Security :: Hardware Personal Information Protection

Printer-friendly versionSend by emailPDF version

The best way to protect personally identifiable or other confidential information stored on a computer is to encrypt it. However, encryption can reduce performance on the computer and increase the complexity of using the applications on it. Therefore, if the computer is properly protected with strong, complex passwords and at current software and virus patch levels, deciding to encrypt data is a decision based on trade-offs between risk and performance.

Laptop Computers

Laptop computers used to collect or process personally identifiable or other confidential information need to be protected to the highest level possible. The following standards and guidelines apply:

1. Set up the laptop to boot only from the hard drive.

2. Passwords must meet Information Technology Services (ITS) requirements for access to the central computing servers and access to the Common Management System: see the Security Memo “Password Protection.”

3. Personally identifiable or other confidential information should be encrypted. On Windows laptops, the entire hard drive can be encrypted using Encrypted File System (EFS). There are third-party and open source products available for encrypting files on Mac and Linux laptops, but a better solution, which also can be used with Windows laptops, is to store all the personally identifiable and any other confidential information on an encrypted USB drive. Never store the laptop and USB drive in the same location. For example, the USB drive and laptop should never be carried in the same piece of luggage.

Desktop Computers

The following standards and guidelines apply:

1. Set up the desktop to boot only from the hard drive.

2. Passwords must meet Information Technology Services (ITS) requirements for access to the central computing servers and access to the Common Management System: see the Security Memo “Password Protection.”

3. The same encryption approaches can be used to protect personally identifiable or other confidential information on desktop computers as are identified for laptop computers above. An additional alternative is to store the information on a secured server rather than on the client workstation. The server should be fire-walled to block all ports except those required to support the specific applications being used.

4. If confidential information must be stored on the workstation, the workstation should be physically secured to the extent practical. Simply locking the office door may not be sufficient because many different units on campus must have access, and therefore keys, to all campus offices in order to support the campus. Possible approaches are to enclose the workstation in a security cradle that prevents removal of the hard drive or installing chassis intrusion detectors so that it can be determined if a drive could have been removed and then reinstalled.

Servers

Sensitive information stored on servers should be encrypted. However, it it is not practical from a performance standpoint to encrypt large amounts of or frequently used personally identifiable and other confidential information on a server, the following standards and guidelines apply:

1. Servers that store personally identifiable or other confidential information should be placed behind fire walls that block all ports except those necessary to the applications using the confidential information. Planned firewall implementations should be reviewed with Telecommunications & Network Services to ensure network diagnostics and management are not disrupted.

2. All communications between the secured server and the workstations should be encrypted (e.g., SFTP and SSH in place of FTP and Telnet, encryption set on “high” when using RDP).

3. Applications that do not use the confidential information should be moved to a different server.

Contacting the Campus Information Security Officer

The Campus Information Security Officer can be reached at (707) 826-3815 or security@humboldt.edu.

Related Topics

Policy, Security
feedback