Avatar of Randy
Randy
Flag for United States of America asked on

Encryption for files, folders and Network shares to protect data from hackers

I am looking for the best solution for encrypting our data on servers and workstations to protect it in the event it got stolen by hackers.  Not just physically stolen, but data extraction through hacker attacks and bots.

Our systems are Windows servers and workstations.

I need a reasonable solution and I need to know what to expect when I use the encryption...I am somewhat worried that encrypting might cause stuff to stop working or make the data un-retrievable in the case of a system crash...

I'm not that familiar with encryption and what different types are used for and what is the best for me.
Encryption

Avatar of undefined
Last Comment
Rich Rumble

8/22/2022 - Mon
SOLUTION
btan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
btan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Randy

ASKER
I am trying to protect company proprietary data and employee personal information data that is stored on our file server.  It is physically locked up and safe so I am not worried about it being physically stolen.  
I want to protect the data as it moves through the network to HR or Accounting and also mostly from hackers that would attempt to steal our data.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ahoffmann

> Not just physically stolen, but data extraction through hacker attacks and bots.
short answer: impossible (if you mean all data on your system)
long answer: you can only get close this requirement if you ensure that all your data is properly encrypted and only decrypted if necessary right before used

If all these attacks (bots, whatever) are an issue for you, is "stealing" data using screenshots an issue too? If so, my short answer becomes even shorter: impossible.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
aikimark

If you use https and secure ftp protocols, your network traffic should be sufficiently encrypted.

If you need to send larger packages of data, you can use 7-zip to strongly encrypt the data.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ahoffmann

how does SSL/TLS protect from/against bots, trojans, screenshots?
just wondering ...
aikimark

@ahoffman

Was your comment directed to me?

If so, I was addressing the parts of the question related to protection of data during transport.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Randy

ASKER
I need to keep thieves out...not your average thief but state sponsored attacks...like from China...I won't say anymore.

What am I running?  Windows 2008R2 and Windows 7 along with a few remaining XP boxes.

SQL Server, Exchange Server, Deltek, Cobra, SharePoint...etc..

Seems they like using Phishing attacks to get in...

So you all think encryption is not the answer, but to lock down the house somehow?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Randy

ASKER
We have a firewall
We have AV
The firewall is our ids at the moment
Number 4 and number 6 (ids) are problems because I simply cannot get upper management to spend money on IT.  They prefer to blame me, makes it easier than buying servers and appliances.
For years I have asked for money for an IDS/IPS and servers and licenses for "front ends" for our Exchange and Sharepoint to no avail.  They won't even spend he money to upgrade from the 32 bit XP machines we have to 64 bit Windows 7.

I am stuck...I get the blame...they question my competence and yet they won't purchase anything or hire any help.  I currently do everything...I can't monitor logs all day and do everything else.

plus, it's probably these same nuts that are in charge that are clicking on the phishing links.
ahoffmann

> .. cannot get upper management to spend money on IT ...
no money for protection, that's thiefs heaven ;-)

so it sounds that you first need step 2. and 9. for your management, that's what all experts here explain again and again

however, what's the problem being blaimed if you still get paid for doing all with nothing?
*SCNR*
Randy

ASKER
This is as good a place to stop as any...I think the answer is clear that encryption is not a magic bullet.  Looks like some serious attempts to "educate" uninterested employees on security is the answer.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Randy

ASKER
Thanks to everyone for the answers and the discussion.  Moral of this story...security isn't free and if your management isn't serious about it and won't back you...do your best or go somewhere else.
ahoffmann

yippie, another person who learned the (digital) security lesson ;-)
Good luck.
Rich Rumble

While there are plenty of free tools out there, it takes time and thus money to learn to use them. Windows and Linux have so many unused or under-used security settings that most people never know are there. But there must be discipline in the process or it all falls apart. There is no set it and forget it solutions.
-rich
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Randy

ASKER
I am setting up an ubuntu snort box right now, but I have to learn how to use it and who is going to monitor logs while I am busy handling stupid help desk calls?
Rich Rumble

Might try the Security Onion download, might help you get a handle on things as it makes using IDS and such easier to setup: http://securityonion.blogspot.com/
GL!
-rich