Polytechnic University of the Philippines Open University Quezon City Master of Science in Information Technology Project in Advanced Organization of Database Firebird Database Herminiño C. Lagunzad Firebird Database



Download 312.53 Kb.
Page2/9
Date24.06.2017
Size312.53 Kb.
#21663
1   2   3   4   5   6   7   8   9

The big misconception


Let’s get this one out of the way first. A common misconception is that just requiring users to login to a device, or service, with a username and password provides an equivalent level of protection to encryption. This isn’t the case. A password or PIN to control access to a device isn’t encryption and it isn’t enough to protect against unauthorised or unlawful access. In practice a password can be easily circumvented and full access to the data can be achieved.

How does encryption work?


Encryption software uses a complex series of mathematical algorithms to protect and encrypt information. This hides the underlying data and prevents any inadvertent access to, or unauthorized disclosure of, the information. This means that even if a device containing personal information is lost or stolen, the information will remain secure as long as the would-be data thief isn’t able to access the encryption key required to crack the algorithm. 
Appropriate encryption products are widely available, but it is important that organizations understand the type of protection a particular encryption product offers and the circumstances under which personal data will be protected from unauthorized or unlawful access.

What encryption software should I use?


There are a variety of different encryption options available. The option that will be the most appropriate for your organization will depend on the sensitivity of the information you are using and how it is being stored and processed.

For this reason it is difficult to provide a comprehensive list of software as everyone’s needs are different. You can however look out for internationally recognized standards such as those described on the encryption section of our website.


Full disk encryption


This is a process which encrypts the entire disk including all of the information and personal data it contains. It is commonly used when encrypting laptops, desktops and mobile devices, such as mobile phone and tablets. The disk will need to be decrypted with a key, which is often protected by a password entered by the user, before the operating system boots up.

However, this may mean that there are circumstances when the data could still be at risk. For example, if someone left a tablet unlocked and unattended in a restaurant then anyone who picked up that device would have an opportunity to extract the unprotected data. It is also important to recognise that if a file is transferred off the disk, for example if you sent the information in an email or saved it to a different device, then the file will no longer be encrypted.

Full disk encryption is provided through a range of widely available third-party software and some modern operating systems have a full disk encryption mode built-in, but they will usually require the user to enable the protection.

Individual file encryption


This is a process which will encrypt an individual file or create an encrypted container into which a set of files can be stored. When the container is closed it is encrypted. This means that if the container itself is transferred to a different device, for example if it is emailed or saved to a USB drive, then the personal data remains encrypted. However once the file is removed from the container it is no longer encrypted.

Some modern operating systems are able to create encrypted containers, while a range of third-party software can also offer the same level of encryption. However it is important that this encryption technique is not confused with adding password protection to a file or folder, as this process will not result in the data being encrypted.

Most email client software will also support sending emails with the message content and any attachments in an encrypted format. This approach does however require some initial configuration of both the sender and recipient’s email software.

Encrypting data in transit


It is also important to know the difference between the encryption techniques used for data storage and the encryption techniques used in data transfer.

You can transfer data using an encrypted data transfer protocol, such as Secure Sockets Layer (SSL) or Transfer Layer Security (TLS). This is the technology that displays the padlock symbol in protected web browsing. It provides assurance that the communication between client and server cannot be intercepted. Furthermore it provides you with a means to validate where the data is being transferred to.

The use of an encrypted transfer protocol does not provide any guarantee that data will remain encrypted, or otherwise processed securely, once it is received at its destination. This will need to be assessed separately.

The importance of keeping the key secret


You wouldn’t install high end locks on your house, only to leave the front door key under the mat. The same applies for storing a laptop encryption key or password in the same bag as an unencrypted laptop, or equally, sending encrypted data as an email attachment with the means to decrypt it included in the body of the email.

If you do any of these then the safeguards provided by the act of encryption are illusionary, because all of the necessary information required to decrypt the data is readily available. The secrecy of the key used to encrypt the data is therefore of paramount importance.

To ensure the maximum level of protection offered by encryption, the key or password should be transmitted using an alternative means of communication. For example the encrypted data could be sent by email and the key provided over the telephone once the intended recipient has confirmed that the data has been successfully received. By adopting this approach, even if you accidentally send the data to the wrong recipient, the information will remain secure as the person will not have the necessary key to access it.



Download 312.53 Kb.

Share with your friends:
1   2   3   4   5   6   7   8   9




The database is protected by copyright ©ininet.org 2024
send message

    Main page