Your SlideShare is downloading. ×
0
To encrypt or not to encrypt? That is the question.
Keeping Data Secure at Rest and in
                     Motion
                                        What Data?
• Import...
Keeping Data Secure at Rest and in
                    Motion

                        What is meant by secure?

• Keep se...
Keeping Data Secure at Rest and in
                    Motion

                              Encryption Basics

There are ...
Keeping Data Secure at Rest and in
                    Motion

                              Encryption Basics

- Some app...
Keeping Data Secure at Rest and in
                   Motion

                         The Office at Risk
Old Security Phi...
Keeping Data Secure at Rest and in
                   Motion

                        TrueCrypt Features
• TrueCrypt runs ...
Keeping Data Secure at Rest and in
                    Motion

                              TrueCrypt Demo

Lock up your ...
Keeping Data Secure at Rest and in
                 Motion

             Lock up your USB drive files using TrueCrypt



U...
Keeping Data Secure at Rest and in
                 Motion

             Lock up your USB drive files using TrueCrypt



U...
Keeping Data Secure at Rest and in
                 Motion

             Lock up your USB drive files using TrueCrypt



U...
Keeping Data Secure at Rest and in
                 Motion

             Lock up your USB drive files using TrueCrypt



U...
Keeping Data Secure at Rest and in
                 Motion

             Lock up your USB drive files using TrueCrypt



U...
Keeping Data Secure at Rest and in
                 Motion

             Lock up your USB drive files using TrueCrypt



U...
Keeping Data Secure at Rest and in
                 Motion

             Lock up your USB drive files using TrueCrypt



U...
Keeping Data Secure at Rest and in
                 Motion

             Lock up your USB drive files using TrueCrypt



U...
Keeping Data Secure at Rest and in
                 Motion

              Lock up your USB drive files using TrueCrypt



...
Keeping Data Secure at Rest and in
                 Motion

              Lock up your USB drive files using TrueCrypt



...
Keeping Data Secure at Rest and in
                 Motion

              Lock up your USB drive files using TrueCrypt



...
Keeping Data Secure at Rest and in
                 Motion

             Lock up your USB drive files using TrueCrypt




...
Keeping Data Secure at Rest and in
                  Motion

         Using TrueCrypt: I’m worried I’ll forget the passwor...
Keeping Data Secure at Rest and in
                   Motion

          Using TrueCrypt: I’m worried I’ll forget the passw...
Keeping Data Secure at Rest and in
                   Motion

          Using TrueCrypt: I’m worried I’ll forget the passw...
Keeping Data Secure at Rest and in
                   Motion

           Using TrueCrypt: I’m worried I’ll forget the pass...
Keeping Data Secure at Rest and in
                   Motion

          Using TrueCrypt: I’m worried I’ll forget the passw...
Keeping Data Secure at Rest and in
                 Motion

       Using TrueCrypt: I’m worried I’ll forget the password…
...
Keeping Data Secure at Rest and in
                   Motion

          Using TrueCrypt: I’m worried I’ll forget the passw...
Keeping Data Secure at Rest and in
                  Motion

                        TrueCrypt Demo
Lock up your Windows L...
Keeping Data Secure at Rest and in
                  Motion

                        TrueCrypt Demo
Lock up your Windows L...
Keeping Data Secure at Rest and in
                  Motion

                        TrueCrypt Demo
Lock up your Windows L...
Keeping Data Secure at Rest and in
                  Motion

                        TrueCrypt Demo
Lock up your Windows L...
Keeping Data Secure at Rest and in
                  Motion

                        TrueCrypt Demo
Lock up your Windows L...
Keeping Data Secure at Rest and in
                  Motion

                        TrueCrypt Demo
Lock up your Windows L...
Keeping Data Secure at Rest and in
                  Motion

                        TrueCrypt Demo
Lock up your Windows L...
Keeping Data Secure at Rest and in
                  Motion

                        TrueCrypt Demo
Lock up your Windows L...
Keeping Data Secure at Rest and in
                   Motion

                           TrueCrypt Demo
          Lock up ...
Keeping Data Secure at Rest and in
                    Motion

                             TrueCrypt Demo
Lock up your Wi...
Keeping Data Secure at Rest and in
                  Motion

                        TrueCrypt Demo
Lock up your Windows L...
Keeping Data Secure at Rest and in
                  Motion

                        TrueCrypt Demo
Lock up your Windows L...
Keeping Data Secure at Rest and in
                   Motion
                         Working with encryption software:


...
Keeping Data Secure at Rest and in
                      Motion
                                Working with encryption so...
Keeping Data Secure at Rest and in
                   Motion
                        Working with encryption software:


P...
Keeping Data Secure at Rest and in
                   Motion


Working with encryption software:

If you copy a file from ...
Keeping Data Secure at Rest and in
                       Motion


Working with encryption software:

If you copy a file f...
Keeping Data Secure at Rest and in
                   Motion


Working with encryption software:

If you copy a file from ...
Keeping Data Secure at Rest and in
                    Motion


Working with encryption software:

If you copy a file from...
Keeping Data Secure at Rest and in
                   Motion


Working with encryption software:

If an encrypted drive go...
Keeping Data Secure at Rest and in
                   Motion
            Organizational Challenges Opportunities
• Key man...
Keeping Data Secure at Rest and in
                   Motion
                           Encryption Policies
• At present, ...
Keeping Data Secure at Rest and in
                   Motion
                            Encryption Policies
• Here's the ...
Keeping Data Secure at Rest and in
                   Motion

Encryption on disk


A.     File / Folder:   NTFS, Truecrypt...
Keeping Data Secure at Rest and in
                   Motion

Transmission:

A. Virtual Private Network: VPN   http:/ /com...
Upcoming SlideShare
Loading in...5
×

To encrypt or not to encrypt? That is the question.

648

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
648
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "To encrypt or not to encrypt? That is the question."

  1. 1. To encrypt or not to encrypt? That is the question.
  2. 2. Keeping Data Secure at Rest and in Motion What Data? • Important information should be protected from theft, being misplaced or altered without authorization. Social Security Numbers (SSN) Drivers license number Financial account number in combination w/any security code, access code or password Student grades Exams, PhD Qualifiers and homework solutions Business email Address book (stores names, phone numbers, email addresses, birthday, home phone number, home address, relatives names) Personal email you might want to keep private Budgets Employee evaluations and other HR information Business documents and memos
  3. 3. Keeping Data Secure at Rest and in Motion What is meant by secure? • Keep sensitive information confidential and safe from prying eyes • Data is not changed without the alteration being detected • Data is not changed without authorization Options: • Store data on secure server and access over network Data in motion • Store data on mobile computer or mobile storage media Data at rest but no physical security
  4. 4. Keeping Data Secure at Rest and in Motion Encryption Basics There are two basic ways to encrypt data: Both use keys which are large numbers used to drive the encryption and decryption algorithms Asymmetric PKI (public-key infrastructure) uses a pair of keys Private key – known only by the user and kept secret Public key - known to the public and used by the other party to exchange messages Symmetric (also known as secret key) uses one key Generally speedier than PKI
  5. 5. Keeping Data Secure at Rest and in Motion Encryption Basics - Some applications have built-in encryption - Encryption can also be built-in to hardware Some Hitachi and Seagate hard drives have built-in encryption Some USB memory drives have built-in encryption chips - Encryption software allows adding security to almost every application. - Some examples: PGP GPG TrueCrypt Microsoft BitLocker and EFS OS X File Vault
  6. 6. Keeping Data Secure at Rest and in Motion The Office at Risk Old Security Philosophy – create a hardened perimeter to protect the network and the data stored within Shift in Corporate computing calls for a shift in security philosophy No Edges – since 2004, there has been a documented de-perimeterization of the corporate network Information Centric approach focuses on protecting the data and having the protection travel with it. Supporting this approach to data protection requires supporting encryption and key management
  7. 7. Keeping Data Secure at Rest and in Motion TrueCrypt Features • TrueCrypt runs on Windows, Linux (RPM and .deb) and OS X • TrueCrypt is Open Source and free to distribute • TrueCrypt is in active development (Works with OS X 10.5 and Windows Vista) • A TrueCrypt volume can be stored on USB memory, External Hard disk, CD, DVD, Desktop, Laptop and Flash memory cards. • TrueCrypt supports full disk encryption on Windows.
  8. 8. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your USB drive files using TrueCrypt Preparing the files - Although it’s not vital, you should move all the files that may be in your USB drive to your hard drive. Leave the space to be encrypted on the USB drive empty before starting. Use the Volume Creation Wizard:
  9. 9. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt Use the Volume Creation Wizard:
  10. 10. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt Use the Volume Creation Wizard:
  11. 11. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt Use the Volume Creation Wizard:
  12. 12. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt Use the Volume Creation Wizard:
  13. 13. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt Use the Volume Creation Wizard:
  14. 14. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt Use the Volume Creation Wizard:
  15. 15. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt Use the Volume Creation Wizard:
  16. 16. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt Use the Volume Creation Wizard:
  17. 17. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt After creating a volume, Use the Traveler Disk Setup:
  18. 18. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt After creating a volume, Use the Traveler Disk Setup:
  19. 19. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt After creating a volume, Use the Traveler Disk Setup:
  20. 20. Keeping Data Secure at Rest and in Motion Lock up your USB drive files using TrueCrypt When Traveler Disk is put in Windows PC:
  21. 21. Keeping Data Secure at Rest and in Motion Using TrueCrypt: I’m worried I’ll forget the password… When the volume is first created, backup the Volume header and Initial password:
  22. 22. Keeping Data Secure at Rest and in Motion Using TrueCrypt: I’m worried I’ll forget the password… When the volume is first created, backup the Volume header and Initial password:
  23. 23. Keeping Data Secure at Rest and in Motion Using TrueCrypt: I’m worried I’ll forget the password… When the volume is first created, backup the Volume header and Initial password:
  24. 24. Keeping Data Secure at Rest and in Motion Using TrueCrypt: I’m worried I’ll forget the password… When the volume is first created, backup the Volume header and Initial password: Enter the location for storing the backup.
  25. 25. Keeping Data Secure at Rest and in Motion Using TrueCrypt: I’m worried I’ll forget the password… When the volume is first created, backup the Volume header and Initial password:
  26. 26. Keeping Data Secure at Rest and in Motion Using TrueCrypt: I’m worried I’ll forget the password… Volume header backup file:
  27. 27. Keeping Data Secure at Rest and in Motion Using TrueCrypt: I’m worried I’ll forget the password… When restoring a Volume header, use the initial password:
  28. 28. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption
  29. 29. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption
  30. 30. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption
  31. 31. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption
  32. 32. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption
  33. 33. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption
  34. 34. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption
  35. 35. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption
  36. 36. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption TrueCrypt requires you to verify the Rescue disk (which is a good thing). The encryption key is in the Rescue disk ISO file. Store it in a safe place along with the initial password. If you have a key escrow system or policy: • Encrypt the system • Store the Rescue disk and password in safe location • Give system to end user and allow them to change the password at will
  37. 37. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption • If password is ever lost, you can use the rescue disk and the initial password to decrypt the data • If needed, a rescue disk can be created later
  38. 38. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption
  39. 39. Keeping Data Secure at Rest and in Motion TrueCrypt Demo Lock up your Windows Laptop with Full Disk Encryption
  40. 40. Keeping Data Secure at Rest and in Motion Working with encryption software: Problem: When you copy files or directories to an encrypted volume, the original unencrypted data is still on the drive until it is overwritten. • This is true for most file systems including NTFS, FAT and FAT32. • To move the files and overwrite the original data, use a secure erase utility. • There are also utilities to overwrite the free space on a drive Windows Secure Erase utility Eraser - http://sourceforge.net/projects/eraser/
  41. 41. Keeping Data Secure at Rest and in Motion Working with encryption software: Eraser Features • Works with Windows 95, 98, ME, NT, 2000, XP (32/64),Vista (32/64), Windows Server 2003 and DOS. It works with any drive including IDE, SCSI and RAID, and CD-RW's. • Uses the Guttmann (Default), Pseudorandom Data and US DoD 5220-22.M methods. Erases Files and Folders. Erases Files/Folders that were only previously 'deleted'. Erases all hard drives using 'Darik's Boot and Nuke' method. Erases Index.dat on Reboot Erases FreeSpace on 95, 98, ME, NT, 2000, XP and DOS. Erases contents of the Recycle Bin. Erases Network Files, Floppy Disks, CD-RW, DVD-RAM, DVD-RW. Erases Windows Temporary Files. Erases Internet Cookies. Erases Paging (swap) file. Erases Internet Cache. • Appears as an 'Erase' option on the Context Menu of Windows Explorer and Recycle Bin. • Comes with an Eraser Scheduler that allows you to create user-defined tasks. • Defeats File Recovery software applications Hardware tools. • Supports FAT32 and NTFS Files Systems.
  42. 42. Keeping Data Secure at Rest and in Motion Working with encryption software: Problem: When you copy files or directories to an encrypted volume, the original unencrypted data is still on the drive until it is overwritten. SDelete - Command line secure erase utility http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx File Vault on OS X has a secure erase option Move file to Trash and choose Finder menu to Secure Empty Trash shred – GNU Unix utility for secure erasure gshred – Solaris secure erase utility scrub - Unix utility for erasing free space on a volume scrub -X /scratch/junk
  43. 43. Keeping Data Secure at Rest and in Motion Working with encryption software: If you copy a file from an encrypted drive or volume to an unencrypted one: A) The information stays encrypted B) The information becomes unencrypted
  44. 44. Keeping Data Secure at Rest and in Motion Working with encryption software: If you copy a file from an encrypted drive or volume to an unencrypted one: A) The information stays encrypted B) The information becomes unencrypted If using TrueCrypt, the information becomes unencrypted on the target volume. * If using Microsoft’s EFS and the target is a local disk, the file remains encrypted
  45. 45. Keeping Data Secure at Rest and in Motion Working with encryption software: If you copy a file from an encrypted drive or volume to a network drive: A) The information stays encrypted in transit B) The information becomes unencrypted in transit
  46. 46. Keeping Data Secure at Rest and in Motion Working with encryption software: If you copy a file from an encrypted drive or volume to a network drive: A) The information stays encrypted in transit B) The information becomes unencrypted in transit Generally, the file is unencrypted in transit and on the target drive, unless the target drive is encrypted. Microsoft file servers, Novell file servers and AFS servers do not support encrypting the file in transit.
  47. 47. Keeping Data Secure at Rest and in Motion Working with encryption software: If an encrypted drive goes bad, you can return it for warranty repair and not worry about the data being recovered. If an encrypted Laptop, CD or USB memory device is lost, you don’t have to worry about the data being recovered.
  48. 48. Keeping Data Secure at Rest and in Motion Organizational Challenges Opportunities • Key management plays an extremely important role in the world of data security/privacy. • The problem here is that the development of enterprise-class key management systems lags well behind the adoption of encryption technologies. • Large organizations like ours tend to develop islands of encryption. • One lost encryption key and the data cannot be recovered. • For a large organization, avoiding this problem demands formalized processes and robust technologies for key management--creating, organizing, storing, and auditing encryption keys.
  49. 49. Keeping Data Secure at Rest and in Motion Encryption Policies • At present, NC State University has no formal encryption policies • The University of Virginia recently implemented a policy (in phases) on electronic storage of highly sensitive data: https://etg07.itc.virginia.edu/policy/policydisplay?id=IRM-015. • Briefly stated, the policy prohibits the storage of highly sensitive data on individual-use electronic devices, unless such action has been approved by a vice president or dean. If approval is granted, the data must be encrypted and the device has to be protected by certain security safeguards. Storage on electronic media is also addressed.
  50. 50. Keeping Data Secure at Rest and in Motion Encryption Policies • Here's the UVA policy definition for "Individual-Use Electronic Devices": Computer equipment, whether owned by the University or an individual, that has a storage device or persistent memory, such as desktop computers, laptops, tablet PCs, BlackBerrys and other personal digital assistants (PDAs), and smart phones. Individual-Use Electronic Media: All media, whether owned by the University or an individual, on which electronic data can be stored, including but not limited to external hard drives, magnetic tapes, diskettes, CDs, DVDs, and USB storage devices (e.g., thumb drives).
  51. 51. Keeping Data Secure at Rest and in Motion Encryption on disk A. File / Folder: NTFS, Truecrypt, PGP, GPG B. Application: Winzip, Adobe Acrobat (128-bit, not 40-bit) C. Whole-disk: Truecrypt, Bitlocker, PGP-WDE
  52. 52. Keeping Data Secure at Rest and in Motion Transmission: A. Virtual Private Network: VPN http:/ /comtech.ncsu.edu/networking/vpn_access.php B. SSL or HTTPS C. SSH and SCP D. SFTP E. IMAP w/SSL
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×