Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

Does TDE encrypt  just the database or the entire SQL server?     I need to have just one of our databases encrypted (for now)  and need to make sure using TDE only that database is affected.

I currently have one database where I am encrypting a single column but the one in question is a separate database on the same server that also has many other databases.
0
Rowby Goren Makes an Impact on Screen and Online
LVL 19
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Backblaze 2 backup does not encrypt data which is stored.
What do you suggest is obtained or done in order to encrypt that data?
The data source will either be from a desktop, or it may be from a QNAP or Synology NAS.
Your specific suggestions and instructions are appreciated.
0
Hi

I do have a video that is in a .MOV format and the size is 9MB . I have been requested to  password protect the video.
This video will be sent to a another organisation through an email.

Please let me know how to password protect the video file.

Any help will be great.
Thanks
0
I would like to change this script so that uses the smtp server:  smtp.office365.com
Port 587
Encryption TLS
Username:  username@yourdomain.com
Password: xxxx



###PROGRAM START###
      # Invokes the Send-MailMessage function to send notification email
      $splat = @{
            From =                  'info@info.com'
            To =                  Get-Content -Path ( Join-Path $PSScriptRoot 'DistributionList.txt')
            SmtpServer =      'smtp.server.com'
            Subject =            $subject
            body =                  $MessageBody
            BodyAsHtml =      $true
            Attachment =      ( Join-Path $PSScriptRoot 'abc.pdf' )
      }
      Send-MailMessage @splat
###PROGRAM END###
0
Hi, i have a machine without a TPM, and it wont let me use a PIN code (only USB or a Flash drive) - i changed the authentication type in group policy, but no luck.

This is a W10 machine.
0
I've just had answers given and accepted to a previous question titled "Exchange Server in the Cloud".  A recap of my needs is just below.
1) Laptops must meet HIPAA compliance regulations.  This will mean tweaking the BIOS settings of each laptop and setting Windows 10 Computer Configuration to specific settings.
2) Laptops will join a "guest" wireless network at any facility they enter in order to reach their 3rd Party software vendor via an internet browser.
     a) This method may require an online VPN service to insure encryption of data transmitted while connected to the "guest" network . . . or,
     b) A personal Mifi device would be used if a "guest" network is not available.
3) End users will be using Office 365 and Exchange Server in the cloud for email transmissions - which would be hosted by any number of different vendors.

Although it would be time consuming, on any 1 laptop I can get a new one out of the box and handle all the tasks mentioned above.  However, I need to do this on at least 30 laptops now and numerous laptops in the future.

Using the same laptop Make/Model, is the following possible?
Create an image file using Microsoft's MDT which would automate all these tasks, i.e.:
1) Reset the BIOS to needed settings
2) Automatically install the online VPN service
3) Automatically install Office 365
0
I am seeing a strange issue with sssd on Ubuntu 16.04.  I am using sssd to authenticate to AD.  The logins work great and is almost instantaneous as long as you have recently logged in (within the last minute or two).  If you wait longer between logins, then it will login you into, but you do not get a prompt for up to 30 seconds.

Note that these systems are in Azure and our AD is also in Azure.

I am using offline caching and setting the site.  I am stumped as to how to correct this issue.

Below are my conf files (sanitized for security).

-----------------------------------------------------------------------------------------
/etc/sssd/sssd.conf

[sssd]
services = pam, nss
config_file_version = 2
domains = XXXX.COM
sbusTimeout = 30
#debug_level = 7

[domain/XXXX.COM]
id_provider = ad
krb5_realm = XXXX.COM
access_provider = ad
#debug_level = 7
default_shell = /bin/bash
ldap_id_mapping = True
ad_site = XXXXXXX
min_id = 50000
cache_credentials = true

# Use this if users are being logged in at /.
# This example specifies /home/DOMAIN-FQDN/user as $HOME.  Use with pam_mkhomedir.so
override_homedir = /home/XXXX/%u

# Uncomment if the client machine hostname doesn't match the computer object on the DC.
# ad_hostname = mymachine.myubuntu.example.com

# Uncomment if DNS SRV resolution is not workin#g
# ad_server = _srv_

# Uncomment if the AD domain is named differently than the Samba domain
# ad_domain = MYUBUNTU.EXAMPLE.COM

# …
0
Got this screenshot in a great reply to a question.
encryption-is-where.png
It is from Android 9, Lite.  Going by the caption at the top of the screenshot screen "Encryption & credentials", seems like there's a setting in the OS called Encryption & credentials.  

I'm using Android 9.  Not Lite.

For some reason, I can't find that same Encryption & credentials setting in Android 9.

What do you think is happening?

Many thanks,

OT
0
I'm looking for an iOS texting app that offers end-to-end encryption but that doesn't display to other users that I'm using or have installed the app.

Signal appears to be a very well-designed app, but as soon as I download and launch it, I see the names of all other Signal users that are in my iOS contacts. Needless to say, they can also see that I use the app, and that's what I wish to avoid.

I'm looking for a secure iOS texting app — I don't need it for calls or anything else — that I and one other person can use without alerting any of our contacts to the fact that we're using the app.

Thanks for any suggestions!
0
Dear Experts

Please help me with steps on "HOW TO" generate CSR for installing SSL certificate on Cisco Firepower Management Center(FMC) for Firepower Threat Defense (FTD), either though ssh or through web interface log in please help me with steps. thanks in advance.
0
CompTIA Security+
LVL 19
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Hi,

A friend computer has an Endpoint encryption software that request password every time it restart; it's actually an encryption apps that she purchased (this is so if her computer is stolen, her data is protected).  I was given some time back an HP Spectre x360 to work with when I got in.  I want to know if HP has an equivalent apps - is there a way to find out?
0
We have a Web Admin GUI page which has a proprietary self-signed certificate installed and consequently displays 'this site's certificate is invalid' or 'this site is not private' error message, but gives you the choice to go forward anyway.  We currently login to this GUI via the IP address "https://10.191.100.55:9443".  There is no hostname for this IP.  9443 is the port assigned to the Web Admin GUI.

We have an in-house PKI and we are planning to generate a certificate for this site from our internal PKI and install it, so we don't see the invalid certificate error message any more.

My question is, can you create a certificate where the CN is the IP address, instead of a hostname ?  

Also when I generate the CSR for the certificate, should the CN= for the certificate be:

CN=10.191.100.55

- or-

CN=10.191.100.55:9443 (should the port number be included in the certificate CN ?)


Thank you.  Mona.
0
Have a new Samsung A7, Android 8.0.0 OS.

Can't see the option for encrypting the PHONE.  

Have encrypted the SD card.

Have set up a PIN & fingerprint sensor unlock.

I recall there was an option to encrypt the phone - had one with my Sasumg J5.

But, can't find the option to encrypt anything beyond the SD card on this phone.

What am I doing wrong?

Many thanks!

OT
0
Erasing a Macbook HD that has FileVault enabled - Can I just completely erase and start fresh? Or will I have problems doing that since FileVault is currently enabled. The recovery key is nowhere to be found. Thank you in advance!
0
The user just has a POP account and the latest Symantec Encryption Desktop, Office 2007, and the computer is running on Windows 7 32bit.

Would the installer for Office365 uninstall Office 2007 and automatically migrate the PST and the autofill file?  Or do I have to upgrade manually?  If I have to do it manually, what's the procedure?

Thanks
0
Other than Factory Reset, what precautions can I use to DEEPLY erase a used Android Phone that I've gotten?  Need some EXTRA level of erasing before I apply all my data to it.

One idea that occurred to me: activate phone with a dummy account.  Turn on video, and just let it run until all the memory has been written over.

Then: Factory Reset again, add REAL account.

What's a good way?

Many thanks,

OT
0
Hi, I have a question for VPN peer IP address. I have a block of public IP addresses I can use. One of them of course is assigned to the public facing interface on my firewall. I need to set up a half dozen site-to-site VPN on the firewall with external agencies. What is the pros and cons of using the interface IP address as the VPN peer IP address for all the VPN sites v.s. using the different public IP address for each individual VPN sites? I am thinking maybe using unique IP address for each VPN peer makes it is easier for tracing and troubleshooting issues, but that's just my random thoughts. Is there a set standard and reasoning as to how you should assign IP address when there are multiple VPN peers?

Also, when it is necessary to NAT the VPN encryption domain (interesting traffic) to a public IP address, is it recommended to use an IP address other than your VPN peer IP address? It seems like using the peer IP for NAT works just fine, but I was told once it's not recommended with no clear explanation.

Thank you in advance for your comments!
0
Hello,
First at all sorry for my bad English.
I would like to create a kind of lock with no internet connexion and a RTC inside.
The lock will open with a code 8 chars long. The chars can be from 0 to 9 and from A to D. (I use a 16 key keypad)
The main idea is to have a code generator that encrypt with this 14 chars (0-9 and A-D) a code that says to the lock : you will have to open from this date until this date. And because i want the code to work only with the serial of one lock the code have to be compatible only with the lock I create the code for.

So to resume :
I have a lock with a 16 keys that are 0-9 and A-D the last two are R for reset and V like run :)
The lock have a serial number could be 000 to 999
When I create the code the code have to contain on max 8 chars : the start date, end date and the serial of the lock.

I've tried some ideas like work with a base 14 or something like. Use a kind of offset from the a defined date that is the same on the lock and the generator and then use the difference from this date to create the start date. Use the serial of the lock to do a CRC so when the lock check the code if the CRC is not ok then it won't open.

Well as you see I'm getting lost so if you have a simple idea please help

Thanks a lot
0
Windows 10 Bitlocker and Device Encryption.

I have  what seems to be a simple question, I'm reading a Microsoft document about disk encryption for Windows 10 and it points to enabling Device Encryption:

Select the Start  button, then select Settings  > Update & Security  > Device encryption. If Device encryption doesn't appear, it isn't available. You may be able to use standard BitLocker encryption instead.

If Device Encryption is not available they suggest to use BitLocker. My question is what is the difference between the two? Is there a specific requirement needed for  "Device Encryption"?

Thanks in advance.
1
Fundamentals of JavaScript
LVL 19
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

A laptop is encrypted with BitLocker, 128 AES, but I need it to be 256 bit AES, can I accomplish this without de-encrypting the SSD?

Can I re-encrypt SSD, with BitLocker encryption without first de-encrypting it? The goal is to change the AES encryption type to 256, from 128 AES.

What is the best way to convert an SSD encrypted with 128 AES, to 256 AES encryption using Microsoft BitLocker?
0
What is the most secure yet inexpensive NAS drive encryption software?
0
We will be implementing a GPO that will require USB drives to be encrypted before they can be written to.  I have this GPO working, but I also need to exclude this policy from applying to certain users (Domain Admins, Desktop Support, etc.).  So far any attempts at this piece have been unsuccessful.  We are using BitLocker for the encryption.

Any suggestions as to how to accomplish this?
0
Hi Guys,

We have a couple of "internal" servers with self-signed certificates.  An IT audit raised concerns about the self-signed certificates as some are using SSL 2 & SSL 3 encryption methods.  Services and applications running on these servers are only accessible internally.

A second scenario is a server which has external access, but do have a proper SH2 2048 public certificate installed.  However, the report still picks up an issue with another self-signed certificate on the same server.

My question, does these self-signed certificates pose any security risks, or can it be safely ignored?
0
Does anyone know if the Azure Information Protection labels work on the MAC OSX version of Word, Excel and Outlook?  We have Microsoft Business 365 and I'm trying to see if our mac users can utilize the security encryption features.
0
Does BitLocker encrypt individual files inside a zip file?

I know that when data is a rest, it is encrypted in the Microsoft cloud, but if the file has a zipped extension, are individual files encrypted?
Does BitLocker encryption on OneDrive for Business encrypt individual files with in a zipped file? I was told that Microsoft uses BitLocker to encrypt data on OneDrive for Business, so if this is still true, then would it only encrypt the zip file and not the files instead of it?
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.