1.     윈도우 데이터 관리

 

l         반드시 Login 기능을 이용하여 윈도우를 사용한다.

l         잠시 자리를 비우는 경우에는 화면보호기 비밀번호 기능을 이용하여 타인이 PC 를 사용할 수 없도록 한다.

l         중요한 데이터인 경우에는 USB 등 휴대용 저장매체를 이용하여 저장하도록 한다.

l         데이터를 삭제할 경우 90% 이상 복구가 가능함으로 영구삭제 소프트웨어를 이용하여 삭제한다.

l         윈도우를 업그레이드 또는 재설치하는 경우에는 반드시 하드디스크에 있는 데이터를 외부저장 장치에 백업을 받은 후에 반드시 하드디스크 전용 영구삭제 제품을 이용하여 영구삭제 후에 윈도우를 재설치한다. 영구삭제를 하지 않는 경우 데이터의 90%이상이 복구가 가능하다. 즉, 파티션 삭제 또는 윈도우 덮어쓰기인 경우에는 복구가 가능하다는 의미이다.

 

2.     이메일 관리

 

l         웹메일을 사용하는 경우에는 폴더 기능을 이용하여 메일을 관리한다.

l         웹메일을 삭제하고자 하는 경우 웹메일에서 제공하는 영구삭제 기능을 이용하여 삭제하는 것이 안전하다.

l         아웃룩, 아웃룩익스프레스를 사용하는 경우 메일서버에 있는 메일의 내용이 개인 PC 하드디스크에 저장되므로 웹메일에 비해서 상대적으로 데이터 보안이 취약하다. 즉, 아웃룩에서 메일 또는 메일폴더를 삭제하는 경우 거의 80%이상 복구가 가능하기 때문에 보안을 요하는 메일에 대해서는 반드시 이메일 전용 영구삭제 제품을 이용하여 메일 또는 메일폴더를 정기적으로 삭제하는 것이 안전하다.

 

3.     PC 를 폐기하는 경우

 

l         PC 를 폐기하는 경우 하드디스크를 반드시 완전하게 폐기하여야 한다. 하드디스크를 재사용하기 위해서는 하드디스크 전용 영구삭제 제품을 이용하여 영구삭제 후에 재사용하는 것이 안전하다.

l         하드디스크를 재사용할 필요가 없을 경우에는 자기장을 이용하여 삭제하는 방식으로 재사용이 불가능하도록 만든 후에 폐기 처리하는 것이 안전하다.

Kevin Townsend on Sept 21st, 2006

Introduction

When we talk about 'secure email,' we're really talking about two different things: the security (or lack of it) provided by your email software (the email client), and the security of the message you write (the message content). Our five steps to secure email will deal with both aspects; firstly with how to get a secure client, or make your existing client more secure; and finally how to get encryption to secure the content of your messages.

One: Use a secure email client

Your email client is the piece of software you use to compose, send and receive your messages. This obviously includes products like Outlook Express, The Bat and Thunderbird. Strictly speaking, if you use Webmail such as Hotmail, Gmail or Yahoo Mail, then your browser (Internet Explorer, Firefox, Netscape, etcetera) becomes your email client - but for our purposes here we will treat Webmail as something separate. If you use an email client, the first rule for secure email is to use a secure email client.

So how do you choose a secure email client? One possible crude method would be to search the Carnegie Mellon University CERT database for known past vulnerabilities. Such a search (at the time of writing) shows Outlook Express has had 940 vulnerability entries, Mac's Tiger Mail has 124 entries, Thunderbird has 83 entries, and RITlabs' The Bat! has 2 entries. Try it with any other email client you may be considering.

But, of course, it's not that simple. Outlook Express is by far the most popular client, and therefore by far the most probed and analyzed - which goes a long way to explaining the large number of known vulnerabilities. And you can be pretty certain that Microsoft will work very hard to correct any problems it learns about. Tiger Mail is relatively new (you might consider 124 entries in a relatively short period of time to be quite high). And bear in mind that many analysts believe that the hacker community is now beginning to train its eye on the increasingly popular Macintosh.

Thunderbird is free open source software (OSS). It is growing in popularity, and will start to attract the attention of hackers. If you believe in the OSS model for security (ie, the best software brains in the world strive to be the first to find and fix any problem), then this is a good option.

But on the measurement we're using, The Bat! is by far the most secure email client of the four. And it is certainly true that RITlabs sells The Bat! as a secure email client. Against this we must accept that a relatively unknown product will not attract the attention of the underworld - so all it says is that only 2 vulnerabilities have been reported so far, not that only 2 vulnerabilities exist.

There is another thing to consider. We define ourselves by our messaging - it is a very personal thing. It is really quite important that we use an email client that we are comfortable with and that suits us. We just need to take security into account when we choose what's right for us. So consider it, choose it, and then keep it fully patched is probably the best route to take.

Two: Always use text

Jim Clausing, Technical Consultant, Network Security at AT&T writing for SANS, puts this just right: "Read email in plain text (as God intended)". Anything capable of doing something without your say-so is potentially harmful. And HTML contains some things that can do just that - like going to a website you don't know about and getting what you think is just a picture to display in the email. Most email clients can protect against most problems - but just don't do it ; it's much safer. Of course, the corollary is that you should only send messages as text as well.

There is usually an option in the software to switch to text. In Outlook Express it's Tools>Options>Read, and check the box 'Read all messages in plain text'. Then go to the 'Send' tab and check the 'Plain text' radio button under Mail Sending Format. You can also make sure that 'Reply to messages using the format in which they were sent' is also unchecked.

In Thunderbird, you can use the View>Message Body As... and then select the Plain Text option in order to read your incoming mail as text only. For outgoing messages, click Tools>Account Settings and then select the Composition and Addressing option. From here make sure that the 'Compose messages in HTML format' is unchecked.

This, of course, is only half the problem. What about attachments? Certain file types can carry macros and the macros can carry exploits. So be very careful.

Here are a few basic rules:

• Never accept attachments unless you are expecting them
• Never open an attachment unless you are really confident that it is safe. Some safe attachments could include .txt, .pdf, .gif. Some potentially unsafe attachments could include .doc, .xls...
• Never, ever, ever open an attached .exe unless you are really, really, really confident of what it is.

And of course you should return the compliment. Send attachments wherever possible as .txt files or PDFs.

Three: Use free Webmail accounts for subscriptions and postings

We all love subscribing to relevant free newsletters that will be delivered by email to our desktop. In fact free newsletters are probably second only in volume to spam. And phishing. And scams.

So where do those bothersome people get our email addresses? Well, there are many methods - some of which we can do something about. One of their methods is to let robots loose on websites. These robots trawl through all the pages copying down any email address they come across (this is called harvesting). So the first thing is never to put your email address on your own website in anything like a machine readable format (and frankly JOHN AT SMITH DOT COM is probably machine readable).

You may, however, find that your email address has been harvested from a different website - perhaps a non-too savvy website that takes postings and includes the poster's email address. Or perhaps a hacker has got into a newsletter publisher's database and stolen all the subscriber addresses. This (semi-) solution works in both cases - never use your own main email address. Guard this like it is your most embarrassing moment ever, and only tell people you really trust. For everyone and all things else - use a webmail account. Firstly, companies like Hotmail and Google and Yahoo are really good at screening out spam; and secondly, if and when spam does start getting through, just dump that address and get another one. You will need to re-subscribe to the newsletters, but it will be a good opportunity to abandon all of those you don't want or don't trust. But out of common courtesy, if there is a mechanism for formally closing the old webmail account, please do so.

Four: Use additional multi-layered defenses

It isn't enough to stop bad things getting on to your system via your email - you have to prevent any unknown hidden infection you may already have getting out through your email and infecting someone else. It's not just good manners - it could save your job or your bank balance or both. Many lawyers expect that sooner or later the victim of loss by infection will seek redress from the source of that infection; even if the source was totally unaware of what happened. Better make sure you're not that source; so you have to avoid sending out infections just as much as you must avoid receiving them.

Email isn't the only way you can catch a Trojan horse - it could be just by visiting the wrong website, using P2P injudiciously, a colleague or relative downloading or installing something not quite kosher... In fact, it's probably best to assume that sooner or later you will get infected by spyware or similar. So you don't just need an anti-virus system capable of inspecting your incoming email, you need one that will inspect your outgoing mail as well. But just to be especially safe, you need anti-spyware/adware software to scan your system for Trojans that have got through; and you need a firewall that will stop unauthorized applications trying to connect to the internet.

Five: Encrypt sensitive emails

You can make Outlook Express (and any other email client that supports S/MIME) provide encryption if you obtain or have a digital ID (digital certificate). To be frank, for most users of personal email, the process of getting a dig cert is either too expensive or too onerous to bother. So it comes down to the usual cost/benefit trade-off: if the value of the information you wish to secure is high, then you need to obtain a digital certificate; if it is not that high, then seek an alternative method of encryption.

And there are plenty of alternative methods. If you work for a large company, you may already have a company PKI (Public Key Infrastructure) system established. If you have, you can consider all mail using this to be as secure as it gets. But this is not really an option for small companies, and certainly not for the majority of individuals. If you have an IT specialist in-house, or if you're computer savvy yourself, you could consider installing a free version of PGP - and again, your email will be as secure as it gets. But it's still frankly onerous for a user generation brought up on plug it in and get on with it.

Perhaps the easiest option is to use a third party secure email provider. This will usually mean your mails will go through the third party's servers, but usually in a secure fashion. It can be as simple as using the SSL encryption already in your favorite browser to upload an encrypted email; and from where only the stated recipient can download it, again through his or her browser. Or it could be an altogether more sophisticated approach such as that adopted by Hushmail (which even has a free option). Whatever method you choose, if the communication is either sensitive or valuable, it should be encrypted.

We joined "WorkSpace" in downtown Vancouver to work closely with our potential customers and partners in downtown Vancouver. The WorkSpace is located on historic Gastown(http://www.gastown.org).

[product] 개인정보 보안을 위한 이메일 영구삭제의 중요성

일반사용자들이 사용하는 이메일(E-mail)의 형태는 크게 웹메일(Web Mail)과 메일뷰어(Mail Viewer)를 사용하는 두가지로 나누어진다. 웹메일의 경우에는 이메일을 지운 후 수일 내에 서버에서 자동으로 영구히 삭제 되는 경우가 일반적이므로 이메일 삭제가 안전하게 이뤄진다고 보여진다.

 

그러나 Microsoft Outlook 2003/2007 이나 Outlook Express 과 같은 메일뷰어를 사용하여 이메일을 관리하는 경우에는 개인정보 보안 문제가 발생할 수 있는데, 이것은 이메일이 사용자 PC의 하드디스크에 모두 저장되기 때문이다. 즉, 마이크로소프트 아웃룩을 통해 송수신한 이메일이나 지운 이메일은 모두 PC 내의 하드디스크상에 남아 있게 되는데, 특히 지워진 이메일에 대해서는 전문 이메일 복구 프로그램으로 거의 복구가 가능하기 때문에 개인정보 또는 개인간의 이메일 송수신 내용이 유출될 수 있다는 심각한 보안 문제가 존재한다.

 

기존의 데이터 영구삭제 제품은 파일, 폴더 등의 일반적인 데이터에 대한 영구삭제 기능은 제공하지만 이메일에 대한 영구삭제 방법은 제공하지 못하고 있다. 이는 DB 형태로 메일파일 내에 함께 저장되는 이메일과 이미 지운 이메일에 대한 완전 삭제를 별도로 처리하는데 따르는 기술적인 어려움 때문이다.

 

신기술이 적용된 outlook mail eraser 을 사용하면 파일, 폴더 등의 일반적인 데이터뿐만 아니라, 메일뷰어인 Microsoft Outlook 2003/2007 또는 Outlook Express 6 의 사용 중에 보안이 요구되는 이메일에 대해서도 영구삭제가 가능하게 되어 개인정보 유출가능성을 크게 줄일 수가 있게 되었다.

product sheet - outlook mail eraser

A Personal Folders file(.pst) is an Outlook data file that stores your messages and other items on your computer. Personal Folders files are the most common format in which information in Outlook is saved by home users or in small organizations. Home users usually use an Internet service provider(ISP) to connect to the Internet. The ISP also provides one or more e-mail accounts. The most common types of accounts are referred to by their Internet protocol names - POP3 and IMAP or just POP and IMAP. Another type of account is an HTTP or Web-based account that works similar to IMAP e-mail accounts. Microsoft Windows Live Hotmail accounts are an example of HTTP accounts. All three account types use a .pst file.

Your items can also be moved or archived to a Personal Folders file (.pst). Because a .pst file is kept on your computer, it is not subject to mailbox size limits on the mail server. By moving items to a .pst file on your computer, you can free up storage space in the mailbox on your mail server. Outlook can be configured to deliver new items to a .pst file, but doing so has several disadvantages, including not being able to work with your items when you are using Microsoft Outlook Web Access with your Exchange Server e-mail account or when you are working on another computer.

Beginning with Microsoft Office Outlook 2003, a newer .pst file was introduced that offers greater storage capacity for items and folders and supports multilingual (Unicode: A character encoding standard developed by the Unicode Consortium. By using more than one byte to represent each character, Unicode enables almost all of the written languages in the world to be represented by using a single character set.) A file that is created in the Outlook Personal Folders file (.pst) format in Outlook 2003 or Microsoft Office Outlook 2007 is not compatible with earlier versions of Microsoft Outlook and cannot be opened by using those versions. To create a data file that is compatible with Outlook 2002 and earlier versions, you can create data files in the Outlook 97-2002 Personal Folders file (.pst) format. This file format is the same as the format that was available in earlier versions of Outlook.

Microsoft recommends that you regularly back up your .pst files and store them in a safe place. Your ISP or Microsoft cannot recover your e-mail or other items if the .pst file is lost.

[news] 마이크로소프트 아웃룩 이메일 완전삭제 보안 소프트웨어 출시 2008-05-28

 

-정보보안을 위해 폐기해야 할 이메일(E-Mail)에 대한 영구삭제 솔루션

- 휴지통 비우기, 포맷 등의 단순 삭제만으로는 쉽게 복구되는 데이터 및 자료의 영구삭제 기본 제공

- 마이크로소프트 아웃룩 2003/2007, 아웃룩 익스프레스 6 지원

- 자사 홈페이지 및 안철수연구소 인터넷 쇼핑몰 등을 통해 판매

 

무심코 삭제한 마이크로소프트 아웃룩 이메일과 파일의 복구될 가능성은 80 – 90% 이상.

 
휴지통 비우기, 포맷, Fdisk, Delete 등의 단순 삭제만으로는 하드디스크상에서 이미 지워진 파일의 복구를 막을 수 없으며, 마이크로소프트 아웃룩에서 이미 삭제한 이메일도 복구 소프트웨어를 통해 복구가 가능하다. 쉽게 유출 될 수 있는 귀중한 데이터뿐만 아니라 보안이 요구되는 이메일까지 안전하고 완전하게 삭제해 주는 기능을 제공하는 신개념의 정보 보안 소프트웨어가 국내 처음으로 선보인다.

 

데이터 보안 전문 기업인 비스타드닷컴(대표 정의석 www.e-vistad.com)과 네트워크/메시징 보안 전문 기업인 디프소프트(대표 이승찬 www.deepsoft.co.kr) 는 양사의 기술을 공유하여 개발을 완료한 이메일 전문 삭제 솔루션인 VDE for E-Mail 제품을 출시하고 자사 홈페이지 및 안철수연구소 인터넷 쇼핑몰 (http://shop.ahnlab.com) 을 통해 판매를 시작했다.

 

이 제품은 미국 국방성 표준을 포함한 국제 표준 삭제알고리즘을 사용하여 파일, 폴더, 논리드라이브, 임시파일, 개인정보 등에 대한 영구 삭제 기능을 기본적으로 제공하며, 마이크로소프트 아웃룩 2003/2007 메일과 아웃룩 익스프레스 메일 및 메일 폴더에 대한 영구삭제 기능을 제공하는 것이 특징이다.

 

비스타드닷컴과 디프소프트는 제품 출시를 기념하여 7월말까지 기업 고객을 대상으로 특별 할인 프로모션을 진행할 예정이며,
3/4분기 내에 일본, 미국 및 캐나다의 현지 법인과 파트너를 통해 판매를 개시할 예정이다.

 

보도자료 – 비스타드닷컴 www.e-vistad.com, 디프소프트 www.deepsoft.co.kr, 시큐비스타소프트 www.secuvistasoft.com

 

* 문의
국내 : 비스타드닷컴 031-726-2794, support@e-vistad.com
미국/캐나다 : 시큐비스타소프트 02-6433-3909, support@secuvistasoft.com

      
Head Office :
938 Howe st, Vancouver, Canada
Tel : 1-604-813-8656
support@secuvistasoft.com