Easy Encryption: OS X and Windows 2K/Xp Shawn Sines OARTech August 8, 2007

Agenda What is Encryption? History of Encryption Types of Data Encryption Why Encrypt? Encryption’s Impact Commercial Tools: –PGP Whole Disk Encryption Free Encryption tools –FileVault –Windows EFS Caveats How to Encrypt –Enabling FileVault on OS X –Enabling EFS for an encrypted folder Questions?

What is Encryption? “Encryption is a procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.” Source: Kroll

History of Encryption The history of cryptography begins thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. The development of cryptography has been paralleled by the development of cryptanalysis — of the "breaking" of codes and ciphers. Until the 1970s, secure cryptography was largely the preserve of governments. Two events have since brought it squarely into the public domain: the creation of a public encryption standard (DES); and the invention of public-key cryptography. Source: Wikipedia

Types of Data Encryption Two Types of Encryption methods: Cipher and Code based –Cipher is more common method today. Encryption can be applied to computer data in a number of ways: –Storage/Hard Drive Encryption: Protects Data at Rest –Traffic Encryption: Protects Data in Transit

Why Encrypt Encryption protects the university –ORC 1347: Exempt from notification of exposure of personal information if encrypted –Reduces risk of data loss through laptop/desktop theft –Keeps our research and secrets safe

Encryption’s Impact Encryption is only one method of protecting data and in this example is keyed to disk encryption specifically - not encrypted transport of information. Encryption is “free” –Consider impact on backup strategies and repurposing of [equipment] –Encryption also introduces support issues with data use and access that have costs in manpower and resources

Commercial Encryption Tools PGP Whole Disk Encryption –Encrypts physical hard drives and implements boot level protection. –Integrates with Active Directory –Centrally managed Private-key encryption system using PGP Universal Server –Offers Public-Key storage as well for users –Does not encrypt Mac boot drives currently –Has limitations in dealing with multi-user machine environments –OSU is currently piloting PGP for ODS users and some colleges

Free Encryption Tools 1.Macintosh OS X FileVault Protects user home directory and desktop On-the-fly encryption/decryption Uses login password; no secret code Can use Master phrase in case of user corruption 2.Windows EFS Protects files and folders Keyed to user to keep personal files safe from prying eyes Can have key backed up

Caveats Disk encryption increases wear on drives because of the on-the-fly read/write nature Many encryption forms are susceptible to corruption if users do not shut down properly or power off properly - UPS and frequent data backups mitigate this risk Both EFS and FileVault rely on users to do the right thing to protect the data - it is not a whole disk solution.

How to Encrypt: FileVault on OS X 1.Go to "System Preferences", then click on "Security". 2.If desired, click on "set Master Password" to set a master password. 3.Click on "Turn on FileVault" to turn on FileVault; select other options as desired. 4.When finished, close the FileVault window.

How to Encrypt: File Vault on OS X Notes : –FileVault only encrypts data stored in your user directory –FileVault is not a tool to protect against hackers or viruses –Because of the nature of encryption you should be careful to avoid force-quitting applications and minimize the number of improper shutdowns.

How to Encrypt: Windows EFS 1.Locate the files you want to encrypt We recommend that you encrypt folders as opposed to individual files – any new files you add to this folder will also be encrypted. 2.Select the file or folder and right-click on it; select “Properties”. 3.In Properties, select the “General” tab. 4.Select the “Advanced” button. The Advanced Attributes window will open and there will be 4 check boxes. 5.Check “Encrypt contents to secure data” (bottom). 6.Select “OK” button. EFS encrypts the file or folder.

How to Encrypt: WindowsEFS Notes: –Can only encrypt files and folders on NTFS file system volumes. –Cannot encrypt: compressed files or folders. If a compressed file or folder is encrypted, it will be uncompressed. files marked with the System attribute files in the system root directory structure

How to Encrypt: EFS Notes: –When a single file is encrypted, you are asked if you also want to encrypt the folder that contains it. –When a folder that contains files or subfolders is encrypted, you are asked if you want all files and subfolders within the folder to be encrypted. –If you choose to encrypt the folder only, all files and subfolders currently in the folder are not encrypted. –Any new files or subfolders added to the encrypted folder are encrypted once they are created.

Questions? Resources: 8help