Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITSS 2015: Encryption Edward Carter, Manager, Architecture and Response Stephen Hoffer, Senior Information Security Analyst Haley Baker, Associate Information.

Published byHugo McBride Modified over 9 years ago

Similar presentations

Presentation on theme: "ITSS 2015: Encryption Edward Carter, Manager, Architecture and Response Stephen Hoffer, Senior Information Security Analyst Haley Baker, Associate Information."— Presentation transcript:

1 ITSS 2015: Encryption Edward Carter, Manager, Architecture and Response Stephen Hoffer, Senior Information Security Analyst Haley Baker, Associate Information Security Analyst Ohio University

2 Information Security Goals C-I-A Triad Confidentiality Keep private information protected from unauthorized access Encryption Integrity Ensure information is protected from unauthorized changes Hashing Availability Ensure information is accessible to authorized entities

3 What is encryption? Encryption: Transform data to keep it secret from unauthorized parties Asymmetric-key, symmetric-key Encoding: Transform data so it can be used by a different system Base64, ASCII, EBCDIC, Unicode Hashing: Transform data to ensure the message contents haven’t changed MD5, SHA1, RIPEMD

4 Why do we encrypt? Protect data At rest: Data stored on media (USB drive, disk, tape, etc.) In transit: Communications over a network between systems Regulations/Compliance HIPAA/HITECH (health-care industry) FERPA (education) PCI-DSS (payment-card industry) PII (personally identifiable information) Auditors Personal choice Policy

5 Ohio University Policy 93.001: Data Classification https://www.ohio.edu/policy/93-001.html “This policy establishes that all information assets will be classified according to their confidentiality, integrity and availability. This policy sets forth procedures based on those classifications so that the University can protect each asset in an appropriate manner.” (emphasis added)

6 Where is it used? Application layer SSH S/MIME TDE Adobe Microsoft Office Identity Finder “Network” layers SSL/TLS IPSec/L2TP PPTP

7 Where is it used? Volume-based (disk) BitLocker FileVault VeraCrypt/CipherShed dm-crypt File-based (disk) EFS PGP/GPG

8 How do we encrypt disks? Operating System “built-in” BitLocker EFS FileVault Open Source Veracrypt/CipherShed GPG dm-crypt Commercial Symantec EndPoint Encryption (PGP) Sophos SafeGuard TrendMicro EndPoint Encryption

9 Windows Bitlocker / BitlockerToGo Windows 7 (Ent/Ult), Windows 8/8.1/10 (Pro/Ent), Server 2008+ Bitlocker cmdlets in PS Diskpart.exe Disk Management MMC

10 Mac OSX FileVault / FileVault2

11 Linux Dm-crypt

12 What about the keys? Bitlocker Key-Management MBAM ( Microsoft BitLocker Administration and Monitoring ) Recovery Key Store in AD or file GPO change required

13 What about the keys? FileVault2 Casper Cauliflower Vest Crypt Institutional Recovery Key (https://support.apple.com/en-us/HT202385) Commercial Applications Sophos Safeguard, TrendMicro, WinMagic (all support key escrow in Windows and Mac OS X) Network-share encryption (PGP)

14 Encrypting is all good, isn’t it? Benefits Many breach laws include “Safe Harbor" provision Lost/stolen devices Limitations Key management Conversion can be difficult Not a panacea Data in memory is unencrypted Malware can still access those data Entire drive may not be encrypted Cold-boot attack Corruption – Please backup your data Please backup your data

15 Questions? Please back up your data BEFORE encrypting it Please perform regular backups of your data Please test the restoration of the backup OIT Security Office Contact/Incident Reporting 740-566-SAFE (7233) security@ohio.edu

Download ppt "ITSS 2015: Encryption Edward Carter, Manager, Architecture and Response Stephen Hoffer, Senior Information Security Analyst Haley Baker, Associate Information."

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Information Systems Services Protecting Data – Keeping Safe Kevin Darley, IT Security Co-ordinator 8 th November 2012.

Information Systems Services Protecting Data – Keeping Safe Kevin Darley, IT Security Co-ordinator 8 th November 2012.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Security Controls – What Works

Security Controls – What Works
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Data Encryption Overview South Seas Corporation Jared Owensby.

Data Encryption Overview South Seas Corporation Jared Owensby.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
SEC316: BitLocker™ Drive Encryption

SEC316: BitLocker™ Drive Encryption
Security Management Practices Keith A. Watson, CISSP CERIAS.

Security Management Practices Keith A. Watson, CISSP CERIAS.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Steps to Compliance: Electronic Devices Overview PRESENTED BY.

Steps to Compliance: Electronic Devices Overview PRESENTED BY.
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 9-1.

Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
ENCRYPTION Coffee Hour for August 2014. HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.

ENCRYPTION Coffee Hour for August HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.
Security SIG August 19, 2010 Justin C. Klein Keane

Security SIG August 19, 2010 Justin C. Klein Keane
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Similar presentations

Ads by Google