www.usc.edu/its/services/authx/

ITS's is committed to being compliant with all of the standards to be a Certificate Authority (CA) site. For information, please see:

www.usc.edu/its/services/authx/CA/

The ITS Senior Statistics Software Consultant and the Customer Support Consulting Staff take responsibility for documenting and facilitating the use of these procedures. If you have questions or concerns, please direct them to <consult@usc.edu> or to Mushtaq Khan <mkhan@usc.edu>

Data Security can be thought of in two phases, if you will: transferring data and storing data.

Security in Transferring Data

Many data transfer protocols that have been popular in the past are reliable, but not necessarily secure. Example of non-secure transfer methods are regular pop, IMAP, http, ftp, and telnet. Gradually, these are being replaced with secure methods, such as secure pop, secure IMAP, https, ssh, scp, and sftp. Users concerned about the security of their data should use secure transfer methods whenever possible. Note that combinations of secure and non-secure methods equal non-secure methods. For example, if you use ssh (secure), and then IMAP (non-secure), you are defeating the purpose of the security features of ssh.

Here is a partial list of available secure and reliable alternatives:

• ssh -- replaces rlogin, and telnet
• scp -- replaces rcp
• sftp -- replaces ftp

www.usc.edu/its/doc/internet/ssh/

Security in Storing Data

For storing data (or encrypting data files before transferring them) ITS supports PGP -- "Pretty Good Privacy" -- among other things. PGP can be used to sign emails for verification, encrypt emails for privacy, encrypt data, or verify data. For information about PGP, please visit:

www.usc.edu/its/services/authx/services/pgp.html

The primary command for data encryption is gpg, which is a short reference for the GnuPG System. This list shows a few of the major uses of the command:

• gpg --gen-key
• gpg --encrypt
• gpg --decrypt
• gpg --clearsign
• gpg --verify

www.gnupg.org/docs.html