Threat Level: green Handler on Duty: Russ McRee

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Published: 2007-10-26
Last Updated: 2007-10-27 15:30:56 UTC
by Mark Hofman (Version: 1)
0 comment(s)

The Internet has provided us with a convenient method to share information with each other and one thing we all do is to move files around.  Whether they be documents attached to emails, music, movies or programs we install, it is all about files, files, files.  So how do you safely transfer files from one location to another?  We're talking important stuff, the super secret info that your business relies on in order to stay afloat or information that keeps the country safe, but things you need to share with others in order to function. 

We've had plenty of examples over the last year or so on what not to do, especially with backup tapes and credit card numbers.  So we need some tips on what people should do or should not do.  I'll kick it off.

DO:

  • Have a policy on how information can be exchanged between organizations
  • Encrypt sensitive information on backups, removable media or in emails
  • Use SFTP or SCP to transfer files
  • Set up a secure file exchange facility within the corporate infrastructure to securely exchange files with others. 

    UPDATES:
    1. "Use secure thumb drives. They don't cost that much more.
    2. Use strong passwords.
    3. Store the password and data separately.
    4. Don't e-mail the password with the data.
    5. When sending data by courier make sure they are trust worthy, we have had customers send data that just never made it to us.
    6. Password protect all storage devices, including cell phones they can hold a lot of data now a days." (Paul)
     

Don't:

  • Allow services such as the free file transferring facilities to be used by staff.
  • Put the information on a CD and then leave it in the kiosk computer at the airport.

 Send us some good tips on what to do (bad ones are acceptable as well, but have to be amusing)

 

Cheers

Mark H - Shearwater

 

Keywords:
0 comment(s)
Diary Archives