Polytechnic University of the Philippines Open University Quezon City Master of Science in Information Technology Project in Advanced Organization of Database Firebird Database Herminiño C. Lagunzad Firebird Database
Download 312.53 Kb.
|
- Navigate this page:
- How does encryption work
- What encryption software should I use
- Full disk encryption
- Individual file encryption
- Encrypting data in transit
- The importance of keeping the key secret
The big misconceptionLet’s get this one out of the way first. A common misconception is that just requiring users to login to a device, or service, with a username and password provides an equivalent level of protection to encryption. This isn’t the case. A password or PIN to control access to a device isn’t encryption and it isn’t enough to protect against unauthorised or unlawful access. In practice a password can be easily circumvented and full access to the data can be achieved. How does encryption work?Encryption software uses a complex series of mathematical algorithms to protect and encrypt information. This hides the underlying data and prevents any inadvertent access to, or unauthorized disclosure of, the information. This means that even if a device containing personal information is lost or stolen, the information will remain secure as long as the would-be data thief isn’t able to access the encryption key required to crack the algorithm. Appropriate encryption products are widely available, but it is important that organizations understand the type of protection a particular encryption product offers and the circumstances under which personal data will be protected from unauthorized or unlawful access. What encryption software should I use?There are a variety of different encryption options available. The option that will be the most appropriate for your organization will depend on the sensitivity of the information you are using and how it is being stored and processed. For this reason it is difficult to provide a comprehensive list of software as everyone’s needs are different. You can however look out for internationally recognized standards such as those described on the encryption section of our website. Full disk encryptionThis is a process which encrypts the entire disk including all of the information and personal data it contains. It is commonly used when encrypting laptops, desktops and mobile devices, such as mobile phone and tablets. The disk will need to be decrypted with a key, which is often protected by a password entered by the user, before the operating system boots up. However, this may mean that there are circumstances when the data could still be at risk. For example, if someone left a tablet unlocked and unattended in a restaurant then anyone who picked up that device would have an opportunity to extract the unprotected data. It is also important to recognise that if a file is transferred off the disk, for example if you sent the information in an email or saved it to a different device, then the file will no longer be encrypted. Full disk encryption is provided through a range of widely available third-party software and some modern operating systems have a full disk encryption mode built-in, but they will usually require the user to enable the protection.
Some modern operating systems are able to create encrypted containers, while a range of third-party software can also offer the same level of encryption. However it is important that this encryption technique is not confused with adding password protection to a file or folder, as this process will not result in the data being encrypted. Most email client software will also support sending emails with the message content and any attachments in an encrypted format. This approach does however require some initial configuration of both the sender and recipient’s email software.
You can transfer data using an encrypted data transfer protocol, such as Secure Sockets Layer (SSL) or Transfer Layer Security (TLS). This is the technology that displays the padlock symbol in protected web browsing. It provides assurance that the communication between client and server cannot be intercepted. Furthermore it provides you with a means to validate where the data is being transferred to. The use of an encrypted transfer protocol does not provide any guarantee that data will remain encrypted, or otherwise processed securely, once it is received at its destination. This will need to be assessed separately.
If you do any of these then the safeguards provided by the act of encryption are illusionary, because all of the necessary information required to decrypt the data is readily available. The secrecy of the key used to encrypt the data is therefore of paramount importance. To ensure the maximum level of protection offered by encryption, the key or password should be transmitted using an alternative means of communication. For example the encrypted data could be sent by email and the key provided over the telephone once the intended recipient has confirmed that the data has been successfully received. By adopting this approach, even if you accidentally send the data to the wrong recipient, the information will remain secure as the person will not have the necessary key to access it.
Directory: uploads uploads -> 587 Return function, r i(X) r i(0) r i(1) r i(2) r i(3) 1 0 2 4 6 Thermal Station, I 2 0 1 5 6 3 0 3 5 6 10 uploads -> Department of science and humanities department of mathematics part-a questions and answers uploads -> The Case Against the nypd’s Quota-Driven ‘Broken Windows’ Policing What Is It? uploads -> For want of a nail uploads -> Ownership Models There are two different types of ownership models uploads -> Police Militarization uploads -> City of rising star regular meting thursday, july 14, 2016 uploads -> Township of winfield uploads -> Stop Militarizing Law Enforcement Act of 2014 uploads -> The Black Panther Party’s Ten-Point Program What We Want Now! Download 312.53 Kb. Share with your friends:
|