security in a box : tools and tactics for your digital security

8/9/2019 Security in a Box : Tools and Tactics for Your Digital Security

1/60

II III

Security in-a-box provides the

knowledge you need to recognise digital

security threats and the tools you need

to address them. It offers detailed,

step-by-step instructions to help you

use those tools effectively, as well as

practical, non-technical advice for

anyone who relies on digital technology

to do sensitive advocacy work.

www.tacticaltech.org

www.frontlinedefenders.org

TOOLSAN

DTACTICS

FORADVOCACY

security in-a-boxtools and tactics for your digital security


2/60

IV i

tools and tactics for your digital security

security in-a-box

TOOLSAN

DTACTIC

SFOR

A

DVOCACY


3/60

ii iii

TABLE OF CONTENTS

Intoction 1

1. Ho to otect o comtefom malae an haces 9

Viruses

Spyware 12

Firewalls 13

Keeping your soware up-o-dae 15

2. Ho to otect o infomation

fom hsical theats 21

Assessing your risks 21

Proecing your inormaion rom

physical inruders 23

Mainaining a healhy environmen

or your compuer hardware 26

Creaing your physical securiy policy 27

3. Ho to ceate an maintain

sece assos 33

Selecing and mainaining secure passwords 33

Remembering and recording secure passwords 35

4. Ho to otect the sensitive les

on o comte 43

Encryping your inormaion 44

Hiding your sensiive inormaion 46

Security in-a-box was developed by theTactical Technology Collective and Front Line in collaboration with:

Coordination, writing & editing Wojtek BoguszDmitri VitalievChris Walker

Additional writing Cormac McGuireBenji Pereira

English proofreading Caroline Kraabel

& copy editing Benji Pereira

Lead tester Rosemary Warner

Design Lynne Stuart

Curriculum development Pamela TeitelbaumDmitri Vitaliev

Coordination of Louise Berthilsonsoftware localisation Alberto Escudero Pascual

Spanish teamTranslation Phol Edward Paucar Aguirre

Editing Katitza Rodrguez PeredaWebmaster Angelin Venegas Ramrez

Localisation Diego Escalante UrreloProofreading Carlos Wertheman

French TeamEditing, translation & localisation Patrick Cadorette

Translation & localisation Alexandre GudonProofreading Miriam Heap-Lalonde

Editing Fabian Rodriguez

Russian TeamTranslation Emin AkhundovTranslation Alexei BebinovTranslation Alexander Lapidus

Proofreading Ksenia ShiryaevaEditing, translation & localisation Sergei Smirnov

Arabic TeamEditing, translation & localisation Ahmad Gharbeia

Editing Manal HassanTranslation & localisation Khaled Hosny

Translation Mahammad F Kalfat

Special Thanks to The Citizen Lab, Robert Guerra,Internews, RiseUp,The Tor Project

& VaultletSoft

Funder


4/60

iv v

5. Ho to ecove fom infomation loss 53

Ideniying and organising your inormaion 54

Dening your backup sraegy 56

Creaing a digial backup 58

Recovering rom accidenal le deleion 61

6. Ho to esto sensitive infomation 67

Deleing inormaion 68

Wiping inormaion wih secure deleion ooll 69

ips on using secure deleion ools eecively 71

ips on wiping he enire conens o a

sorage device 72

7. Ho to ee o Intenet

commnication ivate 77

Securing your email 78

ips on responding o suspeced email

surveillance 83

Securing oher Inerne communicaion ools 84

Advanced email securiy 85

8. Ho to emain anonmos anbass censoshi on the Intenet 93

Undersanding Inerne censorship 94

Undersanding censorship circumvenion 96

Anonymiy neworks and basic proxy servers 97

Specic circumvenion proxies 101

Glossa 107


5/60

vi 1

Intoction

Advocaes are increasingly concerned abou heir digial securiy, andwih good reason. While compuers and he Inerne can be exremelypowerul ools or advocacy, hey also expose groups (ha may already

be quie vulnerable) o new risks. As more advocaes have begun orely on digial echnology o achieve heir oureach, daa-collecion,inormaion design, communicaion and mobilisaion objecives, heserisks have become greaer.

I you are an advocae who ocuses on sensiive issues, or youwork closely wih such people, hen you have probably experienced (orheard sories abou) digial securiy and privacy hreas. Compuers and

backup drives ha were conscaed, passwords ha changed myseri-ously, local websies ha were hacked or overloaded by malicious Iner-ne rac, oreign websies ha can no longer be accessed and emailsha appear o have been orged, blocked, m odied or read by someoneoher han he inended recipien. ese are rue sories, and many o

hem are se in an environmen ha makes maters even worse, one inwhich compuer operaing sysems are requenly ou-o-dae, sowareis oen piraed and viruses r un rampan.

is oolki provides ex planaions o, and soluions or, hreas likehese. I was creaed by a diverse eam o expers who undersand noonly he condiions under which advocaes work, bu also he resourceresricions hey ace.

While Securiy in-a-box is designed primarily o address he grow-ing needs o advocaes in he global Souh, paricularly human righsdeenders, he soware and sraegies in his oolki are relevan odigial securiy in general. I has somehing o oer anyone who works

wih sensiive inormaion. is may include vulnerable minoriies andindependen journaliss or whisle-blowers, in addiion o advocaesworking on a range o issues, rom environmenal jusice o ani-corrup-ion campaigns.

HOw TO uSE THE SECurITy IN-A-BOx TOOLkITis oolki has hree major componens:o he How-o Bookleo heHands-on Guideo a selecion o reeware and Open Source sowareisHow-o Bookle is designed o explain he issues ha you musundersand in order o saeguard your own digial securiy. I seeks oideniy and describe he risks you ace and help you make inormed


6/60

2 3

decisions abou how bes o reduce hose risks. o his end, i answerseigh broad quesions relaed o basic securiy, daa proecion and com-municaion privacy.

A he beginning o each chaper, you will nd a backgroundscenario populaed by cional characers who will reappear in brieconversaions hroughou he chaper in order o illusrae cerain

poins and answer common quesions. You will also nd a shor lisshowing wha you can learn om his chaper. I is a good idea o scanhrough his lis beore you begin reading. As you work hrough a chap-er, you will encouner a number o echnical erms ha are highlighedin green and dened in he glossary a he end o he bookle. You willalso nd reerences o he specic soware discussed in he oolkis

Hands-on Guides .eseHands-on Guides are included, along wih an elecronic

copy o heHow-o Bookle, on he accompanying CD (or USBmemory sick, i you have a version o he oolki ha conains one).Each guide explains how o use a paricular reeware or Open Source

soware ool. eHands-on Guides highligh poenial diculies, sug-ges helpul ips and, mos imporanly, walk you hrough he processo conguring and using hese ools securely. ey include screenshosand sep-by-sep insrucions or you o ollow as you go along.

All o his soware can be insalled direcly rom he oolki ordownloaded ree o charge rom he Inerne. In mos cases, you caninsall a ool simply by clicking on he appropriae link a he begin-ning o whichever guide explains ha ool, hen elling your browser oOpen or Run he insall program. I a Hands-on Guide provides specialinsallaion insrucions, you may have o save a le o your Deskop, orsome oher locaion, in order o insall ha ool. e Securiy in-a-boxdisc also includes a secion called Porable Securiy, where you will ndporable versions o a ewSecuriy in-a-box ools. ese versions aremean o be insalled direcly ono a USB memory sick so ha you canuse hem on any compuer.

Any single chaper or guide in his oolki can be read individually,or ormated in your browser or easy prining, or shared elecronically.However, you will ge more ou oSecuriy in-a-box i you can ollowhe relevan links and reerences ha are scatered hroughou boh he

bookle and he soware guides. Ideally, you will have his bookle inron o you while you work hrough he Hands-on Guides. You shouldalso remember o nish reading he How-o Bookle chaper coveringa paricular ool beore you begin relying on ha ool o proec your

digial securiy.Where possible, you should read he chapers o his bookle in

order. Securiy is a process, and here is oen litle poin in rying odeend yoursel agains an advanced hrea o your communicaionprivacy, or example, i you have no ye ensured ha your compueris ree o viruses and oher malware. In many cases, his would be likelocking your door aer a burglar is already in your home. is is no osay ha any one o hese eigh opics is more imporan han any oher,

i is simply ha he laer chapers make cerain assumpions abou whayou already know and abou he sae o he compuer on which you areabou o insall soware.

O course, here are many good reasons why you migh wan owork hrough hese chapers ou o sequence. You migh need adviceon how o back up your imporan les beore you begin insalling heools described in he rsHands-on Guide. You migh nd yourselaced wih an urgen privac y hrea ha jusies learningHow o proeche sensiive fles on your compuer, which is covered in Chaper 4, asquickly as possible. Perhaps you are working rom an Inerne ca, ona compuer whose securiy is no your responsibiliy and rom which

you do no inend o access any sensiive inormaion. I you wan o usehis compuer o visi a websie ha is blocked in your counry, hereis nohing o preven you rom skipping ahead o Chaper 8: How oremain anonymous and bypass censorship on he Inerne.

Whaever pah you ake hrough he oolki, we hope i answerssome o your quesions, helps you undersand some o your vulnerabili-ies and shows you where o look or soluions.

ABOuT THE SECurITy IN-A-BOx prOjECTDigial securiy and privacy hreas are always unique o he work haan advocae does and he environmen in which ha person operaes.Furhermore, he collecion o soware ha migh help address hosehreas is consanly changing, and he ools hemselves are requenlyupdaed. For hese reasons, i is exremely dicul o c reae an o-he-shel oolki like Securiy in-a-box. Nohing saed in his oolkiis absolue, and here is no replacemen or a rused, local exper whoundersands he environmen you work in, is sympaheic o your causeand can help you ideniy he mos up-o-dae ools wih which oproec yoursel.

Neverheless, we hope ha Securiy in-a-boxwill give you an ideao he relevan issues and he righ soluions or your own paricularsiuaion. We have worked wih expers rom all over he globe opeer-review he ools and acics ha make up his oolki. is bookle

oers he very bes advice ha we could assemble wihou being able olook a and respond o your unique circumsances.


7/60

4 5

e soware ha we seleced was researched, esed and, in manycases, localised ino addiional languages by a diverse eam o securiyexpers, advocaes, human righs deenders, ranslaors and sowareengineers in collaboraion wih he acical echnology Collecive andFron Line. ese ools eaured prominenly in a number o securiyrainings ha were held as par o he Securiy in-a-box projec, rain-

ings ha served no only o srenghen he securiy and privacy o advo-caes hroughou he world, bu also o conrm he appropriaeness ohe ools seleced and o veriy he accuracy o he Hands-on Guides.

As o his bookles publicaion, he enire oolki is available inve languages: English, Arabic, French, Russian and Spanish. I ex iss

boh as a prined oolki, and on he Securiy in-a-box websie, awww.securiy.ngoinabox.org. Please wrie o [email protected] i

you would like o reques addiional copies, disribue or ranslae heoolki or alk o us abou raining.

acical ech and Fron Line are dedicaed o making his oolkias useul as possible or advocaes, and o ensuring ha uure versions

are even beter. o do so, we rely heavi ly on your eedback. Your soriesabou he oolki how you use i, wha you nd useul and wha youdon nd useul will help us ge i righ. ey will also help us raiseunds or he urher developmen o his projec. Please send us yourcommens, sories and ideas o [email protected].


8/60

6 7

1How to protect yourcomputer from malwareand hackers


9/60

8 9

1. Ho to otect o comte fommalae an haces

Regardless o your broader objecives, keeping your compuer healhy isa criical rs sep down he pah oward beter securiy. So, beore you

begin worrying oo much abou srong passwords, privae communi-

caion and secure deleion, or ex ample, you need o make sure hayour compuer is no vulnerable o haces or plagued by malicioussoware, oen called malae, such as viruses and spyware. Oher-

wise, i is impossible o guaranee he eeciveness o any oher securiyprecauions you migh ake. Aer all, here is no in poin locking yourdoor i he burglar is already downsairs, and i doesn do you muchgood o search downsairs i you leave he door wide open.

Accordingly, his chaper explains how o mainain your sowareand use ools like Avast, Sbot and Comoo Fieall o proec yourcompuer agains he ever-presen dangers o malware inecion andhace atacks. Alhough he ools recommended in his chaper are

or Windows, which is he operaing sysem mos vulnerable o hesehreas, GNu/Lin and Apple OS X users are also a risk and shouldsill adop he acics presened below.

Background scenarioAssani is a human rights activist in a Francophone African

country. His two teenage children, Salima and Muhindo, have

offered to help him with some routine computer work he has

been asked to do. After seeing the state of his computer, they

offer to teach him the basics of how to keep it healthy and

functional. Assani also likes the idea of using Free and Open

Source Software, but hes not sure whether that would bemore or less secure, so he asks for their advice.

What you can learn from this chaptero More abou he naure o a ew o he specic hreas ha malae

poses o he privacy and inegriy o your inormaion, he sabiliy oyour compuer and he reliabiliy o oher securiy ools

o How you can use a number o recommended ools o help proecyoursel rom hese hreas

o How o keep your compuer secure by updaing your soware requenlyo Why you should use feeae ools, o avoid he dangers associaed

wih expired licenses or piraed soware, and popular FOSS ools,where possible, o enhance your securiy.


10/60

10 11

VIruSESere are many dieren ways o classiy viruses, and each o hesemehods comes wih is own se o colorully-named caegories. Worms,macroviruses, rojans and backdoors are some o he more well-knownexamples. Many o hese viruses spread over he Inerne, using email,malicious webpages or oher means o inec unproeced compuers.

Ohers spread hrough removable media, paricularly devices like USBmemory sicks and exernal hard drives ha allow users o wrie inor-maion as well as reading i. Viruses can desroy, damage or inec he in-ormaion in your compuer, including daa on exernal drives. ey canalso ake conrol o your compuer and use i o atack oher compuers.Forunaely here are many ani-virus ools ha you can use o proec

yoursel and hose wih whom you exchange digial inormaion.

Anti-virus softwareere is an excellen feeae ani-virus program or Windows calledAvast, which is easy o use, regularly updaed and well-respeced by

ani-virus expers. I requires ha you regiser once every 14 monhs,bu regisraion, updaes and he program isel are al l ree-o-charge.

Hans-on: Get state ith

theAvast Guide

Clam win is a FOSS alernaive o Avas and he various well-knowncommercial ani-virus programs. Alhough i lacks cerain eauresha are imporan or a primary ani-virus program, Clam Win has headvanage ha i can be run rom a USB memory sick in order o scana compuer on which you are no allowed o insall soware. is is

exremely helpul when you have no choice bu o use public compuersor Inerne caes or sensiive work.

Tips on using anti-virus software effectivelyo Do no run wo ani-virus programs a he same ime, as his migh

cause your compuer o run ex remely slowly or o crash. Uninsallone beore insalling anoher.

o Make sure ha your ani-virus program allows you o receive updaes.Many commercial ools ha come pre-insalled on new compuersmus be regisered (and paid or) a some poin or hey will sopreceiving updaes. All o he soware recommended here suppors

ree updaing.o Ensure ha your ani-virus soware updaes isel regularly. New

viruses are writen and disribued every day, and your compuerwill quickly become vulnerable i you do no keep up wih new virusdeniions. Avas will auomaically look or updaes when you areconneced o he Inerne.

o Enable your ani-virus sowares always on virus-deecion eaurei i has one. Dieren ools have dieren names or i, bu mos o

hem oer a eaure like his. I may be called Realime Proecion,Residen Proecion, or somehing similar. ake a look a Secion3.2.1 o heAvas Guide o learn more abou ha ools ResidenScanner.

o Scan all o he les on your compuer regularly. You don have o dohis every day (especially i your ani-virus soware has an always oneaure, as described above) bu you should do i rom ime o ime.How oen may depend on he circumsances. Have you conneced

your compuer o unknown neworks recenly? Wih whom have youbeen sharing USB memory sicks? Do you requenly receive srangeatachmens by email? Has someone else in your home or oce

recenly had virus problems? For more inormaion on how bes oscan les, see heAvas Guide.

Preventing virus infectiono Be exremely cauious when opening email atachmens. I is bes o

avoid opening any atachmen received rom an unknown source. Iyou need o do so, you should rs save he atachmen o a olderon your compuer, hen open he appropriae applicaion (such asMicroso Word or Adobe Acroba) yoursel. I you use he programsFile menu o open he atachmen manually, raher han double-click-ing he le or allowing your email program o open i auomaically,

you are less likely o conrac a virus.o Consider he possible risks beore insering removable media, such as

CDs, DVDs and USB memory sicks, ino your compuer. You shouldrs check ha your ani-virus program has he laes updaes and hais scanner is running. I is also a good idea o disable your operaingsysems AuoPlay eaure, which can be used by viruses o inec

your compuer. Under Windows XP, his can be done by going insideMy Compuer, righ-clicking on your CD or DVD drive, selecingProperies and clicking on he AuoPlay ab. For each conen ype,selec he ake no acion or Promp me each ime o choose an acionopions hen click OK.

o You can also help preven some virus inecions by swiching o ree

and open source soware, which is oen more secure, and whichvirus wriers are less likely o arge.


11/60

12 13

Assani:I have a virus cleaner and I run i regularly, so I gure my

compuer is healhy, righ?

Salima: Acually, jus having ani-virus soware isn enough. You also

need o proec your compuer om spyware and hackers, so youll have

o insall and run a couple more ools.

SpywArESpyware is a class o malicious soware ha can rack he work youdo, boh on your compuer and on he Inerne, and send inormaionabou i o someone who shouldn have access o i. ese programscan record he words you ype on your keyboard, he movemens o

your mouse, he pages you visi and he programs you run, amongoher hings. As a resul, hey can undermine your compuers securiyand reveal condenial inormaion abou you, your aciv iies and yourconacs. Compuers become ineced wih spyware in much he same

way ha hey conrac viruses, so many o he suggesions above are also

helpul when deending agains his second class o malware. Becausemalicious webpages are a major source o spyware inecion, you shouldpay exra atenion o he websies you v isi and make sure ha your

browser setings are secure.

Assani: I all sounds like somehing ou o a spy movie o me. Is my

compuer really ineced wih spyware?

Mhino: Believe i or no, i s really common. I hose programs you

downloaded om he Inerne haven ineced you, heres a good chance

a leas one o he webpages youve visied has. e ac ha you use

Windows and Inerne Explorer makes i even more likely. I youve never

scanned your compuer or spyware, I be youll be surprised by how

much is already insalled on i

Anti-spyware softwareYou can use ani-spyware ools o proec your compuer rom hi sype o hrea. Spybo is one such program, and i does a very good jobo ideniying and removing cerain ypes o malware ha ani-virusprograms simply ignore. Jus like wih ani-virus soware, hough, i isexremely imporan ha you updae Spybos malware deniions andrun regular scans.

Hans-on: Get state iththeSpybot Guide

Preventing spyware infectiono Say aler when browsing websies. Wach or browser windows ha

appear auomaically, and read hem careully insead o jus clickingYes or OK. When in doub, you should close pop up windows byclicking he X in he upper righ-hand corner, raher han by clickingCancel. is can help preven webpages rom ricking you ino insall-

ing malware on your compuer.o Improve he securiy o your Web browser by prevening i rom

auomaically running he poenially dangerous programs ha aresomeimes conained wihin webpages you visi. I you are usingMozilla Fiefo, you can insall he NoScit add-on, as described inSecion 4 o he Fireox Guide.

o Never accep and run his sor o conen i i comes rom websiesha you don know or rus.

Assani:Ive heard ha Java apples and AciveX conrols can be

dangerous. Bu I have no idea wha hey are.

Salima: eyre jus dieren examples o he same sor o hing: small

programs ha your Web browser someimes downloads along wih

whaever page youre reading. Web designers use hem o creae complex

sies, bu hey can also spread viruses and spyware. You don have o

worry oo much abou how hey acually work, as long as you have

NoScrip insalled and running properly.

FIrEwALLSA rewall is he rs program on a compuer ha sees incomingdaa rom he Inerne. I is also he las program o handle ougoinginormaion. Like a securiy guard, posed a he door o a building odecide who can ener and who can leave, a rewall receives, inspecsand makes decisions abou all incoming and ougoing daa. Naurally, iis criical ha you deend yoursel agains unrused connecions romhe Inerne and rom local neworks, eiher o which could give hackersand viruses a clear pah o your compuer. In ac, hough, monioringougoing connecions originaing rom your own compuer is no lessimporan.

A good rewall allows you o choose access permissions or eachprogram on your compuer. When one o hese programs ries oconac he ouside world, your rewall will block he atemp and give

you a warning unless i recognizes he program and veries ha you

have given i permission o make ha sor o connecion. is is largelyo preven exising malware rom spreading viruses or inviing hackers


12/60

14 15

ino your compuer. In his regard, a rewall provides boh a second lineo deense and an early-warning sysem ha migh help you recognize

when your compuers securiy is being hreaened.

Firewall softwareRecen versions o Microso Windows include a buil-in rewall, which

is now urned on auomaically. Unorunaely, he Windows rewallis limied in many ways. In paricular, i does no examine ougoingconnecions, and i can be somewha dicul o use. However, here isan excellen feeae program called Comoo Fieall, which does a

beter job o keeping your compuer secure.

Hans-on: Get state ith the Comodo

Firewall Guide

Asani: So, now you wan me o insall ani-virus, ani-spyware and

rewall soware? Can my compuer cope wih all ha?

Mhino: Absoluely. In ac, hese hree ools are he bare minimum i

you wan o say secure on he Inerne hese days. eyre made o work

ogeher, so insalling hem all shouldn cause any problems. R emember,

hough, you don wan wan o run wo ani-virus programs or wo

rewalls a he same ime.

Preventing untrusted network connectionso Only insall essenial programs on he compuer you use or sensiive

work, and make sure you ge hem rom a repuable source. Uninsallany soware ha you do no use.

o Disconnec your compuer rom he Inerne when you are no usingi and shu i down compleely overnigh

o Do no share your Windows password wih anyone.o I you have enabled any Windows services ha you are no longer us-

ing, you should disable hem. See he Furher readingsecion or moreo Make sure ha all o he compuers on your oce nework have a

rewall insalledo I you do no already have one, you should consider insalling an

addiional rewall o proec he enire local nework a your oce.Many commercial broadband gateas include an easy-o-userewall, and urning i on can make your nework much more secure.

I you are no sure where o sar wih his, you migh wan o ask orassisance rom whoever helped se up your nework

kEEpING yOur SOFTwArE up-TO-dATECompuer programs are oen large and complex. I is ineviable hasome o he soware you use on a regular basis conains undiscoverederrors, and i is likely ha some o hese errors could undermine yourcompuers securiy. Soware developers coninue o nd hese errors,however, and release updaes o x hem. I is hereore essenial ha

you requenly updae all o he soware on your compuer, includinghe operaing sysem. I Windows is no updaing isel auomaically,

you can congure i o do so by clicking he Stat menu, selecingAll pogams and clicking winos uate. is will open InerneExplorer, and ake you o he Microso Updae page, where you canenable he Atomatic uates eaure. See he Furher readingseciono learn more abou his.

Staying up-to-date with freeware and FOSS toolspoieta softae oen requires proo ha i was purchasedlegally beore i will allow you o insall updaes. I you are using a

piraed copy o Microso Windows, or example, i may be unable oupdae isel, which would leave you and your inormaion exremely

vulnerable. By no having a valid license, you pu yoursel and ohers arisk. Relying on illegal soware can presen non-echnical risks, as well.e auhoriies in a growing number o counries have begun o veriyha organisaions possess a valid license or each piece o soware hahey use. Police have conscaed compuers and closed down organiza-ions on he basis o soware piracy. is jusicaion can be abusedquie easily in counries where he auhoriies have poliical reasons oinerere wih a given organisaions work. Forunaely, you do no haveo purchase expensive soware o proec yoursel rom acics like his.

We srongly recommend ha you ry ou he feeae or FOSSalernaives o any propriey soware ha you currenly use, especiallyhose programs ha are unlicensed. Freeware and FOSS ools are oen

writen by voluneers and non-pro organisaions who release hem,and even updae hem, ree o charge. FOSS ools, in paricular, are gen-erally considered o be more secure han oieta ones, becausehey are developed in a ransparen way ha allows heir soce coeo be examined by a diverse group o expers, any one o whom canideniy problems and conribue soluions.

Many FOSS applicaions look like, and work almos he same wayas, he proprieary soware ha hey were writen o replace. A hesame ime, you can use hese programs alongside proprieary soware,

including he Windows operaing sysem, wihou any problems. Eveni your colleagues coninue o use he commercial version o a paricular


13/60

16 17

ype o program, you can sill exchange les and share inormaion wihhem quie easily. In paricular, you migh consider replacing InerneExplorer, Oulook or Oulook Express and Microso Oce wihFireox, underbird and Op enOce, respecively.

In ac, you could even move away rom he Microso Windowsoperaing sysem enirely, and ry using a more secure FOSS alernaive

called GNu/Lin. e bes way o nd ou i youre ready o make heswich is simply o give i a r y. You can download a LiveCdversion oUbunu GNu/Lin, burn i o a CD or DVD, pu i in your compuerand resar. When is done loading, your compuer will be runningGNU/Linux, and you can decide wha you hink. Don worry, noneo his is permanen. When youre nished, simply shu down yourcompuer and remove he Ubunu LiveCD. e nex ime you sarup, youll be back in Windows, and all o you applicaions, setings anddaa will be jus as you le hem. In addiion o he general securiyadvanages o open-source soware, Ubunu has a ree, easy-o-use up-dae ool ha will keep your operaing sysem and much o your oher

soware rom becoming oudaed and insecure.

FurTHEr rEAdINGo See he chaper onMalicious Soware and Spam and he Appendix on

Inerne Program Setings in heDigial Securiy and Privacy or HumanRighs Deenders [1] book.

o Keep up o-dae wih news abou viruses on he Virus Bullein [2]websie.

o Learn how o deermine which Windows services are unnecessary[3]and disable hose you do no need [4].

o Oher oolkis rom he acical echnology Collecive (C) [5]can help you swich o using FOSS and Freeware ools or all o yoursoware needs.

LINkS[1] www.onlinedeenders.org/manual/en/esecman[2] www.virusbn.com[3] hps://securiy.berkeley.edu/MinSds/Deermining-Un-Services-Windows.hml[4] www.marksanborn.ne/howo/urn-o-unnecessary-windows-services[5]www.acicalech.org


14/60

18 19

2Protect your informationfrom physical threats


15/60

20 21

2. Ho to otect o infomationfom hsical theats

No mater how much eor you have pu ino building a digial barrieraround your compuer, you could sill wake up one morning o nd hai, or a copy o he inormaion on i, has been los, solen, or damaged

by any number o unorunae accidens or malicious acs. Anyhingrom a power surge o an open window o a spil cup o coee mighlead o a siuaion in which all o your daa are los and you are no longerable o use your comp uer. A careul risk assessmen, a consisen eoro mainain a healhy compuing environmen and a writensecit olic can help avoid his ype o diaser.

Background scenarioShingai and Rudo are an elderly married couple with many

years of experience helping the HIV-infected population

of Zimbabwe maintain access to proper medication. They

are applying for a grant to purchase new computers andnetwork equipment for their ofce. Since they live in a region

that is quite turbulent, in terms both of politics and of

infrastructure, they and their potential funders want to

ensure that their new hardware will be safe, not only from

hackers and viruses, but also from conscation, thunder-

storms, electrical spikes and other such disasters. They ask

Otto, a local computer technician, to help them devise a plan

of action to strengthen the physical security of the computers

and network hardware they plan to buy if their grant

application is successful.

What you can learn from this chaptero More abou a ew o he hsical theats o your compuer and o

he inormaion sored on io How bes o secure compuer equipmen agains some o hese hreaso How o creae a healhy operaing environmen or compuers and

nework equipmeno Wha o consider when creaing a securiy plan or he compuers in

your oce

ASSESSING yOur rISkSMany organisaions underesimae he imporance o keeping heir

oces and heir equipmen physically secure. As a resul, hey oen


16/60

22 23

lack a clear policy describing wha measures hey should ake o proeccompuers and backup sorage devices rom he, severe weaher condi-ions, accidens, and oher physical hreas. e impor ance o suchpolicies may seem obvious, bu ormulaing hem properly can be morecomplicaed han i sounds. Many organisaions, or example, have goodqualiy locks on heir oce doors, and many even have secure windows;

bu i hey do no pay atenion o he number o keys ha have beencreaed, and who has copies o hose keys, heir sensiive inormaionremains vulnerable.

Shingai: We wan o pu a brie summary o our securiy policy ino

his gran applicaion, bu we also need o make sure he policy isel is

horough. Wha should we include in i?

Otto: Im aaid I can recommend a one-size-s-all soluion o he

challenge o physical securiy. e specics o a good policy almos

always depend on a paricular organisaions individual circumsances.

Heres a piece o general advice, hough: when youre rying o come upwih a plan, you need o observe your work environmen very careully

and hink creaively abou where your weak poins migh be and wha

you can do o srenghen hem.

When assessing he risks and vulnerabiliies ha you or your organisa-ion ace, you mus evaluae several dieren levels a which your daamay be hreaened.o Consider he communicaion channels you use and h ow you use

hem. Examples migh include paper leters, axes, landline phones,mobile phones, emails and Se messages.

o Consider how you sore imporan inormaion. Compuer harddrives, email and web servers, USB memory sicks, exernal USBhard drives, CDs and DVDs, mobile phones, prined paper and hand-

writen noes are all likely possibiliies.o Consider where hese iems are locaed, physically. ey could be in

he oce, a home, in a rash bin ou back or, increasingly, somewhereon he Inerne. In his las case, i migh be quie challenging o o de-ermine he paricular piece o inormaions acual, physical locaion.

Keep in mind ha he same piece o inormaion migh be vul-nerable on many dieren levels. Jus as you migh rely on ani-virussoware o proec he conens o a USB memory sick rom malware,

you mus rely on a deailed physical securiy plan o proec he same

inormaion rom he, loss or desrucion. While some securiy prac-ices, such as having a good o-sie backup policy, are helpul agains

boh digial and physical hreas, ohers are clearly more specic.When you decide wheher o carry your USB memory sick in

your pocke or sealed in a plasic bag a he botom o your luggage, youare making a decision abou physical securiy, even hough he inorma-ion you are rying o proec is digial. As usual, he correc policy de-pends grealy on he siuaion. Are you walking across own or ravelling

across a border? Will somebody else be carrying your bag? Is i raining?ese are he sors o quesions ha you should consider when makingdecisions like his.

prOTECTING yOur INFOrMATION FrOM pHySICALINTrudErSMalicious individuals seeking access o your sensiive inormaionrepresen one imporan class o physical hrea. I would be a mis-ake o assume ha his is he only such hrea o he securiy o yourinormaion, bu i would be even move shorsighed o ignore i. ereare a number o seps you can ake o help reduce he risk o physical

inrusion. e caegories and suggesions below, many o which mayapply o your home as well as your oce, represen a oundaion uponwhich you should build in accordance wih your own paricular physicalsecuriy siuaion.

Around the ofceo Ge o know your neighbours. Depending on h e securiy climae in

your counry and in your neighbourhood, one o wo hings may bepossible. Eiher you can urn hem ino allies who will help you keepan eye on your oce, or you can add hem o he lis o poenialhreas ha your securiy plan mus address.

o Review how you proec all o he doors, windows and oher poins oenry ha lead ino your oce.

o Consider insalling a surveillance camera or a moion-sensor alarm.o ry o creae a recepion area, where visiors can be me beore

hey ener he oce, and a meeing room ha is separae rom yournormal work space.

In the ofceo Proec nework cables by running hem inside he oce.o Lock nework devices such as seves, otes, sitches, hbs

and modems ino secure rooms or cabines. A n inruder wih physi-cal access o such equipmen can insall malware capable o sealing

daa in ransi or atacking oher compuers on your nework evenaer he leaves.


17/60

24 25

o I you have a wireless nework, i is criical ha you secure youraccess oint so ha inruders canno join your ne work or monior

your rac. I you are using an insecure wireless nework, anyone inyour neighbourhood wih a lapop becomes a poenial inruder. isis an unusual deniion o physical, bu i helps o consider ha amalicious individual who can monior your wireless nework has he

same access as one who can sneak ino your oce and connec aneherne cable. e seps required o secure a w ireless nework will

vary, depending on your access poin hardware and soware, bu heyare rarely dicul o ollow.

At your work spaceo You should posiion your compuer screen careully, boh on your

desk and when you are away rom he oce, in order o prevenohers rom reading wha is displayed here. In he o ce, his meansconsidering he locaion o windows, open doors and he gues wai-ing area, i you have one.

o Mos deskop compuer cases have a slo where you can atach apadlock ha will preven anyone wihou a key rom geting inside.I you have cases like his in he oce, you should lock hem so hainruders canno amper wih heir inernal hardware. You migh alsoconsider his eaure when purchasing new compuers.

o Use a locking secit cable, where possible, o preven inrudersrom sealing he compuers hemselves. is is especially imporanor lapops and small deskops ha could be hidden inside a bag orunder a coa.

Software and settings related to physical securityo Make sure ha, when you resar your compuer, i asks you or a

password beore allowing you o run soware and access les. I idoes no, you can enable his eaure in Windows by clicking on heSar menu, selecing he Conrol Panel, and double-clicking on User

Accouns. In he User Accouns screen, selec your own accoun andclick Creae a Password. Choose a secure password, as discussed inChaper 3: How o creae and mainain good passwords, ener your pass-

word, conrm i, cl ick Creae Password and click Yes, Make Privae.o ere are a ew setings in your compuers BIOS ha are relevan o

physical securiy. Firs, you should congure your compuer so ha iwill no boot rom is oppy, CD-ROM or DVD drives. Second, youshould se a password on he BIOS isel, so ha an inruder can no

simply undo he previous seting. Again, be sure o choose a securepassword.

o I you rely on a secure password daabase, as discussed in Chaper 3,o sore your Windows or BIOS passwords or a paricular compuer,make sure ha you do no keep your only copy o he daabase onha compuer.

o Ge in he habi o locking your accoun whenever you sep awayrom your compuer. On Windows, you can do h is quickly by hold-

ing down he Windows logo key and pressing he L key. is will onlywork i you have creaed a password or your accoun, as describedabove.

o Enct sensiive inormaion on compuers and sorage devices inyour oce. See Chaper 4: How o proec he sensiive les on your com-pueror addiional deails and poiners o he appropriae Hands-onGuides.

ro: Im a bi nervous abou messing around in BIOS. Can I break my

compuer i I do somehing wrong?

Otto: You sure can, a leas or a litle while. In ac, he setings hayou migh wan o change are prety simple, bu he BIOS screen isel

can be a litle inimidaing, and i is possible o leave your compuer

emporarily unable o sar i you do somehing wrong. In general, i

youre uncomorable working in BIOS, you should ask someone wih

more compuer experience o help you ou.

Portable deviceso Keep your lapop, your mobile phone and oher porable devices ha

conain sensiive inormaion wih you a all imes, especially i youare ravelling or saying a a h oel. ravelling wih a lapop secitcable is a good idea, alhough i is someimes dicul o nd anappropriae objec o which you can atach one. Remember ha mealimes are oen exploied by hieves, many o whom have learn ocheck hoel rooms or lapops during hours o he day when hey arelikely o be unatended.

o I you have a lapop, or a hand-held compuing device such as aPersonal Digial Assisan (PDA), ry o avoid puting hem ondisplay. ere is no need o show hieves ha you are carrying such

valuable hardware or o show individuals who migh wan access oyour daa ha your shoulder bag conains a hard drive ull oinormaion. Avoid using your porable devices in public areas, andconsider carrying your lapop in somehing ha does no look like a

lapop bag.


18/60

26 27

MAINTAINING A HEALTHy ENVIrONMENT FOr yOurCOMpuTEr HArdwArELike many elecronic devices, compuers are quie sensiive. ey dono adap well o unsable elecriciy supplies, exreme emperaures,dus, high humidiy or mechanical sress. ere are a number o hings

you can do o proec your compuers and nework equipmen rom

such hreas:o Elecrical problems such as power surges, blackous and brownous

can cause physical damage o a compuer. Irregulariies like his cancrash your hard drive, damaging he inormaion i conains, orphysically harm he elecronic compo nens in your compuer.

o I you can aord hem, you should insall Uninerrupible PowerSupplies (upSs) on imporan compuers in your oce. A UPSprovides emporary power in he even o a blackou.

o Even where UPSs are deemed inappropriae or oo cosly, you cansill provide power lers or surge proecors, eiher o which willhelp proec you rom power surges.

o es your elecrical nework beore you connec imporan equipmen o i. ry o use power sockes ha have hree slo s, one ohem being a ground line, or earh. And, i possible, ake a day orwo o see how he elecrical sysem in a new oce behaves whenpowering inexpensive devices, such as lamps and ans, beore puing your compuers a risk.

o o deend agains accidens in general, avoid placing imporan hard-ware in passages, recepion areas or oher easily accessible lo caions.UPSs, power lers, surge proecors, power srips and exensioncables, paricularly hose atached o servers and neworking equip-men, should be posiioned where hey will no be swiched o by anaccidenal missep.

o I you have access o high-qualiy compuer cables, power srips andexension cables, you should purchase enough o serve your enireoce and pick up a ew exras. Power srips ha all ou o wallsockes, ail o hold plugs securely and spark consanly are more han

jus annoying. ey can be quie damaging o he physical securiy oany compuers atached o hem. ey can also lead rusraed userso secure heir loose compuer cables o a sparking power srip wihape, which creaes an obvious re hazard.

o I you keep any o your compuers inside cabines, make sure heyhave adequae venilaion, or hey migh overhea

o Compuer equipmen should no be housed near radiaors, heaing

vens, air condiioners or oher ducwork

Shingai:Acually, we jus solved a ew o hese problems earlier his year.

We spen monhs rying o nd cables ha wouldn all ou o he backs

o our compuers.

Otto: And power srips ha didn look like hey were abou o se he

carpe on re?

Shingai: a, oo. In he end, Rudo had o bring some back om a rip

o Johannesburg. Mind you, he elecriciy isel is sill prety unsable,

bu a leas he equipmen is easier o work wih.

CrEATING yOur pHySICAL SECurITy pOLICyOnce you have assessed he hreas and v ulnerabiliies ha you or yourorganisaion ace, you mus consider wha seps can be aken o improve

your physical securiy. You should creae a deailed secit olicby puting hese seps in wriing. e resuling documen will serve asa general guideline or yoursel, your colleagues and any newcomers

o your organisaion. I should also provide a checklis o wha acionsshould be aken in he even o various dieren physical securiy emer-gencies. Everybody involved should ake he ime o read, implemenand keep up wih hese securiy sandards. ey should also be encour-aged o ask quesions and propose suggesions on how o improve hedocumen.

Your physical securiy policy may conain various secions, de-pending on he circumsances:o An oce access policy ha addresses he alarm sysems, wha keys

exis and who has hem, when guess are allowed in he oce, whoholds he cleaning conrac and oher such issues

o A policy on which pars o he oce should be resriced o auho-

rized visiorso An invenory o your equipmen, including serial numbers and physi-

cal descripionso A plan or securely disposing o paper rubbish ha conains sensiive

inormaiono Emergency procedures relaed o: o Who should be noied i sensiive inormaion is disclosed or

misplaced oWho o conac in he even o a re, ood, or oher naural disaser o How o perorm cerain key emergency repairs o How o conac he companies or o rganizaions ha provide

services such as elecrical power, waer and Inerne access o How o recover inormaion rom your o-sie backup sysem. You


19/60

28 29

can nd more deailed backup advice in Chaper 5: How o recoverom inormaion loss.

Your secit olic should be reviewed periodically and modi-ed o reec any policy changes ha have been made since is lasreview. And, o course, don orge o back up your securiy policydocumen along wih he res o your imporan daa. See he Furher

readingsecion or more inormaion abou creaing a securiy policy.

FurTHEr rEAdINGo For addiional inormaion on assessing risks, see he Securiy

Awareness, and Trea Assessmensecions o heDigial Securiy andPrivacy or Human Righs Deenders book [1].

o For a more deailed explanaion o how o se a BIOS password, seehe Windows Securiy chaper in heDigial Securiy and Privacy orHuman Righs Deenders book [1].

o For guidelines on creaing a securiy policy, see Case Sudy 1 in heDigial Securiy and Privacy or Human Righs Deenders book [1].

o See also he Proecion ManualandProecion Handbook or HumanRighs Deenders [1].

LINkS[1] www.onlinedeenders.org/manual/en/esecman[2] www.onlinedeenders.org/manuals


20/60

30 31

3Create and maintainsecure passwords


21/60

32 33

3. Ho to ceate an maintain seceassos

Many o he secure services ha allow us o eel comorable usingdigial echnology o conduc imporan business, rom signing in oour compuers and sending email o encryping and hiding sensiive

daa, require ha we remember a password. ese secre words, phrasesor srings o gibberish oen provide he rs, and someimes he only,

barrier beween your inormaion and anyone who migh wan o read,copy, modiy or desroy i wihou your permission. ere are many

ways in which someone could learn your passwords, bu you can deendagains mos o hem by applying a ew specic acics and by using asecure password daabase ool, such as KeePass.

Background scenarioMansour and Magda are siblings, in an Arabic-speaking coun-

try, who maintain a blog on which they anonymously publicise

human rights abuses and campaign for political change.Magda recently tried to log into her personal webmail ac-

count and found that her password had been changed. After

resetting the password, she was able to log in, but when she

opened her inbox she noticed that several new messages were

marked as having been read. She suspects that a politically-

motivated intruder may have learned or guessed her pass-

word, which she uses for several of her website accounts. She

is meeting with Mansour, who has less computer experience,

to explain the situation and to voice her concerns.

What you can learn from this chaptero e elemens o a secure passwordo A ew ricks or remembering long, complicaed passwordso How o use he keepass sece asso atabase o sore pass-

words insead o remembering hem

SELECTING ANd MAINTAINING SECurE pASSwOrdSIn general, when you wan o proec somehing, you lock i up wiha key. Houses, cars and bicycle locks all have physical keys; proecedles have enction keys; bank cards have PIN numbers; and emailaccouns have passwords. All o hese keys, physical and elecronic, haveone hing in common: hey open heir respecive locks jus as eecively

in he hands o somebody else. You can insall advanced rewalls, secure


22/60

34 35

email accouns, and encte disks, bu i your password is weak, ori you allow i o all ino he wrong hands, hey will no do you muchgood.

Elements of a strong passwordA password should be dicul or a compuer program o guess.

o Mae it long: e longer a password is, he less likely i is ha acompuer program would be able o guess i in a reasonable amouno ime. You should ry o creae passwords ha include en or morecharacers. Some people use passwords ha conain more han one

word, wih or wihou spaces beween hem, which are oen calledpassphrases. is is a grea idea, as long as he program or service youare using allows you o choose long enough passwords.

o Mae it comle: In addiion o lengh, he complexiy o a pass-word also helps preven auomaic password cracking soware romguessing he righ combinaion o characers. Where possible, youshould always include upper case leters, lower case leters, numbers

and symbols, such as puncuaion marks, in your password.

A password should be dicul or ohers o gure ou.o Mae it actical: I you have o w rie your password down because

you can remember i, you may end up acing a whole new caegoryo hreas ha could leave you vulnerable o anybody wih a clear

view o your desk or emporary access o your home, your walle, oreven he rash bin ouside your oce. I you are unable o hink o apassword ha is long and complex bu sill memorable, he Remem-bering secure passwords secion, below, migh be o some h elp. I no,

you should sill ch oose somehing secure, bu you may need o recordi using a sece asso atabase such as keepass. Oher ypes

o password-proeced les, including Microso Word documens,should no be rused or his purpose, as many o hem can be bro-ken in seconds using ools ha are reely available on he Inerne.

o dont mae it esonal:Your password should no be relaed oyou personally. Don choose a word or phrase based on inormaionsuch as your name, social securiy number, elephone number, childsname, pes name, birh dae, or anyhing else ha a person couldlearn by doing a litle research abou you.

o kee it secet: Do no share your password wih anyone unless i isabsoluely necessary. And, i you mus share a password wih a riend,amily member or colleague, you should change i o a emporary

password rs, share ha one, hen change i back when hey are doneusing i. Oen, here are alernaives o sharing a password, such as

creaing a separae accoun or each individual wh o needs access.Keeping your password secre also means paying atenion o whomigh be reading over your shoulder while you ype i or look i up ina secure password daabase.

A password should be chosen so as o minimise damage i someone

does learn i.o Mae it niqe: Avoid using he same password or more han one

accoun. Oherwise, anyone who learns ha password will gain accesso even more o your sensiive inormaion. is is paricularly rue

because some services make i relaively easy o crack a password. Iyou use he same password or your Windows user accoun and yourGmail accoun, or example, someone wih physical access o yourcompuer can crack he ormer and use wha hey learn o access helater. For similar reasons, i is a bad idea o roae passwords by swap-ping hem around beween dieren accouns.

o kee it fesh: Change your password on a regular basis, preerably

a leas once every hree monhs. Some people ge quie atached o aparicular password and never change i. is is a bad idea. e longeryou keep one password, he more opporuniy ohers have o gurei ou. Also, i someone is able o use your solen password o access

your inormaion and services wihou you knowing abou i, heywill coninue o do so unil you change he password.

Manso: Wha i I rus someone? Is OK or me o ell you my

password, righ?

Maga: Well, rs o all, jus because you rus somebody wih your

password doesn necessarily mean you rus hem o ake good care o

i, righ? Even hough I wouldn do anyhing bad wih your password,I migh wrie i down and lose i or somehing. a could even be how I

go ino his mess! And besides, is no all abou rus. I youre he only

one who knows your password, hen you don have o wase your ime

worrying abou who o blame i he accoun ges broken ino. Righ now,

or example, I eel prety conden ha somebody acually guessed or

cracked my password, because I never wroe i down or shared i wih

anyone.

rEMEMBErING ANd rECOrdING SECurE pASSwOrdSLooking over he lis o suggesions above, you migh wonder how

anyone wihou a phoographic memory could possibly keep rack opasswords ha are his long, complex and meaningless wihou wriing


23/60

36 37

hem down. e imporance o using a dieren password or eachaccoun makes his even more dicul. ere are a ew rick s, however,ha migh help you creae passwords ha are easy o remember buexremely dicul o guess, even or a clever person using advancedpassword cracking soware.

You also have he opion o recording your passwords using a ool

like keepass ha was creaed specically or his purpose.

Remembering secure p asswordsI is imporan o use dieren ypes o characers when choosing apassword. is can be done in various ways:o Varying capialisaion, such as: My naME is No MR . MarSero Alernaing numbers and leters, such as: a11 w0Rk 4nD N0 p14Yo Incorporaing cerain symbols, such as: c@(heR1nhery3o Using muliple languages, such as: Le em Ea 1e gaeaU au ch()

colaAny o hese mehods can help you increase he complexiy o an

oherwise simple password, which may allow you o choose one hais secure wihou having o give up enirely on he idea o memoriz-ing i. Some o he more common subsiuions (such as he use o azero insead o an o or he @ symbol in place o an a) were long-agoincorporaed ino password-cracking ools, bu hey are sill a good idea.ey increase he amoun o ime ha such ools would require o learna password and, in he more common siuaions where ools o his sorcanno be used, hey help preven lucky guesses.

Passwords can also ake advanage o more radiional mnemonicdevices, such as he use o acronyms. is allows long phrases o beurned ino complex, seemingly-random words:o o be or no o be? a is he quesion becomes 2Bon2B?iQ

o We hold hese ruhs o be sel-eviden: ha all men are creaedequal becomes Wh2bs-e:aMac=

o Are you happy oday? becomes rU:-)2d@y?ese are jus a ew examples o help you come up wih your own

mehod o encoding words and phrases o make hem simulaneouslycomplex and memorable.

Recording passwords securelyWhile a litle creaiviy may allow you o remember all o your pass-words, he need o change hose passwords periodically means ha youmigh quickly run o u o creaiviy. As an alernaive, you can generae

random, secure passwords or mos o your accouns and simply give upon he idea o remembering hem all. Insead, you can record hem in a

porable, encryped secure password daabase, such as KeePass.


the KeePass Guide

O course, i you use his mehod, i becomes especially imporanha you creae and remember a very secure password or keepass, or

whaever ool you choose. W henever you need o ener a password ora specic accoun, you can look i up using only your maser password,

which makes i much easier o ollow all o he suggesions above.KeePass is porable, as well, which means ha you can pu he daabaseon a USB memory sick in case you need o look up a password while

you are away rom your primary compuer.Alhough i is probably he bes opion or anybody who has o

mainain a large number o accouns, here are a ew drawbacks o hismehod. Firs, i you lose or accidenally delee your only copy o apassword daabase, you will no longer have access o any o he accouns

or which i conained passwords. is makes i exremely imporanha you back up your KeePass daabase. Look over Chaper 5: How orecover om inormaion loss or more inormaion on backup sraegies.Forunaely, he ac ha your daabase is encryped means ha youdon have o panic i you lose a USB memory sick or a backup driveconaining a copy o i.

e second major drawback could be even more imporan. I youorge your KeePass maser password, here is no way o recover i or heconens o he daabase. So, be sure o choose a maser password ha is

boh secure and memorable!

Manso: Wai a minue. I KeePass uses a single maser password oproec all o your oher passwords, how is i more secure han jus using

ha same password or all o your accouns? I mean, i a bad guy learns

he maser password, he ges access o everyhing, righ?

Maga:Is a good hough, and youre righ ha proecing your maser

password is really imporan, bu here are a couple o key dierences.

Firs o all, his bad guy would no only need your password, hed need

your KeePass daabase le, oo. I you jus share he same password

beween all o your accouns, hen hed only need he password isel.

Plus, we know ha KeePass is exremely secure, righ? Well, oher

programs and websies can go eiher way. Some o hem are much less

secure han ohers, and you don wan someone breaking ino a weak


24/60

38 39

websie, and hen using wha he learns o access a more secure accoun.

And heres anoher hing, oo. KeePass makes i really easy o change

your maser password i you hink is necessary. I should be so lucky! I

spen all day oday updaing my passwords.

FurTHEr rEAdING

o o learn more abou secure passwords, see hePassword Proecionchaper and he How long should my password be? Appendix in heDigial Securiy and Privacy or Human Righs Deenders book [1].

o Wikipedia has inormaive aricles onPasswords [2], Guidelines or password srengh[3], andpassword cracking[4].

LINkS[1] www.onlinedeenders.org/manual/en/esecman[2] www.en.wikipedia.org/wiki/Password[3]www.en.wikipedia.org/wiki/Password_srengh[4]www.en.wikipedia.org/wiki/Password_cracking


25/60

40 41

4Protect the sensitiveles on your computer


26/60

42 43

4. Ho to otect the sensitive les on ocomte

Unauhorised access o he inormaion on your compuer or porablesorage devices can be carried ou remoely, i he inruder is able oread or modiy your daa over he Inerne; or physically, i he manages

o ge hold o your hardware. You can proec yoursel agains eiherype o hrea by improving he physical and nework securiy o yourdaa, as discussed in Chaper 1: How o proec your compuer ommalware and hackers and Chaper 2: How o proec your inormaionom physical hreas. I is always bes o have several layers o deence,however, which is why you should also proec he les hemselves. a

way, your sensiive inormaion is likely o remain sae even i your ohersecuriy eors prove inadequae.

ere are wo general approaches o he challenge o securing yourdaa in his way. You can enctyour les, making hem unreadable oanyone bu you, or you can hide hem in he hope ha an inruder will

be unable o nd your sensiive inormaion. ere are ools o help youwih eiher approach, including a FOSS applicaion called TeCt,which can boh encryp and hide your le.

Background scenarioClaudia and Pablo work with a human rights NGO in a South

American country. They have spent several months collecting

testimonies from witnesses to the human rights violations

that have been committed by the military in their region. If

the details of who provided these testimonies were to become

known, it would endanger both the courageous people who

testied and members of the organisation in that region. This

information is currently stored in a spreadsheet on the NGOs

Windows XP computer, which is connected to the Internet.

Being security conscious, Claudia has made sure to store a

backup of the data on a CD, which she keeps outside the ofce.

What you can learn from this chaptero How o encryp inormaion on your compuero Wha risks you migh ace by keeping your daa encrypedo How o proec daa on USB memory sicks, in case hey are los or

soleno Wha seps you can ake o hide inormaion rom physical or remoe

inruders


27/60

44 45

ENCrypTING yOur INFOrMATION

pablo:Bu my compuer is already proeced by he Windows login

password! Isn ha good enough?

Claia:Acually, Windows login passwords are usually quie easy o

break. Plus, anybody who ges his hands on your compuer or longenough o resar i wih a LiveCD in he drive can copy your daa

wihou even having o worry abou he password. I hey manage o

ake i away or a while, hen youre in even worse rouble. Is no jus

Windows passwords you need o worry abou, eiher. You shouldn rus

Microso Word or Adobe Acroba passwords eiher.

Encting your inormaion is a bi like keeping i in a locked sae.Only hose who have a key or know he locks combinaion (an encryp-ion key or password, in his case) can access i. e analogy is paricu-larly appropriae or TeCt and ools like i, which creae secure

conainers called encryped volumes raher han simply proecing onele a a ime. You can pu a large number o les ino an encryped vol-ume, bu hese ools will no proec anyhing ha is sored elsewhereon your compuer or USB memory sick.


the TrueCrypt Guide

While oher soware can provide encrypion ha is equally srong,rueCryp was designed specically o make his kind o secure lesorage as simple as possible. Furhermore, is suppor or carrying

encryped volumes on porable sorage devices, he ac ha i is a FOSS ool, and he deniabiliy eaures described in he Hiding yoursensiive inormaion secion below, give rueCryp a disinc advanageover many buil-in proprieary encrypion ools, such as Windows XPsbilocker.

pablo: Alrigh, now you have me worried. Wha abou oher users

on he same compuer? Does his mean hey can read les in he My

Documens older?

Claia: I like he way youre hinking! I your Windows password

doesn proec you om inruders, how can i proec you om oher

people wih accouns on he same compuer? In ac, your My Documens

older is normally visible o anybody, so oher users wouldn even have

o do anyhing clever o read your unencryped les. Youre righ, hough,

even i he older is made privae, youre sill no sae unless you use

some kind o encrypion.

Tips on using le encryption safely

Soring condenial daa can be a risk or you and or he people youwork wih. Encrypion reduces his risk bu does no eliminae i. ers sep o proecing sensiive inormaion is o reduce how much oi you keep around. Unless you have a good reason o sore a paricularle, or a paricular caegory o inormaion wihin a le, you shouldsimply delee i (see Chaper 6: How o desroy sensiive inormaionor more inormaion abou how o do his securely). e second sep iso use a good le encrypion ool, such as rueCryp.

Claia: Well, maybe we don acually need o sore inormaion ha

could ideniy he people who gave us hese esimonies. Wha do you

hink?

pablo: Agreed. We should probably wrie down as litle o ha as

possible. Plus, we should hink up a simple code we can use o proec

names and locaions ha we absoluely have o record.

Reurning o he analogy o a locked sae, here are a ew hings youshould bear in mind wh en using rueCryp and ools like i. No materhow surdy your sae is, i won do you a whole lo o good i you leavehe door open. W hen your rueCryp volume is mouned (whenever

you can access he conens yoursel), your daa may be vulnerable,so you should keep i closed excep when you are acually reading or

modiying he les inside i.ere are a ew siuaions when i is especially imporan ha you

remember no o leave your encry ped volumes mouned:o Disconnec hem when you walk away rom your compuer or any

lengh o ime. Even i you ypically leave your compuer runningovernigh, you need o ensure ha you do no leave your sensiiveles accessible o physical or remoe inruders while you are gone.

o Disconnec hem beore puting your com puer o sleep. is applieso boh suspend and hibernaion eaures, which are ypically used

wih lapops bu may be presen on deskop compuers as well.o Disconnec hem beore allowing someone else o handle your com-

puer. When aking a lapop hrough a securiy checkpoin or bordercrossing, i is imporan ha you disconnec all encryped volumes


28/60

46 47

and shu your compuer down compleely.o Disconnec hem beore insering an unrused USB memor y sick

or oher exernal sorage device, including hose bel onging o riendsand colleagues.

o I you keep an encryped volume on a USB memory sick, rememberha jus removing he device may no immediaely disconnec he

volume. Even i you need o secure your l es in a hurr y, you have odismoun he volume properly, hen disconnec he exernal drive ormemory sick, hen remove he device. You migh wan o praciceunil you nd he quickes way o do all o hese hings.

I you decide o keep your rueCryp volume on a USB memory sick,you can also keep a copy o he rueCryp program wih i. is willallow you o access your daa on oher peoples compuers. e usualrules sill apply, however: i you don rus he machine o be ree omalware, you probably shouldn be yping in your passwords or access-ing your sensiive daa.

HIdING yOur SENSITIVE INFOrMATIONOne issue wih keeping a sae in your home or oce, o say nohing ocarrying one in your pocke, is ha i ends o be quie obvious. Manypeople have reasonable concerns abou incriminaing hemselves byusing encrypion. Jus because he legiimae reasons o encryp daaounumber he illegiimae ones does no make his hrea any less real.Essenially, here are wo reasons why you migh shy away rom using aool like rueCryp: he risk o sel-incriminaion and he risk o clearlyideniying he locaion o your mos sensiive inormaion.

Considering the risk of self-incrimination

Encrypion is illegal in some counries, which means ha downloading,insalling or using soware o his sor migh be a crime in is own righ.

And, i he police, miliary or inelligence services are among hosegroups rom whom you are seeking o proec your inormaion, hen

violaing hese laws can provide a preex under which your aciviiesmigh be invesigaed or your organisaion migh be persecued. Inac, however, hreas like his may have nohing o do wih he legaliyo he ools in quesion. Any ime ha merely being associaed wihencrypion soware would be enough o expose you o accusaionso criminal aciviy or espionage (regardless o wha is acually inside

your encryped volumes), hen you will have o hink careully abou

wheher or no such ools are appropriae or your siuaion.I ha is he case, you have a ew opions:

oYou can avoid using daa securiy soware enirely, which wouldrequire ha you sore only non-condenial inormaion or inven asysem o code words o proec key elemens o your sensiive les.

o You can rely on a echnique called seganography o hide your sensi-ive inormaion, raher han encryping i. ere are ools ha canhelp wih his, bu using hem properly requires very careul prepara-

ion, and you sill risk incriminaing yoursel in he eyes o anyonewho learns wha ool you have used.

o You can ry o sore all o your sensiive inormaion in a secure web-mail accoun, bu his demands a reliable nework connecion anda relaively sophisicaed undersanding o compuers and Inerneservices. is echnique also assumes ha nework encrypion is lessincriminaing han le encrypion and ha you can avoid accidenallycopying sensiive daa ono your hard drive and leaving i here.

o You can keep sensiive inormaion o o your compuer by soringi on a USB memory sick or porable hard drive. However, such de-

vices are ypically even more vulnerable han compuers o loss andconscaion, so carrying around sensiive, unencryped inormaionon hem is usually a very bad idea.

I necessary, you can employ a range o such acics. However, evenin circumsances where you are concerned abou sel -incriminaion, imay be saes o use rueCryp anyway, while atemping o disguise

your encryped volume as bes you can.I wan o make your encryped volume less conspicuous, you can

rename i o look like a dieren ype o le. Using he .iso le exen-sion, o disguise i as a CD image, is one opion ha works well or large

volumes o around 700 MB. Oher exensions would be more realisicor smaller volumes. is is a bi like hiding your sae behind a painingon he wall o your oce. I migh no hold up under close inspecion,

bu i will oer some proecion. You can also rename he TeCtprogram isel, assuming you have sored i as you would a regular leon your hard drive or USB memory sick, raher han insalling i as aprogram. e rueCryp Guide explains how o do his.

Considering the risk of identifying your sensitiveinformationOen, you may be less concerned abou he consequences o getingcaugh wih enction soware on your compuer or USB memorysick and more concerned ha your encryped volume will indicaeprecisely where you sore he inormaion ha you mos wish o proec.

While i may be rue ha no one else can read i, an inruder will knowha i is here, and ha you have aken seps o proec i. is exposes


29/60

48 49

you o various non-echnical mehods hrough which ha inrudermigh atemp o gain access, such as inimidaion, blackmail, inerroga-ion and orure. I is in h is conex ha rueCryps deniabiliy eaure,

which is discussed in more deail below, comes ino play.TeCts deniabiliy eaure is one o he ways in which i goes

beyond wha is ypically oered by le enction ools. is eaure

can be hough o as a peculiar orm osteganogah ha disguisesyour mos sensiive inormaion as oher, less sensiive, hidden daa. Iis analogous o insalling a suble alse botom inside ha no-so-subleoce sae. I an inruder seals your key, or inimidaes you ino givingher he saes combinaion, she will nd some convincing decoy mae-rial, bu no he inormaion ha you ruly care abou proecing.

Only you know ha your sae conains a hidden comparmenin he back. is allows you o deny ha you are keeping any secres

beyond wha you have already given o he inruder, and migh helpproec you in siuaions where you mus reveal a password or somereason. Such reasons migh include legal or physical hreas o yourown saey, or ha o your col leagues, associaes, riends and am-ily members. e purpose o deniabiliy is o give you a chance oescaping rom a poenially dangerous siuaion even i you choose oconinue proecing your daa. As discussed in he Considering he risko sel-incriminaion secion, however, his eaure is much less useul imerely being caugh wih a sae in your oce is enough o bring abouunaccepable consequences.

rueCryps deniabiliy eaure works by soring a hiddenvolume inside your regular encryped volume. You open his hiddenvolume by providing an alernae password ha is dieren romhe one you would normally use. Even i a echnically sophisicaedinruder gains access o he sandard volume, he will be unable o prove

ha a hidden one exiss.O course, he may very well know ha rueCryp is capable o

hiding inormaion in his way, so here is no guaranee ha he hreawill disappear as soon as you reveal your decoy password. Pleny opeople use rueCryp wihou enabling is deniabiliy eaure, how-ever, and i is generally considered impossible o deermine, hroughanalysis, wheher or no a given encryped volume conains his kindo alse botom. a said, i i s your job o make sure ha you do noreveal your hidden volume hrough less echnical means, such as leav-ing i open or allowing oher applicaions o creae shorcus o he lesha i conains. e Furher readingsecion, below, can poin you o

more inormaion abou his.

Claia: Alrigh, so le s oss some junk ino he sandard volume, and

hen we can move all our esimonies ino he hidden one. Do you have

some old PDFs or somehing we can use?

pablo: Well, I was hinking abou ha. I mean, he idea is or us o give

up he decoy password i we have no oher choice, righ? Bu, or ha o

be convincing, we need o make sure hose les look kind o imporan,don you hink? Oherwise, why would we boher o encryp hem?

Maybe we should use some unrelaed nancial documens or a lis o

websie passwords or somehing.

FurTHEr rEAdINGo For addiional inormaion on securing your les, see he Crypology

chaper, he Seganography chaper and Case Sudy 3 rom he DigialSecuriy and Privacy or Human Righs Deenders book [1].

o e rueCryp FAQ[2] provides answers o some common quesionsabou rueCryp.

LINkS[1] www.onlinedeenders.org/manual/en/esecman[2] www.ruecryp.org/aq.php


30/60

50 51

5Recover frominformation loss


31/60

52 53

5. Ho to ecove fom infomation loss

Each new mehod o soring or ranserring digial inormaion endso inroduce several new ways in which he inormaion in quesion can

be los, aken or desroyed. Years o work can disappear in an insan, asa resul o he, momenary carelessness, he conscaion o compuer

hardware, or simply because digial sorage echnology is inherenlyragile. ere is a common saying among compuer suppor proession-als: is no a quesion o i you will lose your daa; is a quesion o

when. So, when his happens o you, i is ex remely imporan ha youalready have an up-o-dae backup and a well-esed means o resoringi. e day you are reminded abou he imporance o a backup sysemis generally he day aer you needed o have one in place.

Alhough i is one o he mos basic elemens o secure compu-ing, ormulaing an eecive backup policy is no as simple as i sounds.I can be a signican planning hurdle or a number o reasons: heneed o sore original daa and backups in dieren physical locaions,

he imporance o keeping backups condenial, and he challenge ocoordinaing among dieren people who share inormaion wih oneanoher using heir own por able sorage devices. In addiion o backupand le-recovery acics, his chaper addresses wo specic ools,Cobian Bac and unelete pls.

Background scenarioElena is an envionmentalist in a rssian-seaing

cont, hee she has begn to ceate a ebsite that

ill el on ceative esentation of images, vieos, mas

an stoies to highlight the etent of illegal efoestation

in the egion. She has been collecting ocments, meia

les an geogahic infomation abot logging fo eas,

an most of it is stoe on an ol winos comte in

the ofce of the NGO hee she os. while esigning a

ebsite aon this infomation, she has come to ealise

its imotance an to o abot eseving it in the

event that he comte shol be amage, eseciall if

it shol haen befoe she gets evething coie to

the ebsite. Othe membes of he oganisation

sometimes se the comte, so she also ants to lean

ho to estoe he les if someone accientall eletes

the fole containing he o. She ass he nehe

Niolai to hel he evelo a bac stateg.


32/60

54 55

What you can learn from this chaptero How o organise and back up your inormaionoWhere you should sore your backupso How you can manage your backups securelyo How o recover les ha have been deleed accidenally

IdENTIFyING ANd OrGANISING yOur INFOrMATIONWhile i is clearly imporan ha you ake seps o preven disaser, bymaking sure ha your inormaion is physically sae, ree o malware andproeced by a good eall and srong passwords, on heir own heseseps are no enough. ere are simply oo many hings ha can go

wrong, including virus atacks, haces, elecrical shor circuis, powerspikes, waer spills, he, conscaion, demagneisaion, operaingsysem crashes and hardware ailure, o name jus a ew. Preparing ordisaser is jus as imporan as deending agains i.

Elena: I know backup is imporan, Nikolai, bu doesn ha mean I

should have someone else se i up or me? I mean, am I really going o

have he ime, resources and experise o do his on my own?

Niolai: Youll be ne. Coming up wih a good backup plan akes a bi o

hough, bu i doesn ake all ha much ime or money. And, compared

wih losing all o your inormaion, you can hardly call i inconvenien,

righ? Besides, backup is deniely one o hose hings ha you should

manage yoursel. Unless he people who normally help you ou wih ech

suppor are exremely reliable and exremely well-inormed abou where

you keep your digial inormaion, youre beter o seting hings up on

your own.

e rs sep o ormulaing a backup policy is o picure where yourpersonal and work inormaion is currenly locaed. Your email, orexample, may be sored on he providers mail server, on your own com-puer, or in boh places a once. And, o course, you migh have severalemail accouns. en, here are imporan documens on he compuers

you use, which may be in he oce or a home. ere are address books,cha hisories and personal program setings. I is also possible ha someinormaion is sored on removable media as well, including USB memo-ry sicks, por able hard drives, CDs, DVDs, and old oppy disks. Yourmobile phone conains a lis o conacs and may have imporan exmessages sored in i. I you have a websie, i may conain a large collec-

ion o aricles buil up over years o work. And, nally, don orge yournon-digial inormaion, such as paper noebooks, diaries and leters.

Nex, you need o dene w hich o hese les are maser copies,and which are duplicaes. e maser copy is generally he mos up-o-dae version o a paricular le or collecion o les, and corresponds ocopy ha you would acual ly edi i you needed o updae he conen.Obviously, his disincion does no apply o les o which you haveonly one copy, bu i is exremely imporan or cerain ypes o inor-

maion. One common disaser scenario occurs when only duplicaes oan imporan documen are backed up, and he maser copy isel geslos or desroyed beore hose duplicaes can be updaed. Imagine, orexample, ha you have been ravelling or a week while updaing hecopy o a paricular spreadshee ha you keep on your USB memorysick. A his poin, you should begin hinking o ha copy as yourmaser copy, because he periodic, auomaed backups o he oudaed

version on your oce compuer are no longer useul.ry o wrie down he physical locaion o all maser and duplicae

copies o he inormaion idenied above. is will help you clariyyour needs and begin o dene an appropriae backup policy. e ablebelow is a very basic example. O course, you will probably nd hayour lis is much longer, and conains some sorage devices wih morehan one daa ype and some daa ypes ha are presen on mulipledevices.

data Te Maste/ Stoage device Locationdlicate

Elecronic documens Maser Compuer hard drive Oce

A ew imporan Duplicae USB memory sick Wih meelecronic documens

Program daabases (phoos, Maser Compuer hard drive Oceaddress book, calendar, ec.)

A ew elecronic documens Duplicae CDs Home

Email & email conacs Maser Gmail accoun Inerne

ex messages & Maser Mobile phone Wih mephone conacs

Prined documens Maser Desk drawer Oce(conracs, invoices, ec.)

In he able above, you can see ha:o e only documens ha will survive i your oce compuers hard

drive crashes are he duplicaes on your USB memory sick and heCD copies a home.

o You have no ofine copy o your email messages or your addressbook, so i you orge your password (or i someone manages o


33/60

56 57

copy your ex messages and conac inormaion rom your SIM caono he phone isel, and hen copy hem ono a backup SIM card. ismehod can be paricularly useul as an emergency backup soluion, buremember o keep he exra SIM card sae. e abiliy o copy conacinormaion and ex messages beween a mobile phone and is SIMcard is a sandard eaure, bu i your phone allows you o sore his kind

o inormaion on a removable ash memory card insead, hen backingi up may be even easier.

pinte ocments

Where possible, you should scan all o your imporan papers, hen backhem up along wih your oher elecronic documens, as discussed above.

In he end, you sho uld have rearranged your sorage devices, daaypes and backups in a way ha makes your inormaion much moreresisan o disaser:

data Te Maste/dlicate Stoage device Location

Elecronic documens Maser Compuer hard drive Oce

Elecronic documens Duplicae CDs Home A ew imporan Duplicae USB memory sick Wih meelecronic documens

data Te Maste/ dlicate Stoage device Location

Program daabases Maser Compuer hard drive Oce

Program daabases Duplicae CDs Home


Email & email conacs Duplicae Gmail accoun Inerne

Email & email conacs Maser underbird on Oce

oce compuer


ex messages & mobile Maser Mobile phone Wih mephone conacs

ex messages & mobile Duplicae Compuer hard drive Ocephone conacs

ex messages & mobile Duplicae Backup SIM Homephone conacs

data Te Maste/dlicate Stoage device Location

Prined documens Maser Desk drawer OceScanned documens Duplicae CDs A home

change i maliciously), you will lose access o hem.o You have no copies o any daa rom your mob ile phone.o You have no duplicae copies, digial or physical, o prined docu-

mens such as conracs and invoices.

dEFINING yOur BACkup STrATEGy

o back up all o he daa ypes lised above, you will need a combina-ion o soware and process soluions. Essenially, you need o makesure ha each daa y pe is sored in a leas wo separae locaions.

Electonic ocments

Creae a ull backup o he documens on your compuer using aprogram like Cobian Bac, which is described in more deail below.Sore he backup on somehing porable so ha you can ake i homeor o some oher sae locaion. I may be easier o use CDs or DVDs orhis, raher han a porable hard drive or USB memory sick, so ha youdo no risk losing your old backups while you are ransporing a newone. Blank CDs may be cheap enough ha you can use a new one every

ime you make a backup. Because his caegory o daa oen conainshe mos sensiive inormaion, i is paricularly imporan ha youproec your elecronic documen backups using encrypion. You canlearn how o do his in Chaper 4: How o proec he sensiive les on yourcompuerand in he rueCryp Guide.

pogam atabases

Once you have deermined he locaion o your program daabases, youcan back hem up in he same way as elecronic documens.

Email

Raher han accessing your email only hrough a web browser, insall

an email clien like Thnebiand congure i o work wih youraccoun. Mos webmail services will provide insrucions on how ouse such programs and, oen, how o impor your email addresses inohem. You can learn more abou his in he Furher Reading secion,

below. Make sure ha you leave a copy o your messages on he mailserver, raher han jus moving hem over o your compuer. eTunderbird Guide explains in deail how o do his.

Mobile hone contents

o back up he phone numbers and ex messages on your mobilephone, you can connec i o your compuer using he appropriaesoware, which is generally available rom he websie o he company

ha manuacured your phone. You may need o buy a special USBcable o do his, however. As an alernaive, you can use he phone o


34/60

58 59

Elena:I know some people who keep all o heir imporan documens

on Gmail, by ataching hem o dra messages or emails o hemselves.

Would ha coun as a second physical locaion or my les?

Niolai: I migh help you recover i you lose one or wo very imporan

documens, bu is prety awkward. Honesly, how many documens

per week would you be willing o back up like ha? Plus, you needo consider wheher or no hose atachmens are sae, especially i

youre a all worried abou your email being moniored. Unless youre

connecing o Gmail securely, his is a bi like handing over your sensiive

inormaion on a silver plater. Using an HTPS connecion o Gmail

in order o back up small ruecryp volumes or KeePass daabase les

would be prety sae, because heyre encryped, bu I really wouldn

recommend his as a general-purpose backup sraegy.

CrEATING A dIGITAL BACkupO he various daa ypes discussed here, i is he elecronic documensha people end o worry abou mos when esablishing a backuppolicy. is erm is somewha ambiguous, bu generally reers o lesha you keep rack o yoursel and ha you open manually, eiher

by double-clicking on hem or by using a par icular applicaions Filemenu. Specically, i includes ex les, word processing documens,presenaions, PDFs and spreadshees, among oher ex amples. Unlikeemail messages, or example, elecronic doc umens are generally nosynchronised wih remoe copies over he Inerne.

When backing up your elecronic documens, you should remem-ber o back up your program daabases, as well. I you use a calendarapplicaion or an elecronic address book, or example, you will needo nd he older in which hese programs sore heir daa. Hopeully,

hese daabases will be in he same locaion as your elecronic docu-mens, as hey are oen kep inside your My Documens older on a

Windows compuer. I ha is no he case, however, you should add heappropriae olders o your regular backup.

Email sored by an applicaion such as Thnebi is a specialexample o a program daabase. I you use an email program, especiallyi you are unable or unwilling o sore a copy o your messages on heserver, hen you mus ensure ha his email daabase is included in yourregular backup. You may consider image and video les o be elecronicdocumens or iems wihin a program daabase, depending on how youinerac wih hem.

Applicaions like Windows Media player and iunes, or example,work like daabases. I you use programs like his, you migh have o

search your hard drive o learn where hey sore he acual media lesha hey help manage.

Storage devicesBeore you can back up your elecronic documens, you mus decide

wha kind o sorage device you will use.

Comact discs (Cds)CDs sore around 700 Megabyes (MB) o daa. You will need a CD

burner and blank discs in o rder o creae a CD backup. I you wan oerase a CD and updae he les sored on i, you will need o have a CD-RW burner and rewriable CDs. All major operaing sysems, including

Windows XP, now include buil-in soware ha can wrie CDs andCD-RWs. Keep in mind ha h e inormaion writen on hese discs may

begin o deeriorae aer ve or en years. I you need o sore a backupor longer han ha, you will have o recreae he CDs occasionally, buyspecial long lie discs or use a dieren backup mehod.

digital Vieo discs (dVds)

DVDs sore up o 4.7 Gigabyes (GB) o daa. ey work much likeCDs bu require slighly more expensive equipmen. Yo

security in a box : tools and tactics for your digital security

Documents