Encryption

image of keys

About Encryption

Encryption is the process of scrambling data so that it's only readable only if you know how the data was scrambled. By encrypting data saved on disk (at rest) or sent across a network (in transit) the information is protected from attackers. Below you will find further explination of each concept and some methods of performing encryption.

Encryption at Rest

In the event that your laptop or USB drive is stolen, a novice attacker can access all of the information stored at rest on the device. Even if a password is required to logon it's trivial to bypass the password prompt. Because of this known risk, portable devices, particularly those handling confidential or sensitive information per our Data Classification policy should use encryption software to prevent this attack.

When using encryption software, make sure that you keep a backup of your decryption password in case you forget the password. In the event that you forget your decryption password there is no way to reset the password. Keep your backup decryption key somewhere safe such as inside of a wallet or locked in a desk drawer.

Microsoft BitLocker

A feature found on Microsoft Windows 7 Ultimate and Enterprise editions that can encrypt an entire hard drive or USB storage. Visit the Microsoft website for information.

TrueCrypt

A free program that encrypts drives, folders and USB storage. This software is compatable with Windows, Mac and Linux operating systems. Visit the TrueCrypt website for more information.

Apple FileVault

Apple Mac computers have a feature called FileVault that can encrypts a single users documednts. Other users on the same computer will not be encrypted. Visit the Apple website for more information.

WinZip encryption

WinZip has a feature where compressed archives can be encrypted. One popular use of WinZip encryption is for emailing sensitive information. In such a situation you would create an encrypted archive containing the sensitive information. Email the archive to the intended recipient. Send the decryption password to the recipient using a different out of bounds communication channel such as a letter, phone call, text message or fax. Visit the WinZip website for more information.

Encryption in Transit

When information is sent across a network such as the Internet cyber attackers can eavesdrop on the information while it travels to the intended destination. Because of this known issue it's important to encrypt any sensitive information before transmitting information. Luckily all of the protocols that do not encrypt have long been superseded by newer ones that support encryption. Below is a table of insecure network protocols and their newer encrypted counter parts. Further information on encryption and networks can also be found on the Microsoft website.

Insecure Protocol

Secure Encrypted Equivalency

Telnet

SSH

FTP or TFTP

SFTP or FTPS

HTTP

HTTPS

SMTP

SMTP over TLS/SSL

SNMP V1 or V2

SNMP V3

VNC

Remote Desktop