資訊科技小貼士網上檔案分享的安全; Information Security Tips Series Online File Sharing Security (Offbeat 976)

現今,人們經常利用不同的服務供應商網站或電腦軟件等平台與朋友分享檔案。一般的服務網站都以雲端的技術作為檔案儲存,而電腦軟件又以點對點的形式最為普遍。在網絡上分享檔案的確帶來很多便利。然而,當享受檔案分享技術所帶來的便捷同時,使用者又有否注意到當中所隱藏的資訊保安風險(Information security risk)呢?

檔案分享有保安風險嗎?
近年,有關網上分享資訊的保安風險問題,一直受關注。在服務供應商網站所提供的檔案儲存分享中,最為用家感到憂慮的是,保安技術和措施是否可靠?如早前有服務供應商的使用者帳戶和密碼失竊,並散布到其他網站上,當中因為欠缺一些安全機制(Security mechanism)而令事故發生。

有些點對點軟件可能要求使用者開啟一些網絡端口(Network ports)來傳送檔案,然而,駭客亦有可能在未經授權下,透過這些已開啟的網絡端口入侵(Invade)使用者的電腦。此外,沒有提供程式開發碼(Open source)給用家審閱的點對點軟件,本身可能附有病毒或惡意程式,例如木馬程式(Trojan),一經下載及安裝,儲存在電腦的檔案亦會被感染病毒,增加電腦給駭客操縱(manipulation by hackers) 的危險。另一方面,有部分不良的軟件供應商會預先在軟件裡隱藏了一些漏洞,使用者以為設定了只有特定資料夾作檔案分享,但實際上是分享了整個磁碟機,最終, 個人或敏感資料(Personal, sensitive data)便可能外洩。

另一令人關注的是有關上傳或下載檔案的版權問題。當上傳或下載檔案時,要留意當中有否涉及版權和知識產權,否則便可能觸犯版權條例。

如何減低檔案分享的保安風險?
1. 密碼管理及傳輸加密 (data transmission encryption)
定期更改服務供應商網站的帳戶密碼,並且使用保密性較強的密碼,以及使用含有安全通訊端層等加密技術的服務供應商網站來傳送帳戶密碼。

2. 避免上載機密或含個人資料的檔案

於網上上傳機密文件或含個人資料檔案會有很大的風險,應避免分享此類檔案,以免因資料外洩而招致損失。

3. 審查分享檔案的內容

上載檔案之前,應小心審查分享檔案的內容是否涉及版權和知識產權條例,以免觸犯法例。

4. 更新防毒軟件及開啟防火牆功能

定期更新防毒軟件和定義檔案,以確保所有上傳或下載的檔案是安全的。此外,開啟個人防火牆功能,亦可減低駭客入侵的機會。

總括而言,不要使用或下載來歷不明的檔案分享軟件。當你不需要使用檔案分享時,最佳方法是不要安裝此類軟件或開啟檔案分享,以防止資料外洩或被盜。

Nowadays people often use different web service providers or computer software as platforms to share files with friends. In general, service providers will use cloud computing technology to store files, whereas peer-to-peer structure will be the most common computer software used for online file sharing. Online file sharing certainly brings conveniences. Nevertheless, while enjoying the convenience brought by file sharing technology, does a user notice the implicit information security risks?

Any security risk?

In recent years, the security risks associated with online file sharing have attracted wide attention. Amidst the various online file sharing and storage services from service providers, most users worry about their reliability on security technologies and measures. As revealed in a recent case in which the user accounts and passwords of a service provider were disclosed and disseminated to other websites because of the lack of security mechanism.

Some peer-to-peer software might require users to open certain network ports for file transfer. However, this might enable hackers to carry out attacks through these opened network ports. In addition, some peer-to-peer software without source code provided might be encapsulated with virus or malicious code, such as Trojan horses. Upon downloading and installing, the files stored on the computer will be infected with virus, or even allowing hackers to manipulate the computer. On the other hand, some unethical software providers might in advance conceal a trap door to mislead users that only the designated folder is designed for sharing, but actually the entire drive is shared. As a result, some personal or sensitive information might be leaked through these settings.

Another concern is copyright issue. While uploading files to the Internet, users should check whether those shared files contain pirated software or copyrighted material, otherwise users would breach copyright regulations and face legal action.

How to minimise security risks?

1. Password management and data transmission encryption

For file sharing on a web service platform, it is necessary to change the user password periodically and use a strong password that is not easy to guess. Furthermore, users should use those web service providers that allow data encryption (e.g. Secure Socket Layer (SSL)), such that the password is encrypted when transmitted online.

2. Protection of sensitive or personal information

Uploading and transmitting classified files could give rise to security risks. Users should restrict sharing this kind of files online, lest the sensitive or personal information should be exposed to unauthorised people.

3. Copyright and intellectual property right

Before uploading files to the Internet, it is essential to examine the file content to see whether it is covered under copyright or intellectual property right to avoid the violation of copyright regulations.

4. Anti-virus software update and activation of personal firewall function

It is important to keep anti-virus software and definition file current to protect the computer against virus. Besides, activation of personal firewall function could minimise the risk of hacker attack.
In conclusion, do not use or download any unidentified file sharing software. To prevent information leakage or theft, the best way is not to have shares enabled or set up when you don’t need them.

 

 

 

Give me comment!

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com 標誌

您的留言將使用 WordPress.com 帳號。 登出 /  變更 )

Google photo

您的留言將使用 Google 帳號。 登出 /  變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 /  變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 /  變更 )

連結到 %s

%d 位部落客按了讚: