Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Data Encryption In this lesson, we explore what data encryption is and how it works. You'll learn how data encryption works, what impact it has on the hardware or storage component where it lives, the types of data/storage encryption partnerships that are most reliable and under what circumstances. We'll discuss the benefits of file vs. storage encryption, and explain in detail what removable media supports encryption, and the various types of hardware-based encryption device types. [toggle_content title="Transcript"] Data encryption is required to ensure or guarantee confidentiality. If we encrypt data, we make sure it is no longer in plain text but it becomes cipher text such that should it fall into the wrong hands, malicious individuals or unauthorized individuals who now have access cannot make meaning of it. By encrypting our data, we protect it and we could do various forms of encryption. We have full disk encryption. With full disk encryption, you encrypt the entire content of the hard drive. Making sure that everything that is written to the hard disk is encrypted. That way if unauthorized users have access to the drive, unless they provide the encryption keys, they don't have access to the data. The data stays encrypted and that keeps it secure. In some cases the media itself could be stolen. It could be a desktop or a laptop. Someone could steal the laptop. As long as the data on the entire drive is encrypted, data on the drive cannot be selected or cannot be read. This is one of the best form of security for devices especially mobile devices. We do full disk encryption. We could also do database encryption. If we do database encryption it ensures that unless the proper keys are provided, that is encryption keys, unauthorized persons do not have access to the database. No modification, no viewing, no use of the database can take place unless you are authorized and you properly authenticate to the database. You have to provide the encryption keys otherwise there is no access. Individual files could also be encrypted. One would say, if we are encrypting the full disk, why do we need to encrypt individual files? Moving a file off an encrypted disk might make it vulnerable. It could be that you want to send one file or a group of files, so encrypting those files would ensure that even if they are in transit or in storage in other medium, they are still encrypted. Unless encryption keys are provided, access could not be granted to the files. You cannot view the content of the files because they have been encrypted. Some individuals make the mistake of encrypting the entire disk but failing to encrypt individual files that are moved away from that disk. The moment the files are moved away from the disk does not necessarily entail that they retain the encryptions. Those files have to be individually encrypted such that wherever they are stored or moved to, they still retain their encryption. We also have removable media. Removable media should be...some allow for encryption but we have to be very careful with removable media. These are media that is portable. Some of them can easily be stolen or can easily be lost. CD drives, those constitute examples of removable media. Tape drives, flash drives are also examples of removable media. In many cases, some of these removable media can support encryption but others cannot support encryption. We have to be very careful how we store files. We should ensure that media probably support NTFS-->new technology file system. This allows for encryption. Mobile devices: not all mobile devices allow for encryption. If the organization must issue mobile devices, these devices should support encryption such that any data that is organizational data should be saved on these devices, we can guarantee confidentiality, we can guarantee integrity of these files because the devices support encryption. The users in possession of the media will have codes with which they could access information that resides on these devices. The devices if it falls into the hands of unauthorized personnel or persons they cannot decipher the information stored on these devices. These devices could also store proprietary information for organizations, so best practice organizations that issue mobile devices should ensure that those devices, the types they give out support data encryption. We could also look at hardware based encryption devices. For hardware based encryption devices we talk about the trusted platform module. The trusted platform module: these are chips that are soldered into the motherboard. They generate the crypto keys for use by the system and the applications. This ensures that unless the keys are provided access will not be granted to the drives that are on to the motherboard. Malicious persons have found ways in the past to remove drives from the systems and bypass controls. But with trusted platform module in place, it ensures that the drives cannot be compromised, the security of the drives cannot be compromised. It provides a very strong security for our systems. Then we talk about hardware security module, HSM. These are specialize crypto processors. They were designed to address large encryption calculations. They provide key generation, manage and secure key storage. For USB encryption, these days, some manufactures are coming up with USB storage devices like flash drives. These are removable hard drives. They come preloaded with software that ensure the encryption of all data that is stored on the device. Unless you provide the encryption keys, you do not have access to the data stored on these devices. Some of these devices will also self-->destruct. After repeated attempts, someone is unable to gain access to the data on them, the devices could self-->destruct. These USB encryption devices could also be hardware because some devices the USB...some drives have the keys like a phone pad, you press the encryption keys and you can gain access to the media and subsequently data on the drives. You could also do ensure that our hard drives support encryption. Hard drive encryption is the most important form of security for mobile devices. If you encrypt all the data on the drive, we ensure that if the drive is removed or the drive is stolen or the computer is stolen the data stays secure. Some good example for hard drive encryption is bit locker. Microsoft bit locker will ensure hard drive encryption. All the contents stay secure unless the appropriate keys are provided; otherwise malicious persons do not have access to the data on the drive. [/toggle_content]