Keeping private data
private is an important task in the modern age. The
Internet revolution has made information accessible
to everyone and helped organizations offer new and
powerful services to customers. Unfortunately the
same information flow that can keep your enterprise
running smoothly can also be used again a company by
competitors or hackers looking for profit.
Encryption technology is used to scramble data to
prevent it from being read by unauthorized parties.
Encrypted data can be freely passed across public
networks, and can be stored in less secure
facilities.
Encryption
technologies work by
performing
mathematical
operations on plain
text to transform it
into scrambled
cipher text. The
common factor is a
special value called
a key which is used
to both encrypt and
decrypt the data.
Without the proper
key value, it is
impossible to
restore the original
data. Keys are
usually randomly
generated binary
digits, and can
range from 56 to
2048 bits of length.
Like passwords, the
longer the key and
the more frequently
it is changed, the
more difficult it is
to crack.
Very simple! It is an
Encryption Program
designed and developed for all to
easily protect their computer files. In a nut-shell the
steps are:
Ez-Crypto allows you to
either encrypt single file, multiple files, or entire
folders.
For more information
select the
Ez-Crypto Encryption
Utility
Tab.
There are two types
of encryption
methods Symmetric
and Asymmetric.
Symmetric encryption
works by using a
secret key to
encrypt information.
In order to decrypt
the information, you
need access to the
same key that
encrypted it. Well
known examples of
symmetric encryption
are the DES and 3DES
standards, and the
new Blowfish
encryption
algorithm.
In asymmetric
encryption, there
are two keys, a
public key used to
encrypt data and a
private key to
decrypt it. You can
only use the public
key to encrypt it
and only the private
key to decrypt it.
This solves the
problem of key
exchange. The public
key is meant to be
public and can be
freely exchanged.
| |
 |
Twofish:
A symmetric key block cipher with a block size of
128 bits and key sizes up to 256 bits. |
| |
|
AES: A block cipher adopted as
an encryption standard by the US Government
featuring a fixed block size of 128 bits and a key
length of 128, 192, or 256 bits. |
| |
|
Blowfisth: A block cipher with
a 64-bit block size and a key length of 32 bits to
448 bits. |
| |
|
RC4: A software stream cipher
widely used in popular protocols such as Secure
Socket Layer (SSL) (to protect Internet traffic) and
WEP (to secure wireless networks.) |
| |
|
3DES: A block cipher formed
from the weaker Data Encryption Standard (DES)
cipher. 3DES encrypts data three times and uses a
168-bit key. 3DES is now being replaced with the
stronger IDEA. |
| |
|
IDEA: A block cipher with a
64-bit block size using a 128-bit key. IDEA is used
in PGP software. |
In modern day
encryption
schemes like SSL
and PGP, both
symmetric and
asymmetric
encryption is
used. Companies
also often build
out PKI (Public
Key
Infrastructure)
to manage the
public keys used
in the
enterprise.
Often, encryption
has the aura of
illegality
surrounding it.
People hear about
encrypted files and
think of companies
or users trying to
hide evidence or
trying to evade
detection. Perhaps
this notion was
started in the
movies where bad
guys are
transporting secret
documents and the
good guys
intercepted them,
decode the secrets
and save the day.
In reality, there
are several
legitimate reasons
for a company to
implement several
layers of encryption
in the enterprise.
Companies used to
ship old records off
to secure storage
facilities when they
were no longer
needed. In the
modern day, many of
these records are
digital and are
simply archived to
media like DVD or
tape and stored. A
company should
encrypt sensitive
records before
sending them to long
term storage so that
they cannot be read
by casual observers.
Good candidates for
this type of storage
are medical and
employee records,
credit card and
purchase data, and
banking information.
There always seems
to be a story in the
new about massive
identity theft.
Hacker groups break
into a server and
steal the entire
customer database
complete with credit
card numbers and
social security
numbers. Simply
storing the
sensitive
information in an
encrypted form in
the database can
offset the damage
done by these types
of attacks. At the
minimum, fields in
the record storing
sensitive
information should
be encrypted
Securing mobile
computers. A
combination of a
biometric password
(thumbprint reader
or similar device)
and an encrypted
file system can be
an effective defense
against data theft
from a laptop
computer. This
combination is
popular enough that
several models of
the IBM ThinkPad
laptop come with a
fingerprint reader
built in. Secure2
drive space.
Employees may want a
place to store
personal files that
are immune from
snooping by other
employees.
Secure messaging
between trusted
parties helps keep
private information
private. Encrypting
network
communications.
Examples are using
SLL certificates
between web browsers
and servers, or SSH,
SCP, SFTP, and other
tunneling and VPN
technologies.
E-Mail is the
lifeblood of
business, but very
few users understand
how vulnerable it
can be to snooping.
E-Mail messages are
plain text and
travel the Internet
through several
connected routers
just like any other
traffic. At any
point along the
chain, messages can
be intercepted,
read, changed or
deleted. If someone
attaches a network
sniffer to a segment
along any of these
routers, or even
sniffs the traffic
on the corporate
LAN, sensitive data
can be exposed.
The solution to this
problem is to use
encrypted e-mail by
utilizing two
technologies;
digital signatures
and public/private
key encryption.
Digital signatures
allow a user to
electronically sign
a document using
their private key. A
recipient of the
message can use the
sender's public key
to verify that the
message originated
from him. Digital
signatures are
legally binding in
many states and are
hard to crack or
spoof unless someone
has stolen the
sender's key. While
a digital signature
will confirm the
identity of the
sender, it does not
secure the content
of the message. For
this, users can use
public/private key
encryption. The
sender can use the
recipient's public
key to encrypt the
e-mail message and
the recipient can
then decrypt it
using their private
key.
Freely available
tools on the
internet can easily
crack passwords. For
real security, an
Enterprise needs to
use digital
certificates.
Certificates created
using strong
encryption methods
are much more secure
than simple text
based passwords and
can be easily
integrated with a
user's desktop and
applications to
provide seamless
password free access
to corporate assets.
Wireless routers are
also a major
potential security
risk for an
Enterprise. If a
company rolls out a
wireless network,
they must insure
that it is encrypted
to protect internal
assets. The wireless
standard 802.11b
specified a security
protocol name WEP
(Wired Equivalency
Protocol) for
security. This was
based on the weaker
RC4 encryption
cipher, and has been
compromised for
several years. With
as little as a
gigabyte of data,
freely available
tools can crack the
WEP password used as
the key for network
access. Newer access
points can use the
newer WPA (WiFi
Protected Access)
and WPA2 encryption
standards. WPA is
specified in the
802.11 standard and
will be the security
method for wireless
going forward. WPA2
is the final version
specified in 802.11i
and supports the
strong AES
encryption method.
The following
represents a short
list of encryption
best practices for
any organization.
| |
|
Use SSL for all
secure transactions using Web Servers. Make sure the
infrastructure can use stronger 128 bit key. |
| |
|
Only allow remote workers
to connect to the corporate LAN through VPN (Virtual
Private Network). This ensures that all data and
communication is secure. |
| |
|
Use encrypted mail and IM
for communication between company employees and
suppliers and vendors. Ensure that users are
educated about the inherent insecurity of e-mail and
Instant Messaging applications. |
| |
|
Encrypt sensitive data
stored in databases. If the worst case happens and
the data is stolen, it will be less likely that
damage can be done with it. |
| |
|
Encrypt little used or old sensitive files. This
will ensure that only authorized people will be able
to view them. |
| |
|
Use stronger authentication mechanisms than
passwords. Consider using hardware tokens, or
digital certificate based schemas. |
| |
|
Encrypt all sensitive network communication.
Connect to servers using SSH secure shells. Use SFTP
(secure FTP) instead of FTP. |
| |
|
Isolate risky open systems on the DMZ segment of
your network. Isolate these systems as far away from
the corporate LAN or production environment as you
can. |