Whole disk encryption, as the name implies, refers to the encryption of an entire physical or logical disk. While this is currently done mostly with software, hardware based disk encryption is a growing technology which is expected to surpass software products for whole disk encryption over the next few years. This form of encryption generally encrypts the entire contents of a disk or volume and decrypts/encrypts it during use after a key has been given. This means the data is protected from situations like laptop/disk loss or theft where the data would be encrypted and require a key to decrypt. It would not protect from situations like sending information over the network (e-mail, websites, etc) or from situations where the decryption key was already entered such as the user walking away from their logged-in computer.
When an individual wishes to encrypt a single file or group of files there are several options. Most encryption software has the ability to encrypt files individually using a password or other key. Many encryption programs have the ability to create an encrypted “virtual drive”. This is an encrypted file that, when opened with the key, looks like another drive attached to the computer allowing the user to easily open and save files into an encrypted area. Some other applications, like MS Office and OpenOffice, have built-in, single-file encryption features.
This approach can protect against data disclosure on a lost or stolen computer, but only if all of the private information was encrypted. Individual file/folder encryption relies on user education and good practices to ensure that all appropriate information is encrypted.
Depending on how the encryption software is used, this approach can provide protection from data disclosure when transferring information over the network. E.g. an individual file can be encrypted and then sent as an email attachment, assuming the recipient has the ability to decrypt it.
Allowing multiple users to simultaneously access encrypted information is more complicated than a single user. The encryption software must allow the use of either multiple keys (i.e. one for each user) or a shared key (e.g. a shared password). Additionally, the software must deal with multi-user file locking issues (this is usually a problem with the virtual drive approach mentioned in the last section).
This approach can provide an additional layer of protection against the disclosure of highly confidential data on file servers in the event they are compromised. It can also help protect against disclosure on backup media as the files would remain encrypted when backed up.
This approach can get complicated if not all users have the encryption software installed, or they are not configured consistently. This could lead users being unable to access encrypted information or incorrectly believing they have encrypted information when they have not. For these reasons, special attention should be paid to how encryption software behaves and users should be educated to recognize the encryption status of files.
Encrypting information in a database can be done at a couple of levels. The application accessing the database can encrypt information before putting it into the database. This requires intelligence at the application level, but no additional database features. Many databases have built-in encryption functions which applications can use to encrypt data as it is written. This usually requires features at both the application and database level. An encryption application can sit between the application and database, encrypting/decrypting information as it is written and read. This requires buying and installing additional software, but may not require modifications to the application or database.
As mentioned earlier, some applications that arent specifically designed for encryption do have basic encryption functions. Most notably, common productivity suites like Microsoft Office and OpenOffice contain file encryption features. Be cautious of the quality of the built-in encryption features, even within the Microsoft Office product line, some versions (like Office 2007) have a good mechanism, others have poor ones (like Office 2000 and earlier) and still others require proper configuration to provide good protection (like Office 2003). These features can be very handy because they dont require additional licenses, require less training and can be effective for both in transit and at rest encryption. Additionally, they can work well for file exchange since the recipient is more likely to have the ability to decrypt the file. In short, built-in encryption functions can be convenient options, but you should research their effectiveness before using them.
There are a couple of different levels to encryption with email, first is encrypting just an attached file and second is encrypting an entire message. Encrypting an attached file can be accomplished using any single-file encryption process that “sticks” to the file. Naturally, the recipient must have a way of decrypting the file. There are only a couple of commonly used email message encryption technologies, most notably S/MIME and PGP. While S/MIME support is integrated into many email clients, it requires users to have trusted certificates which can be complicated to properly deploy. Using PGP to encrypt email requires installing software, but there are both free and commercial options.
Both of these technologies also allow for digital “signing” of email without encrypting it. This signing process allows the recipient to be certain a message was not altered in transit, but does not protect the content from prying eyes.
Encrypting information while in transit on a network is one of the most common, and important, uses of encryption. One of the most popular forms of this encryption is Secure Sockets Layer (SSL)/Transport Layer Security (TLS), commonly used to encrypt web traffic in transit. Any web application that transmits or collects sensitive information should encrypt the information using SSL/TLS. There are a number of other uses for SSL/TLS encryption, including securing authentication for email communication between clients and servers. SSL/TLS can also be used for “tunneling” to encrypt other forms of network transmission that dont have their own encryption features.
Another common network encryption technology is Secure Shell (SSH) which is largely used for encrypted terminal connections (replacing telnet) and encrypted file transfers (SFTP replacing FTP). Like SSL/TLS, SSH can also be used for tunneling.
A more general form of network traffic encryption is IP Security (IPSec), which operates at a more basic layer than SSL or SSH and can be applied to any network traffic. However, using IPSec requires common configuration between the two computers communicating, so it is generally used within a company/department rather than across the internet.
For wireless networks there are other encryption options that only encrypt information between the computer and the wireless access point. For this reason, they only protect from snooping on wireless and not after the information leaves the access point onto a wired network. The two most common forms are called Wired Equivalent Privacy (WEP) and WiFI Protected Access (WPA). WEP is no longer considered a secure protocol. WPA is much stronger, but has shortcomings and an updated WPA2 standard has been released which improves its security.
Read more from the original source:
Types of Encryption | Office of Information Technology
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019
- Encryption | Information Technology Services - December 31st, 2018
- Encryption - Investopedia - December 16th, 2018
- How to Protect Data at Rest with Amazon EC2 Instance Store ... - December 9th, 2018
- Next Generation Encryption - blogs.cisco.com - December 4th, 2018
- 3 Different Data Encryption Methods - DataShield blog - November 22nd, 2018
- Security and encryption | Documentation | Turtl - November 18th, 2018
- Encryption | General Data Protection Regulation (GDPR) - November 16th, 2018
- Using Encryption and Authentication Correctly (for PHP ... - November 13th, 2018
- Encryption | SANS Security Awareness - November 9th, 2018
- Use Your own Encryption Keys with S3s Server-Side ... - October 29th, 2018
- What is Tokenization vs Encryption - Benefits & Uses Cases ... - October 12th, 2018
- Device Encryption | it.ucsf.edu - October 12th, 2018
- 5 Common Encryption Algorithms and the Unbreakables of the Future - September 15th, 2018
- Top 5 best encryption software tools of 2018 | TechRadar - August 26th, 2018
- New EBS Encryption for Additional Data Protection | AWS ... - August 22nd, 2018
- Best Encryption Software 2018 - Encrypt Files on Windows PCs - August 20th, 2018
- Download BestCrypt Volume Encryption 3.78.05 / 4.01.09 Beta - July 26th, 2018
- End-to-end encryption - Wikipedia - July 24th, 2018
- Download Symantec Encryption Desktop 10.4.0 Build 1100 - July 15th, 2018
- HTTPS - Wikipedia - July 10th, 2018
- AES encryption - June 20th, 2018
- Encrypt email messages - Outlook - June 20th, 2018
- Download Sophos Free Encryption 126.96.36.199 - softpedia.com - June 19th, 2018
- Does Skype use encryption? | Skype Support - June 16th, 2018
- Encryption- Computer & Information Security - Information ... - May 25th, 2018
- Enable BitLocker on USB Flash Drives to Protect Data - May 25th, 2018
- Transparent Data Encryption (TDE) - msdn.microsoft.com - April 12th, 2018
- Encryption Software Market - Global Forecast to 2022 - March 24th, 2018
- What AES Encryption Is And How It's Used To Secure File Transfers - March 24th, 2018
- Encryption vs. Cryptography - What is the Difference? - March 24th, 2018
- Energy-efficient encryption for the internet of things | MIT News - February 16th, 2018
- The Best Encryption Software - TopTenReviews - February 16th, 2018
- File-Based Encryption | Android Open Source Project - February 7th, 2018
- Beyond Encryption | Secure Enterprise email using existing ... - February 1st, 2018
- Azure Search enterprise security: Data encryption and user ... - January 26th, 2018
- Skype finally getting end-to-end encryption | Ars Technica - January 13th, 2018
- FBI chief says phone encryption is a 'major public safety issue' - January 13th, 2018
- Encryption and Export Administration Regulations (EAR) - December 27th, 2017
- Key (cryptography) - Wikipedia - December 21st, 2017
- security - Fundamental difference between Hashing and ... - December 15th, 2017
- What Is Encryption? | Surveillance Self-Defense - December 4th, 2017
- Comodo Disk Encryption Download - softpedia.com - December 1st, 2017
- Encryption - Simple English Wikipedia, the free encyclopedia - November 24th, 2017
- BitLocker Drive Encryption Overview - technet.microsoft.com - November 23rd, 2017
- The Encrypting File System - technet.microsoft.com - November 18th, 2017
- FBI cant break the encryption on Texas shooters smartphone - November 13th, 2017
- DOJ: Strong encryption that we dont have access to is ... - November 13th, 2017
- DOJ Fires Up New War With Apple Over Encryption - November 12th, 2017
- Security Awareness - Encryption | Office of Information ... - October 15th, 2017
- Data Encryption and Decryption (Windows) - October 14th, 2017
- Trumps DOJ tries to rebrand weakened encryption as responsible ... - October 11th, 2017
- How to encrypt (almost) anything | PCWorld - September 22nd, 2017
- Private Internet Access | VPN Encryption - September 21st, 2017
- Encryption Substitutes | Privacy | Encryption - September 21st, 2017
- Data Encryption: Hardware & Software Security: Online ... - September 21st, 2017
- How To Enable BitLocker Drive Encryption In Windows 10? - September 21st, 2017
- PGP Encryption Tool - iGolder - September 21st, 2017
- encryption - How to encrypt String in Java - Stack Overflow - September 21st, 2017
- Encryption Software Market, Size, Trends and Forecast 2020 - September 21st, 2017
- Encryption Definition - Tech Terms - September 20th, 2017
- Why You Should Be Encrypting Your Devices and How to Easily Do It - Gizmodo - September 6th, 2017
- Black Hats, White Hats, and Hard Hats The Need for Encryption in Mining and Resources - Australian Mining - September 6th, 2017
- How can enterprises secure encrypted traffic from cloud applications? - TechTarget - September 6th, 2017
- Encryption Explained - Arizona Daily Wildcat - September 6th, 2017
- News in brief: Call to link encryption to ID; Facebook maps everyone ... - Naked Security - September 2nd, 2017
- 'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption - The Register - September 2nd, 2017
- High-Dimensional Quantum Encryption Performed in Real-World ... - Futurism - September 2nd, 2017
- It's Time to Replace Your Encryption-Key Spreadsheet - Data Center Knowledge - September 2nd, 2017
- Legislation to limit smartphone encryption 'may be necessary,' deputy AG Rosenstein says - Washington Times - August 31st, 2017
- Cloud Encryption Market by Component, Service Model, Organization Size, Vertical And Region - Global Forecast to ... - Markets Insider - August 31st, 2017
- Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings - Hashed Out by The SSL Store (registration) (blog) - August 31st, 2017
- Encryption in Office 365 - Office 365 - August 29th, 2017
- Need-to-Know Only: Use Encryption to Make Data Meaningless to ... - Security Intelligence (blog) - August 29th, 2017
- Four strategies to prevent data encryption from hijacking your network - Digital News Asia - August 29th, 2017
- Amber Rudd is wrong - real people do want end-to-end encryption - ITProPortal - August 29th, 2017
- Why encryption is for everyone - IFEX - August 29th, 2017
- 4D quantum encryption successful in first real-world test - New Atlas - New Atlas - August 29th, 2017
- For the First Time Ever, Quantum Communication is Demonstrated in Real-World City Conditions - Futurism - August 26th, 2017
- High-Dimensional Quantum Encryption Takes Place in Real-World ... - Photonics.com - August 26th, 2017