Some Data Needs To Be Encrypted
Category None
TaoSecurity, by Richard Bejtlich, discusses the SAIC debacle whereby 45,000 employees had personal information stolen from several computers. Richard argues that prevention eventually fails and that we need procedures in place to detect and respond to security breaches.
Well, of course I agree that we all need public responses to the loss of public security, but I'd go a little further before rolling over so easily. Credit card numbers, social security IDs or anything that has significant information value to it, must be encrypted when it is stored. I assume that anyone can steal data (physically), so I put my efforts on keeping the data secure after it has been compromised.
Let me drift into a Domino environment, where I can encrypt all the server hosted databases with the server ID. If I had the SAIC ids stored on an encrypted Notes database, then the thieves would have required the server ID and its password. Of course, this requires password protected server IDs (which everyone is doing, right?)
TaoSecurity, by Richard Bejtlich, discusses the SAIC debacle whereby 45,000 employees had personal information stolen from several computers. Richard argues that prevention eventually fails and that we need procedures in place to detect and respond to security breaches.
Well, of course I agree that we all need public responses to the loss of public security, but I'd go a little further before rolling over so easily. Credit card numbers, social security IDs or anything that has significant information value to it, must be encrypted when it is stored. I assume that anyone can steal data (physically), so I put my efforts on keeping the data secure after it has been compromised.
Let me drift into a Domino environment, where I can encrypt all the server hosted databases with the server ID. If I had the SAIC ids stored on an encrypted Notes database, then the thieves would have required the server ID and its password. Of course, this requires password protected server IDs (which everyone is doing, right?)
- 
