Viking VPN Service Cyber Security Wiki: Personal Online Security For The Individual Beyond VPN Service
Cyber Security Wiki Navigation:
- Cyber Security Wiki Home
- How To Secure Your Passwords
- How To Secure Your Email
- Browser Security
- Smartphone Security & Privacy
- Firewall Security Setup, Settings, & Guides
Data At Rest
Data at rest is data that is sitting on storage drives. This can be anything from the hard drive in your computer, to a USB memory stick, to the flash memory in your smartphone, to the data sitting on a hard drive in a server somewhere. This is data that is persistent and generally stays in once place, on that device. To protect this data, you have to think about methods that attackers must use in order to “exfiltrate” your personal files. For an attacker to get at this data, they have to actively attack your system. They could break into your computer, steal your phone, or copy your USB thumbdrive’s data.
In order to protect data at rest, you have to assume that your data has been physically lost. The only way to protect data that is physically lost is to store that data in a state that isn’t readable by the thief. This is where encryption and passwords come in.
Conversely data in flight is data in motion. This is when data is being transmitted from one place to another. This can be via a plain wired ethernet network, satellite phone, cell phone, the internet, WiFi, Bluetooth, or any of hundreds of other methods. To protect this data, you have to be sure that parties that you don’t trust cannot read the data. An easy way to think about data in flight is to think about the chain of parties that your data must pass through in order to do an online purchase.
In order to purchase something online:
You have to trust your own PC, and that all of the software and hardware installed on it is not malicious.
You have to trust your chosen browser and any add-ons that you have installed.
You then have to trust all of the devices between yourself and the website.
This means that you have to trust your router and wifi settings, your modem, your internet provider, all of their equipment, and the multiple internet carriers that your internet session travels through to reach your website where you do your shopping.
Then you have to trust the website itself to handle your data properly and not lose/sell it to other parties.
So as an example, I would be, in a single transaction trusting:
Intel, Broadcom, Microsoft, Mozilla, Linksys, Motorola, Comcast, Cogent, Level3, Juniper, Cisco, Amazon and so on… to handle your data properly. A single transaction between myself and Amazon requires me to trust a huge number of parties that I may or may not want to have access to my data.
Encryption is the way that we liberate ourselves from this burden of having to trust a mountain of parties to make a transaction on the internet. The parties that want to get that data from you, whether it is credit card numbers, your location data, nude pictures, your tax information, or your Facebook login, are searching for your data in flight. They are hoping that you’ve made the mistake of selecting a piece of software that has been poorly written or compromised, and that they can see your data in the clear somewhere along this long path.