Security Privacy Tools

From MissionTechWiki

Description of Security & Privacy Tools

Please keep this content generic and avoid specifics. Some people's lives depend on this sort of information. Tools that assist in maintaining security and the privacy of workers. It is easry to go overboard in this area. It is also very easy to try and use technology to fix a problem which is both technological and people based. The common test:

Which is easier: to break 1024 bit encryption or kick a door in...?::

How is Security & Privacy Tools used in Missions?

The problem isn't much different to that faced by multi-national companies working in diverse places. The only problem is that Missions often don't have the resources of a multi-national

Issues with Security & Privacy Tools

  • Not doing a proper needs analysis
  • Lack of training
  • Only solving part of the problem - eg leaving data unencrypted on disk.
  • Don't forget PDAs [1]

The trick is to minimise risk, while still keeping things easy to use, and not to raise too many eyebrows. Will full-on disk encryption just look too strange, or is a hard to detect encrypted partition a better option, even though some data make escape to temp files? SSL encrypted email is now very common. VPNs are common. More and more companies (and governments) are requiring data to be encrypted on laptops, so it looks less unusual to require this.

Different implementations and solutions using Security & Privacy Tools

This article talks about several ways to physically protect a laptop. [2]

Secure Communications

Securing Communications is a real issue for many workers. Skype Security is one issue to consider for those using Skype.

Annonymisers

For people in countries that censor the internet or otherwise inspect internet traffic, there can be a need to annonymise their network traffic.

  • Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

Web Proxies

  • Psiphon is a censorship circumvention solution that allows users to access blocked sites in countries where the Internet is censored. psiphon turns a regular home computer into a personal, encrypted server capable of retrieving and displaying web pages anywhere. VERY NEW

PC on a USB stick

There have been a couple of solutions around that offer to run on your host machine, but store all data on a USB device, so you plug in, take over the machine and leave no trace. Useful if using Internet Cafes or working in places where the machines would otherwise be monitored.

  • Mojopac is the latest concept. It is a software package that you install onto your USB storage device, USB stick, disk or ipod! All applications run in a virtual machine of some sort. It costs, but isn't too expensive. Is it secure? does it work?

Books to read

Beyond Fear by Bruce Schneier for a good grounding in general security risk assessment.

 

Original page: http://www.missiontech.info/wiki/Security_Privacy_Tools
from the MissionTech Wiki created by the International Conference on Computers and Missions

Faith (for Content):