Encryption for files, folders and Network shares to protect data from hackers
I am looking for the best solution for encrypting our data on servers and workstations to protect it in the event it got stolen by hackers. Not just physically stolen, but data extraction through hacker attacks and bots.
Our systems are Windows servers and workstations.
I need a reasonable solution and I need to know what to expect when I use the encryption...I am somewhat worried that encrypting might cause stuff to stop working or make the data un-retrievable in the case of a system crash...
I'm not that familiar with encryption and what different types are used for and what is the best for me.
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
Unlimited question asking, solutions, articles and more.
Randy
ASKER
I am trying to protect company proprietary data and employee personal information data that is stored on our file server. It is physically locked up and safe so I am not worried about it being physically stolen.
I want to protect the data as it moves through the network to HR or Accounting and also mostly from hackers that would attempt to steal our data.
Unlimited question asking, solutions, articles and more.
ahoffmann
> Not just physically stolen, but data extraction through hacker attacks and bots.
short answer: impossible (if you mean all data on your system)
long answer: you can only get close this requirement if you ensure that all your data is properly encrypted and only decrypted if necessary right before used
If all these attacks (bots, whatever) are an issue for you, is "stealing" data using screenshots an issue too? If so, my short answer becomes even shorter: impossible.
Unlimited question asking, solutions, articles and more.
aikimark
If you use https and secure ftp protocols, your network traffic should be sufficiently encrypted.
If you need to send larger packages of data, you can use 7-zip to strongly encrypt the data.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ahoffmann
how does SSL/TLS protect from/against bots, trojans, screenshots?
just wondering ...
aikimark
@ahoffman
Was your comment directed to me?
If so, I was addressing the parts of the question related to protection of data during transport.
Unlimited question asking, solutions, articles and more.
Randy
ASKER
We have a firewall
We have AV
The firewall is our ids at the moment
Number 4 and number 6 (ids) are problems because I simply cannot get upper management to spend money on IT. They prefer to blame me, makes it easier than buying servers and appliances.
For years I have asked for money for an IDS/IPS and servers and licenses for "front ends" for our Exchange and Sharepoint to no avail. They won't even spend he money to upgrade from the 32 bit XP machines we have to 64 bit Windows 7.
I am stuck...I get the blame...they question my competence and yet they won't purchase anything or hire any help. I currently do everything...I can't monitor logs all day and do everything else.
plus, it's probably these same nuts that are in charge that are clicking on the phishing links.
ahoffmann
> .. cannot get upper management to spend money on IT ...
no money for protection, that's thiefs heaven ;-)
so it sounds that you first need step 2. and 9. for your management, that's what all experts here explain again and again
however, what's the problem being blaimed if you still get paid for doing all with nothing?
*SCNR*
Randy
ASKER
This is as good a place to stop as any...I think the answer is clear that encryption is not a magic bullet. Looks like some serious attempts to "educate" uninterested employees on security is the answer.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Randy
ASKER
Thanks to everyone for the answers and the discussion. Moral of this story...security isn't free and if your management isn't serious about it and won't back you...do your best or go somewhere else.
ahoffmann
yippie, another person who learned the (digital) security lesson ;-)
Good luck.
Rich Rumble
While there are plenty of free tools out there, it takes time and thus money to learn to use them. Windows and Linux have so many unused or under-used security settings that most people never know are there. But there must be discipline in the process or it all falls apart. There is no set it and forget it solutions.
-rich
Unlimited question asking, solutions, articles and more.
Randy
ASKER
I am setting up an ubuntu snort box right now, but I have to learn how to use it and who is going to monitor logs while I am busy handling stupid help desk calls?
Rich Rumble
Might try the Security Onion download, might help you get a handle on things as it makes using IDS and such easier to setup: http://securityonion.blogspot.com/
GL!
-rich
I want to protect the data as it moves through the network to HR or Accounting and also mostly from hackers that would attempt to steal our data.