file encryption

file encryption

For file and folder encryption, there are many tools that will do the job.  File encryption can be saved to a thumb drive, hard drive or SD Card.  One free, open-source and useful method of encrypting data is TrueCrypt.

TrueCrypt is freeware that creates a virtual encrypted disk on a file, partition or entire disk drive.  It works on Windows, OS and Linux.

What TrueCrypt does is to create an encrypted area of storage (and encrypted volume) where you can drag unencrypted data for encryption.  This is known as one-the-fly encryption (OTFE aka real time encryption).

To install TrueCrypt go to http://www.truecrypt.org/downloads

 

Once you Double Click the TrueCrypt icon, you will see this:

 

Click the “Create Volume” button for creating the encrypted volume.  This volume will allow file encryption (or folder encryption).

You will see the “TrueCrypt Volume Creation Wizard”.  Since we want file encryption and/or folder encryption, we will select “Create an encrypted file container”.  Note that TrueCrypt also allows full partition and full system drive encryption.

We will choose “Standard TrueCrypt volume” and select next on the TrueCrypt Volume Creation Wizard.

note: The TrueCrypt Volume Creation Wizard allows you to hide the data or just encrypt with a password.  With a higher need for privacy, you may need to hide the fact that there is file encryption at all so no one even questions you about why its encrypted.  If its not hidden, others will see a file that cannot be opened with any application they know of.  And even if they do know that it must be decrypted to view the contents, they must have the password.

Scientists launch new, ‘unbreakable’ encryption system

A new encryption system, which its creators say is unbreakable, got its first test run Wednesday in Vienna, scientists from the European Union project SECOQC announced.

digg user kinthiri explains:
Quantum cryptography is unbreakable because if any 3rd party views it that does not have the credentials and is not the intended recipient, the simple viewing of the encrypted data by that third party changes that data such that even the intended recipient can’t decrypt it. Thus they know that there is a 3rd party viewing the stream. Effectively the data self destructs if anyone attempts to intercept it or decrypt it. This is not a new phenomenon.

What is new is that its being used commercially. It had previously been used experimentally by the military in association with researchers, but this is the first time its been brought to life outside test environments and is available commercially.

The nature of quantum mechanics makes this truly unbreakable. You couldn’t even factor this using your own quantum computer, if you could even get one with enough qbits.

read more | digg story

Challenges of Internet Security

The primary challenges of Internet security have everything to do with balancing accessibility and functionality with the three pillars of information security: confidentiality, integrity and availability.

The Internet has become an in disposable tool for research, commerce, art, education and virtually every part of modern life. It was the inquisitive, intelligent, intuitive and creative nature of humanity that created the Internet and its those same qualities that put individual systems linked directly to the Internet in peril. The three pillars of information security are at stake for all systems with connectivity to the Internet. The challenge is in the implementation of the necessary security controls to achieve those three pillars.

Confidentiality:

Confidentiality pertains to protecting sensitive information. Sensitive information can be anything from private user information to classified defense data. Many organization live and die by the protection of proprietary information from competitors. During wartime, the armed services literally LIVE or DIE based on how well certain sensitive information is guarded. In the US Department of Defense is called Operational Security. Since the Internet is a critical part of the DoD (and defense organizations around the world) the confidentiality is a HUGE challenge for their Information systems exposed to the Internet. Some of the threats to there systems include: social engineering, leaks of information and accidental release of sensitive data. All of these threats can be enabled via the Internet.

Organizations must educate their user who have access to sensitive information. I’ve heard some security professionals say that educating users is bad.

But if your users have access to sensitive information (and need to have that access to do their jobs) it is imperative that they not only know WHAT is sensitive, but WHO it can be give to, WHEN it can be shared, HOW it can be share and WHY it can be shared.


Integrity:

Data integrity is very important to all systems passing data on the Internet. Integrity has to do with whether or not the message on the other end of your connection is the same one you actually sent. Whether its your passwords being passed to your bank or the DoD passing data over the Internet, the integrity of the data is imperative. Its often taken for granted until, we are sending an email and the receiver says they got the email but the message can’t be read. Sometimes if the messages integrity is garbled or malformed it simply won’t reach its destination. If the integrity of a message can not be protected in some way or verified and checked, it is possible for someone to intercept your message, alter it, and send it on its way. Integrity is especially critical in banking and financial transactions which is why encryption and authentication take on such an important role for sensitive transactions such as ATM withdrawals, and online banking.

The challenge to maintaining Internet integrity is to ensure that link is encrypted when necessary.


Availability:

If there is no availability there is no mission, no business, no functionality. One of the major challenges of Internet security has been Denial of Services attacks. A Denial of Service attack is when your system on the Internet (or within a network) is flooded with useless traffic such that no one else (not even you) can use it. With a misconfiguration, a denial of service can happen by accident. Its important to test the availability of an online system. Its also a good practice to see what kind of availability and access you are giving. After all, too much availability can compromise the security of your system.

Most challenges of Internet security can tie into one or more of the big three: confidentiality, confidentiality or availability. With those in mind most challenges can be overcome. But the double edged sword of security.. the very nature of it on the Internet is to constantly change and evolve with the Internet. The constant change of threats to those three aspects of security is perhaps the biggest over arching challenge.

Killroy 2.0 is EVERYWHERE

I’ve been getting into podcasts lately.  I was put on to podcast novels by my buddy, Tre who told me about 7th Son, by J. C. Hutchins.  I am not only entertained, I am inspired.  The guy can write like nobodies business.  The action reminds me of something you might find in a Dean Koontz novel.

Its so good I don’t want to give anything AT ALL away, but I will mention one of cool technologies he makes up in the novel.  He talks about something called EGG.  Its basically an encryption software that not only protects against those trying to gain unauthorized entry, it tracks them and then goes after them.  It actually hacks the hackers. 

This is something that a friend talked to me about creating as a part of his PHD.  “Would that break some kind of law?”  I asked.  He was insistent that people should be able to protect themselves and I don’t totally disagree with that I’m just saying that I don’t think the law protects vigilantes.

Actually, a lawyer at Defcon 14 talked about that very issue when questioned.  And if I’m pretty certain he said it was illegal to hack someone even if they have hacked you. 

But in J. C. Hutchins’ world the PATRIOT ACT III allows the hack back feature of EGG to exist.

So anyway, all security geek stuff aside, its a really good story.  Highly recommended. 

China's "WAPI" standard rejected in favor of American 802.11i

Back in March, it was reported that WAPI was rejected by ISO because China refused to disclose some details of the technology. This meant that ISO members weren't able to guarantee that WAPI did not allow backdoor access to encrypted material. — C|net News.com

The American 802.11i encryption is backed by Intel. China's wireless standard is now claiming that it is a conspiracy from the U.S. engineer's group

I think the Chinese have a ways to go on engineering at the level of quality that the Western world has set.  Just look at the safety rating that the JiangLing Landwind, China's first car to be sold in Europe.  It received a ZERO in safety, breaking the record for the lowest score ever by European saftey standards. 

I think the Chinese will eventually fine tune the process and beable to compete and even beat the European, American, and  Japanese companies but its just began to get into the real thick of capitolism, so like the JiangLing's safty feature (or lack there of) some of their standards and practices are stuck in the 20th century.  When this giant wakes up completely, they'll be no stopping them.  The spark and freedom of innovation at Western standards is all they need and then it will be all over.  They'll be to business and commerce what a team of Micheal Jordan clones would be to the NBA.  I suspect the same thing of India.  Its not so much brain power and work ethic (or which they have loads) as it is numbers of people.

Security Issues May Be a High Priority for Internet 2

Security is one of the main focuses on Internet2. But realistically:

Security and transparency can be
expected in any future network. But computer experts like to remind the
public that there is no such thing as a completely bug free computer
except, as the joke goes, “one that is encased in concrete and sitting
at the bottom of the ocean.”

Some might say it is impossible to secure Internet2.  In some ways
I would say that they were correct.  Or let me put it this way, it
could be secured but I couldn't really be called the Internet any
more.  I guess if they did something like in which all systems
were connect with Peer to Peer VPN connections like Tor connections in
which all data is encrypted and digitally signed.  I suspect that
eventually even the encryption would get cracked  since all crypto
eventually meets its processor match.

It could be called the CryptoNet!  Anyone logging on would have to
sign on with a digital signature stored on some sort of Certifing
Authority (CA).  Of course, this would make it possible to do
MITM, man in the middle, attacks unless it was an enclave network in
which ALL nodes with IPs had to have a digital signature.

Such an implementation would greatly reduce the speed of connection but
would give incredible nonrepudiation, confidentiality, and
integrity.  The availability would suffer big time.

Frankly, a “CryptoNet” would only be good for all the important
transactions such as banks, hospitals and time sheets.  I would
not want something like that for 95% of what I do on the Internet.

Does anybody have any information on how I can get the hook up on “testing” the Internet2?

read more | digg story

Shoot-out: Google's new VPN beta kicks the living Hell out of the EFF's Tor

Speed test: Tor, sponsored by the EFF, and Google's new beta VPN are both aimed at those of us who want to protect our privacy and rights online. While Google claims that its VPN program is to boost security on wireless networks, it can also be used with wired internet connections to add some more security for the rest of us.

Once again Google uses incredible engineering to create something that may just become number one yet another area of IT.  Google Adsense is doing so well that Yahoo and MSN are testing out similar content relevant ad scripts. 

Tor looks like it is much more secure that the Google implementation.  I mean VPN is pretty secure but Tor is ridiculously secure in that it uses software that uses each system it connects to as a seperate VPN which encrypts traffic at each point.  This makes the traffic very difficult (if not impossible to track) as EFF stores none of that data.  Google will hold the traffic data but claims that the data will be “personally unidentifiable” which means it can not be tracked back to any one person (at least that is how I understand it).

But I wonder what this VPN wireless project could mean in terms of practical use.  Will Google deploy in at Starbucks and Borders Book stores around the world?

read more | digg story

Email Security and the Necessity of Security Education for Small Business

Email and document security is no longer just an option for
companies, it is a necessity. Couple that with the costly user
licensing of most enterprise software solutions and many small business
operators can be locked out of taking advantage of Best Practice
strategies that ensure the privacy of intellectual property and
communication. Setting rights permissions to documents and encrypting
email will be essential to future security practices for all businesses.

Common
knowledge has been that the less sophisticated small business operates
on a pricing sensitivity and is more apt to take advantage of
promotions, whereas the more sophisticated make security decisions
based on perceived business necessities. Overall, small businesses tend
towards waiting to implement internet security measures until after
suffering an email breach or informational leak. By this time privacy
and accompanying monetary loss may have already done irreparable harm
to a company's intellectual property and reputation. Large enterprise
solutions make it necessary to adopt complex IT infrastructures and
processes that are usually dependent on an IT staff – a solution that
does not fit well into the budgets of most small businesses.

According
to published reports in PCWorld.com, there are nearly 70 million small
businesses worldwide and over 20 million in the U.S. alone. Small
business is a major part of the global economy – that means it's time
to replace a general passivity towards the possible threats from email
and document theft with a look towards initiating security measures as
a business standard. The increasing level of security risk due to email
and intellectual property theft make it imperative for small businesses
to raise their level of security knowledge and investment.

Recent
studies show that although information security is a high concern for
small business owners, lack of actual knowledge and awareness of the
economic impact of security incidents is equally high. Imparting an
awareness to the small business community of the real threats in
regards to security vulnerability should be top priority. Through
education in this arena, small businesses can better enable them to not
only determine their own level of risk but also choose the necessary
email and document security solutions.

The responsibility of
raising awareness of security provisions needs to come not only from
governing agency reports, but also from security solution vendors.
Providers of business tool solutions are better equipped than any other
entity to position themselves as leaders in educating businesses on not
only the dangers but the appropriate basic security measures to
complement a small company infrastructure. Especially here, being
informed on which internet security products best suit a company need
is important as the needs of small businesses are vastly different than
that of enterprise businesses.

Look to numerous market survey and
analysis reports that specialize in studies on information security and
small business. A little research will show they repeatedly state the
same warning to small businesses – they need to change their attitude
towards security and begin adopting a security plan.

Taking the
time to gather information on creating good internet security practices
will lead to a decrease in the future cost of lost productivity, and by
educating your workforce you create an even wider prevention of
productivity loss.

Nan Schwarz, Director of Corporate Marketing
http://www.essentialsecurity.com

Schwarz
is the director of corporate marketing for Essential Security Software
and is responsible for worldwide creative marketing strategy and
execution, corporate branding, and public relations.

Essential
Security Software (ESS) is a provider of document and email security
solutions. ESS has developed a premier, easy-to-use, peer-to-peer
content protection and user rights management solution that enables
small business owners and individuals to securely distribute sensitive
email messages and documents while protecting the privacy, integrity
and authenticity of their intellectual property. ESS believes that
people have the right to affordable security software technology that
is powerful, flexible, and easy-to-use.

Securing Sensitive Data: Understanding FIPS

Every want to know more about the Federal Information Processing Standards (FIPS)? ME NEITHER! Here it is.

With technologies like wireless snowballing into a cultural phenomenon we suddenly can not live without, Federal Information Processing Standards are even more important.

If you are lucky enough to not have to know what FIPS I'll share some of the pain in plain english.  FIPS are all the federal documents addressing how  sensitive data will be processed.  Without these standards any government agency could use any kind of crypto they wanted with no regard of whether or not it is a SHA-1 that has just been cracked by the Chinese

See more FIPS

read more | digg story

1 2