Skip to content. | Skip to navigation

Advanced Search…
Personal tools
You are here: Home Resources Tools

Tools

Information Security Tools and Tips

Specialized software tools are frequently useful when privacy and security is required on a computing device. For example, ensuring that Sensitive Information is not left in a recoverable state on a notebook computer used for field research is an important consideration of many regulations and is standard best practice.

"Sensitive" is the key word in more information than is commonly thought. Sensitive Information includes but is not limited to information such as medical/health, grades, financial, social security number or other information of a personal nature; confidential or proprietary research data and other information that would not be routinely published for unrestricted public access.

Tool and Tip Topics:

E-Mail: Secure and Encrypted

Secure File Deletion and Erasure from Hard Drives and Removable Media

Encryption and Secure Storage of Sensitive Information

E-Mail: Secure and Encrypted
[Back to top]

University Secure and Encrypted E-Mail
The University uses "Post X" e-mail encryption to allow for secure sending and receipt of e-mail. More information on this tool including how to configure and use it is located at the following web site:  http://louisville.edu/it/services/e-mail/encryption.html

Secure File Deletion and Erasure from Hard Drives and Removable Media
[Back to top]

Caution: Do not use any of these tools without thoroughly understanding their operation. It is possible to accidentally and permanently delete needed data, up to and including everything on all of the hard drives in a computer! If you have any questions check with your Tier One or other technical support before doing anything.

DBAN hard drive wiper for PCs
Software to use on any hard drive in a "PC compatible" computer to completely remove all data. Use this software before surplusing or transferring a computer to another area. Available on the UofL IT Software Resales "Free software" site (requires valid UofL ID and password to log-in). Go to http://louisville.edu/it/services/software

Heidi Eraser - Secure file eraser for Windows PCs
Software to use on any "PC compatible" computer to eradicate individual files. Use this software to remove sensitive data from a PC that will remain in service. Allows you to target files that should be eradicated. This is free (they would like a donation) software available for download from the company's web site. Go to http://www.heidi.ie/eraser/ 

Permanent Eraser - Secure file eraser for MAC OS X 10.1 and later
MAC OS 10.3 natively provides support for the permanent deletion of files with the Secure Empty Trash feature, but for those who have earlier versions of Mac OS X, Permanent Eraser is the answer to ensure that your files have been securely removed. Use this software to remove sensitive data from a MAC that will remain in service. This is free software available from the company's web site. Go to: http://www.edenwaith.com/products/permanent%20eraser/

MAC OS X Disk Utility to securely delete entire hard drive
To permanently delete entire hard drive: According to Security Now podcast, "If you boot to the OS X installation disk, you can run Disk Utility from the menu bar and securely erase the whole hard drive with seven- or 35-pass secure deletion." See http://www.grc.com/sn/SN-130.htm  (Thanks to Jay Barbee).

Encryption and Secure Storage of Sensitive Information
[Back to top]

Do not store sensitive information on your laptop or workstation without taking proper security measures. This means use encryption as described below.

When saving sensitive information it pays to carefully consider where this information is stored:

  • Safest: One of the most reliable and safe places is on the University's Enterprise Novell servers. Using these servers minimizes the chance of data being lost, stolen or misplaced. Additional benefits include enterprise class data servers and facilities which encompass back-up and recovery of data, a highly secure climate controlled data center with fire suppression, electric power conditioning and power generating equipment along with many other features that are costly to duplicate.

    Your "H" drive space is reserved for your use only. Your "I" drive space is access controlled and can be set-up based on department, workgroups or other teams of individuals who have a legitimate need to access the information stored in an "I" drive folder.

    ALL USERS:     You can connect to the Novell drives using your web browser at this web address - https://landrives.louisville.edu/

    MacIntosh OS X Users and Novell Server Access:     Client software available from Prosoft Engineering allows OS X users to seamlessly connect to Novell resources including the "H" drive and the "I" drive. This software is being used successfully within the University. Check this link for more information:  NetWare Client for Mac OS X. Or use the web connection!

  • Safe: UofL has entered into a licensing agreement with Guardian Edge, the provider of encryption technology to the Veterans Administration. Currently, the Encryption Plus whole disk encryption product is available for use by all faculty and staff (includes student workers). If your "PC Compatible" laptop or workstation processes or stores sensitive information, you should contact your Tier support staff and arrange to have this product installed on your computer immediately. A version should be available for MacIntosh OS X soon. The advantage this software has over encryption capabilities included with modern operating systems is a central management console that can be used by IT to assist the user in recovering their password, recovering data in the event of certain hard disk failures and remotely disabling the computer in the event of theft and password compromise.

    The software is FREE to university faculty and staff and can be download from the "iTech Xpress" store. Log-in to iTech Xpress and go to the "Encryption Software Downloads" category. Download both files, the instructions and the installation program. Be sure to read the instructions carefully and work with your Tier support staff.

    Be sure to maintain back-ups of your critical work in a secure place such as the university "H" drive or properly access controlled folder on the "I" drive

  • Can be Safe: This is not recommended if your device is supported by the university's free Guardian Edge encryption described immediately above. If you must store sensitive information on a locally available device (such as a workstation or laptop not supported by Guardian Edge), TrueCrypt is available for many operating systems. Recent versions of both Windows and MacIntosh operating systems also file encryption capabilities. Some PDAs, cell phones and other highly portable devices also have encryption capabilities. Always use encryption capabilities if you must store sensitive information on these devices.

  • Unsafe: Workstations, notebook computers, PDAs, cell phones and other  portable computing devices, removable media (CDs, DVDs, memory sticks, etc.) are not safe for sensitive data unless you are able to encrypt the sensitive data files stored on them. If unencrypted, sensitive data should not be stored on these devices.

    Before using any type of server for sensitive information storage or processing (web server, file server, etc.) regardless of whether the server is a department, school or university server, make sure you understand the ways the files can be accessed, the file security (which affects who can read the files on the server) and the access controls in place to help manage access to the files.

Caution: Do not use any of these tools without thoroughly understanding their operation. It is possible to accidentally and permanently lose access to needed data, up to and including everything on all of the hard drives in a computer! If you have any questions check with your Tier One or other technical support before doing anything.

Document Actions

10/27/2008
University of Louisville Selects GuardianEdge to Protect Sensitive Data for Faculty, Staff, Doctors and Researchers

  • GuardianEdge, the leader in enterprise endpoint data protection, today announced that the University of Louisville has selected the GuardianEdge Hard Disk Encryption, Smartphone Protection and Device Control solutions to safeguard data for faculty and staff, doctors and researchers. [Click here for more information]

10/20/08
Fourth Annual Cyber-Security Awareness Week was a BIG Success!

08/25/08
Safe computing starts with knowing the rules of the road (InfoSec Bulletin #7 - August 25, 2008)

08/20/07
Information Security Policies
and Standards Approved: