Encryption
Encryption
EncryptionÌýis the transformation of data into a form unreadable by anyone without a secret decryption key. Its purpose is to ensure confidentiality and privacy by keeping the information hidden from anyone for whom it is not intended. For example, one may wish to encrypt files on a hard drive to prevent an intruder from reading them. When an entire hard drive is encrypted, all the data on the drive is protected from unauthorized access if the computer is lost or stolen. Encryption can also be used to protect sensitive files that are sent through email or sensitive communications sent over the network. For more information, please refer to the pages linked below:
Strong encryptionÌýis the term we use to describe the minimum strength of encryption appropriate for use with confidential data know asÌýLevel 1Ìýdata. Strong encryption is 256-bit encryption and complies withÌýÌýwith a strong passphrase (password).
No single encryption tool works for every situation. We've outlined below the major types of encryption, with some examples of tools that can be used with each type, but there is one important thing to remember about any encryption process:Ìýit is either extremely difficult or completely impossible to decrypt encrypted data if the passphrase is lost.
If you have any questions or concerns about encryption,Ìýplease talk with your Information Security Office before proceeding.
Note on Server SSL Certificates
SSL certificatesÌýare small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, the certificate activates the padlock icon and the https:// protocol you see on banking, e-commerce and other secure sites and allows secure connections from the web server to your browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and is becoming widely used on social media sites. The Information Security Office offers SSL certificates through InCommon. Please create a ticket viaÌý.
Types of Encryption
Bluetooth itself as a technology isn't secure, it's not only about the implementation, there are some serious flaws in the design itself. Bluetooth isn't a short range communication method - just because you're a bit far doesn't mean you're safe.ÌýClass I Bluetooth devicesÌýhave a range up to 100 meters. Bluetooth isn't a mature communicate method (security-wise). With smart phones, it has turned into something totally different from what it was meant to be. It was created as a way to connect phones to peripherals. Please don't use Bluetooth for accessing Level 1 data.
If you do need to use Bluetooth devices please do the following
- Enable Bluetooth functionality only when necessary.
- Enable Bluetooth discovery only when necessary.
- Pair devices using a secure long passkey.
- Keep paired devices close together and monitor what's happening on the devices.
- Never enter passkeys or PINs when unexpectedly prompted to do so.
- Regularly update and patch Bluetooth-enabled devices.
- Remove paired devices immediately after use.
Here is theÌý.
Here is theÌýÌý
Disk encryption safely protects all the data stored on a hard drive. When the entire hard disk is encrypted, everything on that disk is protected if the computer is lost or stolen. ¼ªÏé·» recommends the following drive encryption programs for non-portable storage devices. Select the appropriate link for more information on how to use each program:
- Ìýworks with Windows 7/8/10 and Server
- Ìýworks withÌýMac OS X
E-mails may be encrypted and/or authenticated to prevent the contents from being read by unintended recipients. Please ask your local tech if you believe you need to encrypt e-mail messages.
The following encryption methods are available for protecting files and folders stored on portable storage devices such as, USB sticks, external hard drives and other mobile devices. Select the appropriate link below for more information on how to use each program:
- Ìýis an open-source, free utility that provides AES 256-bit encryption for files and folders under Windows 10/8/7 and Windows Server 2012/2008
- Ìýis built into Macintosh OS X
- Ìýis available for Windows Users.Ìý
- Ìý(formally known asÌýPGP) is a commercial product that has strong encryption and has tools for sharing encrypted files across teams.
There are storage devices that use hardware based encryption.
- Ìýis one that we recommend. DataTraveler has the necessary level of encryption, works with both Windows and Macs and is affordable. Available at the Campus Bookstore.
- Ìýis the best encrypted storage devices on the market. IronKeyÌýis encrypted all of the time and works with both Windows and Macs.
For more information:Ìý.
File encryption is designed to protect stored (at rest) files or folders.Ìý
Additional information is available by clicking on each product name.Ìý
Caution: Data in encrypted files are not retrievable if the encryption key is lost.
Following are examples of file encryption software to use when encrypting your data:
- Ìýis an open-source, free utility that provides AES 256-bit encryption for files and folders under Windows 10/8/7 and Windows Server 2012/2008
- Ìýis a product that is a recommended commercial product that can be for department level sharing of Level 1 data.Ìý
- Ìýsoftware is built into MAC OS XÌý
The following productivity tools let you password-protect and/or encrypt individual files: Ìý
- Ìý-ÌýPassword protection, encryption, and access permissions for documents, workbooks, and presentations
- Ìý-ÌýPassword protection only (no encryption) for Word documents
- Ìý-ÌýPassword protection only (no encryption) for Word documents
- Ìý-ÌýPassword protection and encryption for PDF files
It is possible to encrypt entire networks, which may be desirable in certain situations. If you think this may be relevant to you, please contact your local tech for assistance.