Security

Securely Deleting Files From Your Hard Drive

Posted by Marius Dornean on March 08, 2010  /   Posted in Security, Technology

Deleting Files (or not…)

When deleting files in Windows, only the pointer to the file is deleted from the file table, not the actual data. Think of it like an index in a book. If the index pointer for a particular page is removed, it is much harder to find the particular page. If we go through the book, page by page, we will eventually find the page we want without needing the index to help us. Using free and commercial software recovery tools such as Recuva, we can recover deleted files from a hard drive by scouring all of the bits on a hard drive, much like flipping through all of the pages of a book. For this reason, it is important that we ensure that files we want deleted are fully stripped from the hard drive.

How The Disk Scrubber Works

The MariusSoft Disk Scrubber leverages the power of the windows cipher utility to cleanly wipe deleted files. This process is accomplished in 3 steps. First, 0’s are written over all of the deleted files. This is followed by 1’s being written, and finally random 0’s and 1’s. This 3 step process ensures that sectors are obfuscated enough to where the deleted files are no longer recognizable by recovery software.

Video Presentation

Get your hands on the Disk Scrubber here.

Introduction to Data Security

Posted by Marius Dornean on March 03, 2010  /   Posted in Security, Technology

Data in the Digital Age

What is data? Simply put, data is information stored in digital form. Why is information so important? Simple, information is the key to modern day society. Information enables us to share ideas, make informed decisions, keep records, speed up processes, etc… Data storage and transfer is more prevalent today then it has ever been as the medium of choice for information transfer. The biggest challenge is no longer getting data from one person to another, but securing that data.

With the introduction of the internet and the movement of storing more and more data onto computer systems, the electronic security age began and has flourished ever since. There are countless of entities all over the world trying to gain unauthorized access to data on every kind of system imaginable, and at the same time there are experts countering these entities.

History of the Internet

In order to gain a better understanding of the internet and interconnected computer systems, one should look at its roots. The first rudimentary computer network that linked geographically separated computer systems was called Arpanet. Arpanet stands for (Advanced Research Projects Agency Network) and was created by DARPA (Defense Advanced Research Projects Agency). The network linked computer systems from universities across the US together. It was the first network to use packet switching, a communications method where data is transmitted in groups rather than the slower, less reliable circuit switching that was prevalent at that time.

As the network grew, more and more people gained access to transferring more data between each other. This brought many advantages and many security concerns. As people started transferring sensitive data, those wishing to gain access to that data illegally started creating ways to do so.

History of Hacking

The modern day term of the words ‘hack’ and ‘hacker’ was first widely introduced in the 1960′s and originated at MIT. Simply, hacking referred to students who created a quick and elaborate and/or bodged solution to a technical obstacle. The term hacking is now almost synonymous with unauthorized access to computer systems, not just by students but by anyone. While hacking does have a rather dark modern day meaning, it does semantically apply to other forms of legal hacking, ex hackaday.com.

Some Notable Hacks in History

1983:

Kevin Poulsen aka Dark Dante hacks into Arpanet, the grandfather to the modern day internet. While still a student, Poulsen found a loophole in Arpanet’s architecture and exploited it to gain temporary control of the US wide network.

1988:

Robert Morris, a 23 year old Cornell University Graduate student creates the first internet worm. Created with the intent to count how many computers existed on the internet at the time, he creates a program with just 99 lines of code. In order to bypass system administrators to gauge the size correctly, he includes code to evade the administrators and exploit several vulnerabilities in the computer systems. The worms spread rapidly, infecting thousands of computers, crashing them and causing huge potential loss in productivity.

1995:

Vladimir Levin, a Russian computer hacker was the first to attempt to hack into a bank. He hacked into Citibank and managed to transfer $10 million dollars into accounts across the world.

Increasing Amount of Data Accessible via the Internet

According to netcraft, there are about 190,000,000 (190 million) websites on the internet, with this number increasing faster and faster every year. This is not surprising given there are nearly 1.6 million programmers in the world with more companies pushing internet based electronic services. The more websites and systems exist that have a connection to secure data and are reachable via the internet, the more chances there are that the data will be compromised.

As companies expand their presence and services on the web, more and more dynamic data is becoming available on the internet (online banking, social networking, accounting and tax software, etc…). Dynamic websites that provide these services, both personal and business, usually store some kind of identifiable information that can be monetized by hackers and spam organizations. Whether it be email addresses, names, social security numbers, credit card numbers, corporate research, etc… this data is sought by those that wish to sell it or use it for other unlawful means or exploitation.

Any system that is connected to the internet that has any kind of sensitive data worth securing is usually at risk of being attacked. This is the reality of today’s data exchange landscape and one that all, not just developers and system administrators, must think about. Every time you send your name, email address, or any other type of information over to a website, you risk your data getting compromised and stolen.

Data Breaches

Modern day governance take hacking and data breaches very seriously. Depending on the specific industry, some companies are required to report any hacking/data breach incidents. Huge amounts of money are spent into research and equipment to stop hackers.

Everything from network level firewalls, intrusion detection systems, web application firewalls to password protected accounts, database security triggers, and application security frameworks are modern day countermeasures to try and prevent hackers from gaining unauthorized access to data.

Securing Data

Over the next couple of blogs, I will talk about the different types of security. The following are some of the different topics I will cover.

SQL server security
Web application security
Windows application security
.NET code execution security
Network level security
Social Engineering attacks and security awareness
Recovering from a breach of data security
Hard Drive File Deletion
Stay tuned!

^ Back to Top