In this blog we will be talking about how to protect your data with when it comes to confidentiality and privacy, to achieve such goals one must implement encryption.

Information privacy and security have been at the forefront of the news lately with numerous major retailer becoming victim cyber-attacks, in this cases hackers stole customers’ information.  The burden of protecting against cyber-attacks of such scale falls on the shoulders of the retailers' IT security department and there’s nothing the average user can do to prevent it.

You can, however,  protect what you own data, let’s talk about what you can do to protect it.

There are many reasons why one would like to protect their data to ensure privacy and confidentiality, for instance journalists, lawyers, inventors, researches, politicians, corporations, small business owners, student, wife, mothers, etc, all have digital information that they'd  like to exercise complete control over it and make sure that access to it is limited only to those explicit authorization is granted.

What is Data Encryption:  Encryption is a cryptographic term, it’s the process of encoding messages or information in such a way that only authorized parties can read it, (Wikipedia).  How does it apply to you in protecting your data? Encryption converts data (plain text) into a format that is different from the original by using an encryption algorithm, in its most basic form, let’s say that your plain text is : “let’s meet at the same place”,  after encrypting the plain text the message is: “EnCt2dab1ec639aca30aac23007e575e6fc3b5f98a959dab1ec639aca30aac23007e5myMDP/k+6gAVchAOi1SHs/OwS+4zfcOGiR/kmWizOrs86jqpDFMKXGplxlshIwEmS”.  As you can see the encrypted message is not something that can be understood.

You don’t see the message encrypted, to your eyes the data looks the same but any unauthorized person would need to have the encryption key to be able to access it and decrypt it. The previous example is just to show you in a graphical way how plain text changes to encrypted message, It is not be confused that when you encrypt the message in automatically turns into the gibberish encryption in front of you, at least when encrypting files, folders, and disks in an Operating system environment.

There are many different level of data encryption, most desktop OS come with some level of file or disk encryption capabilities. Let’s say that you are Microsoft Windows user, by default Windows allows file and folder encryption on NTFS partitions. In this example I created a file called November-Project which contains information I would prefer to stay private until ready to be published. I can proceed with encrypting the file by selecting “Encrypt contents to secure data” under the advanced section of the file properties. 

As long as I continue logging in with the same user account will continue to have access to the encrypted document, the process of the cryptographic key it’s happening in the background for me handled by the OS. If another users logs in to your computer with a different user account, or if the hard drive where the file resides is connected and accessed from another computer, that “unauthorized”  user will not be able to open the encrypted document.

Encryption prevents others from accessing your data:  One of the key benefits when it pertains to data is that it prevents (to an extend) unauthorized access to the encrypted data, in other words encryption is a safeguard against “offline attacks”. An “offline line” is when the unauthorized party gains physical access to the device where you store the files (let’s say that your laptop or external USB drive) to attempt data access.

Can someone else gain access to my encrypted documents? yes and no, let’s keep on using the example above in a Microsoft Windows environment to elaborate.  If you encrypt your files and folders using the built in NTFS encryption your files will be protected against authorized access, however if someone gains access to the system as you they’ll be able to access the file. There are many different ways someone can again to your pc as yourself (I wrote a blog of how to do it using Trinity Rescue Kit), in the case the failure is not in the encryption but rather in the implementation.

Are there other encryption software I can use? Yes, there are many commercial and open source encryption software available with their own bells and whistles.  Even other Operating Systems such as Mac and Linux have their own built in encryption features, I will stay tune for a post on built in encryption for those two Operating System. In the meantime I’ll talk about open source encryption utilities because they can be installed and used on the major OS.

TrueKrypt: For years TrueKrypt was the de facto encryption open source software, it has been a solid open source software since its inception back in 2004, as of 5/2014 the project is no longer maintained  and its developer recommend users to use alternative encryption software or using the built OS functions. It still works as good as ever but the developer strongly advice users to use alternative solutions as the program is longer supported and therefore prone to unpatched vulnerabilities.  You can no longer download the software from its website but there are many mirror sites it can be downloaded from.

What is good about truekrypt: For starters it’s an open source software than can be in the major OS platform. Depending on the version you use it gives you the ability to secure (encrypt) an entire partition, external drive (such as thumb drive), or the entire volume (including the MBR). In other words, you can

encrypt your entire computer or a drive. 

I am not going to spend time talking about the application itself but rather its benefits. When it comes to data security encryption is one of the solutions that should be implemented. There are many other measures you can take to secure your data such as file and folder permissions, need to know, etc but encryption certainly plays a big role in it.

There are many reason why one would like to encrypt their data, from the regular home user to large corporations. As a matter of fact, I came across a few of those examples where customers requested to have their data encrypted. Once of them was a certified CPA stay home mom who filed tax returns for many people during the tax season, she used the only laptop in the house who was also being used by her teenage kids for school work and personal use. As much as she was careful and trusted her kids with the laptop she understood that it could be left behind or stolen, her customers’ information was on the laptop (under a different user account) and anyone with enough technical knowledge would easily access that information.  We decided to encrypt the drive and create a hidden partition that even in the worst case scenario event of the unit being stolen and a knowledgeable person accessing it no one would be able to see her personal information.

In another occasion we were contacted by another small but successful business to evaluate their network security solution, their interest was also in finding a solution that would help protect their confidential information against external and internal threats ( yes, there was a mole in the office). The type of work and the success of the business made it a clear target for others trying to replicate the operations, we implemented a complete security layered approach in which data encryption was part of it.

The point is data encryption is a solution that can benefit anyone interested in protecting their data.

TrueKrypt is no longer supported, what now?  Well, thanks to the love and dedication of open source community there are other open source solutions as an alternative, including my favorite VeraCrypt. VeraCrypt is based on TrueKrypt but addressed a few issues its developer considered were weaknesses in TrueKrypt. The interface and feel is the same as its counterpart but it may feel a little slower initially as it performs more reiteration during the encryption process.  

AES Crypt: it’s a cryptographic file encryption software the lies on AES for as its encryption algorithm. The programs can be easily downloaded from www.aescrypt.com, there is a version for each major Operating System. Once the program is installed you only need to right click on the file, select AES Encrypt and assigned a password to it. As with any other encryption software is highly advisable to create a strong, non-common password

VeraCrypt: VeraCryt is the true alternative to TrueCrypt as it is an enhanced version of it with a more powerful security algorithm that makes it more difficult to brute force attacks. The developer of VeraCrypt has made many modifications to the code that set it apart from TrueCrypt however those changes are invisible and perhaps unnoticeable to the users.  The menu interface is familiar to TrueCrypt so if you are migrating over for the lock of support you’ll be in familiar territory. For more details about the project and download go to https://veracrypt.codeplex.com/

DiskCryptor: another open source encryption solution that offers disk encryption including the system partition. Its functionality and interface are pretty simple which makes it a straight forward volume encryption application. Among its many features it support hardware AES acceleration on the latest Intel and AMD CPUs and encrypt the system and bootable partitions with pre-boot authentication. The project only compatible with  Windows platforms on the desktop and server side. It can be downloaded from https://diskcryptor.net   

BoxCryptor: It’s a software that went beyond the other open source solutions of encrypting data at the local level, it seamlessly integrates with cloud storage services such as Dropbox, Google Drive,  Box, etc by encrypting the data before is uploaded, the installation is a little bit longer than the open source counterpart but it’s intuitive too. The catch, free version does not offer the cloud storage encrypting solution and all other powerful functions its commercial version has. This is certainly a software targeting business users more than offering good business encryption management and solution from a central interface. 

AxCrypt: It’s a light weight file encryption program similar to AES Crypt but it has more powerful functionalities such as the ability to create a key file and folder encryption. What’s great about it is that it has portable files that can be carried and executed from an external drive. The project can be downloaded from http://www.axantum.com/AxCrypt/Downloads.html

McAfee Endpoint Encryption: It’s an enterprise grade encryption solution and access control, It is intended for the business community rather than personal use. What is really like about this solution is its integration with a centralized sever, the ePO, which allows the administrator to control the endpoints, deploy and provision the package, and run advanced reporting tools.  Many small business already implement the solution, we have helped many law offices, universities research projects, healthcare organizations, and private businesses add an extra layer of security to their mobile work force and the data residing on their servers.

Conclusion: Encryption, in this case data encryption, is a powerful tool that allows individual and businesses add a powerful layered of security to protect the confidentiality and privacy of their data. As useful as it is I must also say that it’s a process the should be done with extreme care because a wrong implementation can cause data to inaccessible and lost, just in very few cases we can say that data encryption was broken but even when that happened the issue was not the encryption itself but rather a poor implementation of it.

For businesses, even small businesses, I strongly recommend to implement a business grade solution instead of the standalone one, an administrative worst nightmare is having employees encrypting company information on their own without a centralized plan to monitor, secure, and safeguard the data. Here at JDTech, we have partnered with Intel Security, formerly McAfee, to develop, implement, and support the most advanced and secure encryption data protection solution in the industry. We help small and mid-sized business achieve the same level of protection fortune 100 companies implement, all at a small business price.

For details about our services and solutions visit www.jdtechsolutions.net or call us in the US at 888-580-4450