Don't Login on Untrusted Computers
You Are a Target
Never Give Your Password Over the Phone

powered by zFeeder


Type: data threat prevention security

Encryption of data is a method of transforming data using an algorithm; the data is changed into unreadable data and can only be changed back into original data using a key. There are many different types of encryption but all modern encryption is unbreakable within any reasonable amount of time. The key is usually is a password or certificate that, when combined with the decryption algorithm, unlocks the original data. Therefore the only way an individual can gain access to the data is by providing the password to decrypt the encrypted data.

All sensitive and critical files should be encrypted as this will stop data from being used if lost or stolen. There are many different methods of implementing encryption, from simple encryption of files and folders to whole hard disk encryption. The latest Windows operating systems allow encryption of folders/files and any sub folders/files, and it is advisable that this is done for any sensitive or critical folders/files. The data is only decrypted when a user, with access to the key or certificate, log onto the system. This means that without the key or certificate to decrypt data, the data is unreadable and therefore useless if stolen.

EFS (Encrypting File System) is a Windows encryption method that transparently and passively encrypts all data on an NTFS hard disk. When using EFS to encrypt files and folders on a windows system, a search for an EFS certificate is made and if an EFS certificate cannot be found then a self-signed certificate is created and used. EFS certificates can be configured on the server within the active directory; this allows EFS certificates to be assigned to users and computers thereby allowing control over who can decrypt the encrypted data on the network.

Other third part encryption programs are also available, and example of freely available encryption software is TrueCrypt. Truecrypt can easily encrypt a whole storage device such as a hard drive or USB removable storage device. The encryption and decryption can be done passively, this means there is no disruption to the user and encryption can take place transparently.

While encryption advances the control over access to data and makes data theft more difficult, it does not eliminate the possibility of data theft. This is because encrypted files can be decrypted by legitimate user accounts and therefore access to an authorised account would decrypt data and allow readable access to the data.

Bitlocker is another type of encryption that has only been included in certain Windows Vista operating systems at this time. Bitlocker encrypts the whole hard drive thereby making access to any data, including the recovery of deleted or temporary data, impossible without first supplying either a password or smart card depending on how Bitlocker is configured. Bitlocker would be a useful edition to security and ensure that data theft from old discarded computers or stolen hard drives is unlikely.