1 / 14

Data Encryption Overview

Data Encryption Overview. South Seas Corporation Jared Owensby. Important Points. Full Disk Encryption Typically sector by sector: OS is also encrypted; the entire drive is encrypted including the empty space on the HDD. One-time initial encryption only. Selective Encryption

darrin
Download Presentation

Data Encryption Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data EncryptionOverview South Seas Corporation Jared Owensby

  2. Important Points • Full Disk Encryption • Typically sector by sector: OS is also encrypted; the entire drive is encrypted including the empty space on the HDD. One-time initial encryption only. • Selective Encryption • Only certain parts of the OS and the information on the HDD. • File/Folder Based Encryption • Each file by itself, and each file as you add or create them. • Encryption of the SAM File • If the SAM file is not encrypted there is a possibility of compromising windows passwords, which also may be used for encryption authentication. • Encryption of Hibernation Files • The risk is very small, but it is possible to extract hibernation files from a drive that has been lost or stolen. These should also be encrypted. • Multi OS support • Linux and Macintosh have become larger players over the years. Your security shouldn’t be limited because of the OS you chose.

  3. Considerations • Dual Boot support • Dual boot machines are very handy when you have them, and they should also be entitled to the same protection that a single OS machine has • Pre-Boot Authentication (PBA) • Login screen prior to the OS booting, usually made to be very resistant against brute force attacks • Windows Authentication • Allowing the Windows GINA to handle the authentication procedures • Two Factor Authentication • Tokens such as Aladdin eToken pro 32k or RSA (PKCS or PKI) • Biometrics* • Bio-Password* • Single Sign On (Limited to Windows login/authentication) • Multiple options to achieve a single sign on to the desktop: *Cached Credentials, not typically considered to be true two-factor authentication

  4. Common Encryption Software • FileVault • PGP • Pointsec • TruCrypt (open source) • Utimaco • WinMagic

  5. Gartner Magic Quadrant (1H06)

  6. Utimaco • SafeGuard Easy (In bundle) • Full disk encryption, AES as well as others • Private Disk (In bundle) • Secure volumes • Private Crypto (In bundle) • Files and Folders • Removable Media (Added to bundle) • Flash memory, CD/DVD, External HDD • SafeGuard Advanced Security (In bundle) • Single Sign on enhancements, granular control over ports • LanCrypt (In bundle) • Network Shares • SafeGuard PDA (In bundle) • PDA’s • SafeGuard Enterprise (Migration option, in bundle) • Email Gateway (Optional purchase, State Pricing) • Hardware Security Module (Optional purchase, State Pricing)

  7. Pointsec • Pointsec* • Full Disk encryption • AES, 3DES, Blowfish, CAST • Boot Protection • Client Machines • Port Protection* • Granular Protection from unauthorized USB devices • Removable media encryption *May require separate purchase

  8. PGP • Full Disk Encryption* • AES, 3DES • Boot Sectors • Removable Media Protection* • File Based Encryption* • Network Shares* • IM Services* • Secure Transfer and Backup Services* *May require separate purchase

  9. Win Magic • Enterprise Solution • Pre Boot Authentication (Required) • Must use a SQL Server for Central Management • Active Directory • Client is to be pushed out over the network • AES • File, Folder, and Secure Volume Encryption

  10. True Crypt • Open Source • Secure volumes • Portable devices are supported • Uses AES as well as others • Can combine Algorithms, unique to TC • Can do an entire device, but it will format the device first • Cannot encrypt existing data, but data can be put into secure volumes

  11. File Vault • Comes with Mac OS (Free) • Mac Only (Not Windows) • AES128 • Secures the Home Directory • Secure Volume • Company wide master password • Very specific use

  12. Project Planning/Lessons Learned • Include Everyone! • Communication is paramount. • Network/Server, IT Security, Management, Training Department, Helpdesk, etc. • Written Security Policy & Procedures. • Know your environment. • Determine what you are going to encrypt. • Laptop, Desktop, PDA, Files, Email, Removable media. • Phased Approach. (Lab Test, Pilot Group, Push) • Don’t try to “Fix” encryption software issues without help! • Plan Ahead!!!!

  13. Best Practices • Back up your data, before deployment!!! • Turn off Anti Virus, or any other MBR monitoring software. • Turn off any software that monitors sector based write access. • Install software and then turn on encryption in a second step. • Do not lose master passwords!!! • Write them down. • Keep in a safe place.

  14. Questions?????

More Related