Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi, I connected two asa5505 with a crossover cable to learn site2site vpn, I have these configures for both but it just not working, there are no activities on the outside interfaces. I have tested each asa5505 connected to my home LAN with internet access to make sure the interfaces are working. Thanks!


ASA Version 8.2(5)
!
hostname asa-a
domain-name asa-a.domain
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 10.1.1.1 255.255.255.0
!
ftp mode passive
dns server-group DefaultDNS
 domain-name asa-a.domain
access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.2.2.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn …
0
Free Tool: IP Lookup
LVL 10
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
0
I have a question in regards to encrypting email.
Does exchange 2013 encrypt email when going outside of the exchange server and if so, is this set by default?
0
I recently setup a two-tier PKI with Microsoft Active Directory Certificate Services on Server 2012 R2. When I attempt to verify my configuration with the LDP.exe tool, I am prompted for a smartcard.  I have to click cancel serveral times, before the tool will connect to my domain controller.   The event log shows Schannel Errors with Event ID 36870 when the smartcard window is dismissed.
0
What is a good file and or drive encryption program ( on an external drive for mobile transport) that I can use on a windows 2008 server.
Is there a good free program? ( I prefer not to use Bit Locker)
0
I have a IdHTTPServer and i want implement the support for handle both http and https request. There are my consig

FSSLHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil);
FSSLHandler.SSLOptions.CertFile     := 'certificate.pem';
FSSLHandler.SSLOptions.KeyFile      := 'key.pem';
FSSLHandler.SSLOptions.RootCertFile := 'chain.pem';

FIdHTTPServer.Bindings.Add.Port := 443;
FIdHTTPServer.IOHandler := FSSLHandler;

FIdHTTPServer.Activate := true;

Open in new window


in the server directory i have ssleay32.dll and ssleay32.dll v1.0.2l (Win32) downloaded from http://indy.fulgan.com/SSL/

when i make a request from Chrome, in the security tab of the developer tool i see:

YLrb4.png
Also, analyzing the server with sslyze i have some others security issue (see VULNERABLE label):

> sslyze --regular local.XXXXXXXXXXXXXX.com:4343

SCAN RESULTS FOR LOCAL.XXXXXXXXXXXXXX.COM:4343 - 127.0.0.1
 --------------------------------------------------------

 * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

 * TLSV1_1 Cipher Suites:
     Preferred:
        None - Server followed client cipher suite preference.                                                            
     Accepted:
        TLS_RSA_WITH_AES_256_CBC_SHA                      -              256 bits                                                                  
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA                 -              256 bits                                    
0
Hi

I encrypted a USB drive using BitLocker To Go in Windows 10 Pro and when I inserted it into a new machine it prompted for the password. Once I entered it in I noticed a More Options section which allowed me to check Automatically unlock on this PC. I have since realized I don't want this to occur but I don't know how to make it go back to the way it was. I looked in Credential Manager with no luck. Sorry I'm new to BitLocker.
0
Dear
 I have problem with a user machine who made all excel files encrypted on windows XP , unfortunately the machine needs to install windows 7 on it after that all encrypted files not opened how i can solve  this case
thanks
0
1
 
LVL 98

Expert Comment

by:John Hurst
It was the initial Creator Update on my ThinkPad X1 Carbon. As I noted, the issues seem to be fixed in the last 60 days, so here is hoping for good / better with V1709
0
 
LVL 56

Author Comment

by:McKnife
John, this is about MacOS.
0
Hi All,

Im running an ASR 1000 with version XE 3.13.01.S (15.4(3)S1). Does it support SHA256 and AES256 for ikev1? I know it does for ikev2 but I am not sure about ikev1 both phase 1 and phase 2.
Here is what I found on a cisco website: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/116055-technote-ios-crypto.html

"Support for the NGE control plane (ECDH and ECDSA) has been introduced with Version XE3.7 (15.2(4)S). Initial control plane SHA-2 support was for IKEv2 only, with IKEv1 support added in Version XE3.10 (15.3(3)S). AES-GCM-128 and AES-GCM-256 encryption algorithms have been supported for IKEv2 control plane protection since Version XE3.12 (15.4(2)S) and 15.4(2)T. NGE dataplane support was added in Version XE3.8 (15.3(1)S) for Octeon based platforms only (ASR1001-X, ASR1002-X, ESP-100, and ESP-200); dataplane support is not available for other ASR platforms."

Whats the difference between data plane support vs control plane support?

Thanks and kind regards.
0
What does it mean to be "Always On"?
LVL 4
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Hey all I am trying to figure out how to get the following to work or replace in order to make work:

Module1:
    Private oTest                   As Class1
    Private InitDone                As Boolean
    Private Map1(0 To 63)           As Byte
    Private Map2(0 To 127)          As Byte

    #If VBA7 Then
      Public Declare PtrSafe Function GetSystemMetrics Lib "user32" (ByVal nIndex As Long) As Long
    #Else
      Public Declare Function GetSystemMetrics Lib "user32" (ByVal nIndex As Long) As Long
    #End If

    Private Declare Sub CopyMemoryByref Lib "Kernel32.dll" & _
                        Alias "RtlMoveMemory" (ByRef dest As Integer, ByRef & _
                        source As Integer, ByVal numBytes As Integer)
      
    Private Declare Function VarPtr Lib "vb40032.dll" & _
                             Alias "VarPtr" (lpObject As Integer) As Long

    Public Function EncryptData(ByRef bytMessage() As Byte, ByRef bytPassword() As Byte) As Byte()
    		Dim bytKey(31) As Byte
    		Dim bytIn() As Byte
    		Dim bytOut() As Byte
    		Dim bytTemp(31) As Byte
    		Dim lCount, lLength As Integer
    		Dim lEncodedLength, lPosition As Integer
    		Dim bytLen(3) As Byte
    		
    		If Not IsInitialized(bytMessage) Then Exit Function
    		If Not IsInitialized(bytPassword) Then Exit Function
    		
    		For lCount = 0 To UBound(bytPassword)
    			bytKey(lCount) = bytPassword(lCount) : If lCount = 31 Then Exit For
    		Next lCount
    		
    		

Open in new window

0
our exchange server is pts-msx-1.ptsnewmexico.com.  Our email addresses end in  @ptsofficesystems.com.  I am having trouble getting our certificates correct.  Currently we are configured as follows:

Domain name
mail.ptsofficesystems.com

Encryption Strength
GoDaddy SHA-2

Validity Period
11/10/2014 - 8/13/2018  




Subject Alternative Names (SANs)
 owa.ptsnewmexico.com
 mail.ptsnewmexico.com
 pts-msx-1.ptsnewmexico.com
 autodiscover.pts-msx-1.ptsnewmexico.com

We still get certificate problems.  Any help on the sans would be appreciated.
0
We have a request to put the highest possible security on a folder.  We've been asked to put 2 FA on access, but only to those who need to access that folder and preferably only when they have to access that folder.

We can't see how this is directly possible using Duo or RSA, but if there is we'd love to know how.  If it is not, what kind of "out of the box" ways can we have a very high security folder within an environment?

We considered moving it to the cloud to secure it with 2FA, but this also then exposes a cloud/Internet component and they are looking for the tightest security possible.

Thanks to everyone who contributes!
0
Hello Experts!

OK, so I created an RSA Key Container using this code I got from the Microsoft Web Site:
https://msdn.microsoft.com/en-us/library/ca5htw4f(v=vs.110).aspx

I want to Export that RSA Key Container so I can Import it on another server...however when I try to do that it tells me:
"The RSA Key Container was not found"
When using this command:
aspnet_regiis -px "MyKeyContainer" "c:\keys.xml" -pri

Why?
0
I'm having difficulties with setting up a new site to site vpn to two other sites. I currently have a site to site working with from the 128.0 to the 2.0 networks.  I have a new site which I'm trying to configure a site to site vpn to the other two sites through the vpn wizard and they aren't connecting.  I went through the ASDM site to site vpn wizard and it worked for the first one but it doesn't for the new site to the others.  I have included the configs below.

192.168.1.0 NETWORK
:
ASA Version 9.1(6)
!
hostname ciscoasa
enable password OlOxQ1nyrZ49h6MK encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 104.201.x.x 255.255.255.252
!
ftp mode passive
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network EMAIL
 host 192.168.1.253
 description Woodchuck
object network Webserver
 host 192.168.1.254
 description ETIMAIN
object network cl
 subnet 192.168.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.1.0_24
 subnet 192.168.1.0 255.255.255.0
object network SC
 subnet 172.172.128.0 255.255.255.0
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list…
0
I have heard that Blockchain Database are secure because of their use of "Byzantine fault tolerance."

I am told, Blockchain algorithms use encryption techniques to intertwine new data with existing data using this type of cryptography.

Please verify this and explain in more detail where the term "Byzantine fault tolerance" comes from and what it is exactly?

Thanks
0
When trying to decrypt from shared dasd to mainframe using gpg decryption.  The file shiows up on the mainframe decrypted but with extra blank lines after each row.
Here is the decryption command... not sure why the extra spacing.... Any ideas ??

//STDIN    DD *                                                  
file=inputfilename.pgp                                  
ip=/folder path on shared dasd/$file  
sudo gpg -d --batch --yes --passphrase n1aCEvJns4 $ip            
//                  
                                           
Thank You !!
0
I have a customer with Windows 10 Home Ed. What is recommend to encrypt the entire hard drive?
0
We have a business scenario in which our clients send PHI to us. Our policies mandate encrypting the payload (containing PHI) prior to transfer, and then using S-FTP to conduct the transfer. We're getting complaints from our clients that the process is cumbersome.  We ask them to encrypt using 7zip, and then open Filezilla to send the payload. We think it's pretty simple but alas, some of our clients think otherwise. What we like to have is one application that can do both with a very simple UI:
1. Select the files to be shipped.
2. Under the covers with some configuration files perhaps, specify a client name and a public key for encryption.
3. Provide a username/password for the S-FTP.
4. Send.

Does anyone know whether such a tool exists, or would we be scripting this ourselves?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE
LVL 4
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

I'm trying to identify a ransomware virus that hit a network. I believe it is “FakeGlobe” virus. Aside from not knowing how it got on the network, there are other things I cannot figure out.  The more I know, the better I can protect this network. We did have backup replicated offsite so we are good. It just took a lot of work rebuilding servers and restoring data.

This virus uninstalled TrendMicro on servers and workstations. It then ran on those devices.  This created a unique encryption. If they were to have paid to get it unencrypted, they would have had to pay for each computer separately.  It appears it did not rely on shared drives to spread it.  

It also infected a server that was off the domain. The administrator account password was not the same as administrator password on the network. I have no idea how they could have gotten to that.

There are only three people with domain admin rights and there are service accounts with domain admin rights. None of the three users were on the network when it hit on a Saturday evening.  Passwords for the accounts with administrator rights were not changed. This means they had to find a way to read the passwords.

I did see information about  Pony Botnet that may have been used https://thehackernews.com/2014/02/pony-botnet-steals-220000-from-multiple.html 

I’m just looking for thoughts and ideas on how this could have happened so I can prevent it from happening again.  I’d like to know if it was done manually by …
0
Hi,

I had a customer ask this today. I know what a SHA256 hash is, but is a SHA1 certificate?

Thanks,

Chris
0
I'm trying to setup SQL Server to use SSL encryption when connecting however i'm unsure about the Certificate to use, can I use an existing Trusted Root Certificate and extend its purpose? Or do I need to install a new certificate?
 
Any guidance much appreciated.
 
Thank you
0
I have an external-removal drive and would like to use BitLocker but not able to find out where to enable it.
Also if the drive is removed ,with the correct key , can it be accessed on another Windows O/S when needed?
Also what might be a good free encryption software that can be used on different computers.
Thanks
0
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
1
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
0
 
LVL 43

Author Comment

by:Adam Brown
Comment Utility
Thomas,
I'll correct that to say "longer than the universe has existed" instead of as long as. I was working off my memory of the calculations...Not a huge issue, though, since both lengths are stupendously long.
1
Hi,

am wondering if it is possible to enable bitlocker on a volume with data already written to that volume?  Win2008R2.
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.