Link to home
Create AccountLog in
Avatar of Randy
RandyFlag for United States of America

asked on

Encryption for files, folders and Network shares to protect data from hackers

I am looking for the best solution for encrypting our data on servers and workstations to protect it in the event it got stolen by hackers.  Not just physically stolen, but data extraction through hacker attacks and bots.

Our systems are Windows servers and workstations.

I need a reasonable solution and I need to know what to expect when I use the encryption...I am somewhat worried that encrypting might cause stuff to stop working or make the data un-retrievable in the case of a system crash...

I'm not that familiar with encryption and what different types are used for and what is the best for me.
SOLUTION
Avatar of btan
btan

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Randy

ASKER

I am trying to protect company proprietary data and employee personal information data that is stored on our file server.  It is physically locked up and safe so I am not worried about it being physically stolen.  
I want to protect the data as it moves through the network to HR or Accounting and also mostly from hackers that would attempt to steal our data.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
> Not just physically stolen, but data extraction through hacker attacks and bots.
short answer: impossible (if you mean all data on your system)
long answer: you can only get close this requirement if you ensure that all your data is properly encrypted and only decrypted if necessary right before used

If all these attacks (bots, whatever) are an issue for you, is "stealing" data using screenshots an issue too? If so, my short answer becomes even shorter: impossible.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
If you use https and secure ftp protocols, your network traffic should be sufficiently encrypted.

If you need to send larger packages of data, you can use 7-zip to strongly encrypt the data.
how does SSL/TLS protect from/against bots, trojans, screenshots?
just wondering ...
@ahoffman

Was your comment directed to me?

If so, I was addressing the parts of the question related to protection of data during transport.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Randy

ASKER

I need to keep thieves out...not your average thief but state sponsored attacks...like from China...I won't say anymore.

What am I running?  Windows 2008R2 and Windows 7 along with a few remaining XP boxes.

SQL Server, Exchange Server, Deltek, Cobra, SharePoint...etc..

Seems they like using Phishing attacks to get in...

So you all think encryption is not the answer, but to lock down the house somehow?
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Randy

ASKER

We have a firewall
We have AV
The firewall is our ids at the moment
Number 4 and number 6 (ids) are problems because I simply cannot get upper management to spend money on IT.  They prefer to blame me, makes it easier than buying servers and appliances.
For years I have asked for money for an IDS/IPS and servers and licenses for "front ends" for our Exchange and Sharepoint to no avail.  They won't even spend he money to upgrade from the 32 bit XP machines we have to 64 bit Windows 7.

I am stuck...I get the blame...they question my competence and yet they won't purchase anything or hire any help.  I currently do everything...I can't monitor logs all day and do everything else.

plus, it's probably these same nuts that are in charge that are clicking on the phishing links.
> .. cannot get upper management to spend money on IT ...
no money for protection, that's thiefs heaven ;-)

so it sounds that you first need step 2. and 9. for your management, that's what all experts here explain again and again

however, what's the problem being blaimed if you still get paid for doing all with nothing?
*SCNR*
Avatar of Randy

ASKER

This is as good a place to stop as any...I think the answer is clear that encryption is not a magic bullet.  Looks like some serious attempts to "educate" uninterested employees on security is the answer.
Avatar of Randy

ASKER

Thanks to everyone for the answers and the discussion.  Moral of this story...security isn't free and if your management isn't serious about it and won't back you...do your best or go somewhere else.
yippie, another person who learned the (digital) security lesson ;-)
Good luck.
While there are plenty of free tools out there, it takes time and thus money to learn to use them. Windows and Linux have so many unused or under-used security settings that most people never know are there. But there must be discipline in the process or it all falls apart. There is no set it and forget it solutions.
-rich
Avatar of Randy

ASKER

I am setting up an ubuntu snort box right now, but I have to learn how to use it and who is going to monitor logs while I am busy handling stupid help desk calls?
Might try the Security Onion download, might help you get a handle on things as it makes using IDS and such easier to setup: http://securityonion.blogspot.com/
GL!
-rich