliver it yourself(ideally in a sealed envelope). You
get a signature to verify you sent it, you get a signature to verify who
picked it up, you’ve got proof it wasn’t tampered with and if someone
steals it along the way it’s not worth anything.

Of course, tools that I touted just a few short years ago are either no
longer available or difficult to obtain for Windows platform. Of course, I’m
referring to Windows
Privacy Tools (WinPT), which appears to have been abandoned by its
developers. This leaves Windows users in the lurch and they end up have
to obtain a copy of PGP, which is available for personal use at no cost.
Wait! Stop the presses! Looks like a new development–GPG4Win.org
(download 1.13 version).
Even comes with an
online tutorial.

For Mac users, MacGPG is available, although it remains a little less
than obvious to use, requiring a descent into the command line. I set
mine up and walked away. Surprisingly, in spite of the suspected geek
factor, KGPG remains the best free tool available, except for the fact
it requires GNU/Linux. It’s one of the first apps I install on any
GNU/Linux installation.

Of course, I’ve given up that any educators will use these tools…many
are still struggling with word processors and wondering how to use
spreadsheets to enhance math assignments on a Friday afternoon before
the kids go home, if they bother at all. They, at least, have their
priorities straight. Maybe this fixation with protecting confidential
data is at odds with the desire for transparency…or, maybe it’s just
about having fun playing with encryption tools.

Cloak-n-dagger.

News z: mguhlin@gmail.com (Miguel Guhlin - www.mguhlin.net)

By: admin | 2008/05/26 | Privacy - Mac - GNU/Linux - MGuhlin.net | Trackback | Comments [RSS 2.0]

Comments are closed



TEXAS my state! is proudly powered by WordPress
WP Theme "Fast Lane" design by: beng hafner

ogrodzenia betonowe heathrow airport parking trepy bielizna damska ogrzewacze wody limousine lansing limo limousine hanover park wood dale limousine limo glenview