Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
3
Free Tool: IP Lookup
LVL 9
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard yourself from future ransomware attacks.
2
Internet of Ransomware Things ...
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others. This conference is aimed mainly at government agencies. So it addresses the various compliance issues with which they have to deal.
2
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
1
Acronis ransomware attack
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
1
 
LVL 64

Expert Comment

by:btan
Comment Utility
1
Doxware
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
2
Nature, Sky, Sunset, Man
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
5
 
LVL 2

Expert Comment

by:Jaime Lewis
Comment Utility
It sounds pretty great, but if you have family sharing turned on is your music/data/etc automatically synced to all devices on the plan? Or are there specific controls for that?
0
 
LVL 13

Author Comment

by:Justin Pierce
Comment Utility
Hi Everyone,

If you use on Family Sharing you have to set it up in the beginning. You do that by inviting members by name (it searches your Contacts app)  or email address (you can create an AppleID for a child if they don't have an email address). Once everything is setup, you the "Organizer" agree to pay for iTunes, iBooks, and App Store purchases for everyone that's in your Family Membership. The cool thing about Family Membership though is that "all songs, albums, movies, TV shows, books, and apps ever purchased by family members are immediately available to everyone else in the group" (that's all done automatically if they're in your Family group). Here is the skinny on Family Sharing: Link.

To touch on the music sharing, you will need to buy a Family plan ($14.99 a month), which is good for sharing up to 6 people. If you want just music for yourself it will cost $9.99, but for those college students who need music to keep them going, it will cost $4.99. Yep, Apple cares about you Under/Grad students who live off of noodles and PB&J.
1
Passwords-Xray
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
3
Acronis Ransomware Trends
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
2
Email Encryption

Encryption for Business



Encryption ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. The information passed between companies and clients needs to be encrypted as the contents are mostly confidential. Any business owner should know that the primary attack method to compromise sensitive company data is through email. Email is the chink in every organisation's armor and hackers will target that vulnerability. Encryption is necessary for companies as cyber criminals prey on emails that include attachments with private data, links, bank details and any other forms of crucial information.

With email encryption, a company can protect its sensitive information from cyber criminals by only allowing certain users access to the emails you send. Consider this, if you are away on vacation and want to send a pictured postcard to a friend, would the contents of your postcard include highly confidential information, for instance, bank details or the home alarm code? Of course not. Just like a picture postcard, a non-encrypted email can be exposed for all to see.

Businesses use email encryption to have more control and protection over sensitive information that they may share over email. The NSA and AT&T’s Spying Pact is a perfect example of…
0
On Demand Webinar: Networking for the Cloud Era
LVL 9
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
5
 
LVL 6

Expert Comment

by:mmarth
Comment Utility
can a file be encrypted with OpenSSL as it is being streamed in so it is not first saved in plaintext form
0
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in hardware. And for organizations in the healthcare industry adhering to HIPAA and HITECH Standards, there are a few keys to safeguarding their sensitive data.

Microsoft supports running workloads with Electronic Protected Health Information (EPHI) in Azure, but as discussed in an earlier article, it is important to understand their stance on Business Associate Agreements (BAAs) and the  shared risk model. In this model, the customer bears the burden of configuring the environment, or ensuring their service providers adhere to HIPAA and HITECH Standards.

Therefore, in this article, we discuss four key safeguards an organization can take when deploying workloads into Azure. To this end, the federal government doesn’t clearly outline in black and white what is required for HIPAA and HITECH, as much as require an organization to implement safeguards that are reasonable for their size.  The below keys are some of the safeguards a mid-market healthcare organization would be expected to implement to protect personal data.

Disable access from external networks or encrypt data in transit
0
Superb Internet Corp - SSL Certificates
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant.
Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like a customer’s personal and credit card information.
1
threat model
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
1
 
LVL 66

Expert Comment

by:Jim Horn
Comment Utility
Hi Shakshi

Thanks for your submission.  889 words, completely original content, and reads fairly well.  The technical aspects of this article seem pretty solid, but I'm going to send this back to Draft / Author Review for some general readability editing.  When you're done go ahead and resubmit and I'll review from there.

Please separate paragraphs with a blank line, as without that an article can resemble a 'word wall' where everything jumbles together and can be difficult to read.

>fruitful dispatch, inculcate, buttonhole, the prerequisite in a venture, Addedly, ingressed, environ
These words are rarely used and may confuse people.  Keep in mind that if these are local slang than it might not translate well to a global audience.  I can appreciate that you're trying to tell a story and be somewhat entertaining in the process, but just make sure you don't lose people in the translation.

>as it were, Addedly,
There are some phrases here that do not add value and can be deleted.

>Now let's take a brief about what Threat modeling is: Threat modeling does not include
Please define something by what it is, not what it is not.  The 'is not' stuff can always be added later.

>STRIDE & DREAD.
If terms are going to be introduced but not defined please at minimum provide a link to a definition.

Please provide a conclusion.

Feel free to self-promote in the 'About the Author' section, especially if you have other publications that readers of this one may be interested in reading.

For a lot more recommendations on how to score maximum points on articles check out Top 10 Ways To Write Rock Star Technical Articles

Thanks in advance.  I look forward to seeing this as a finished product.
Jimbo
0
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google Apps.
0
 
LVL 14

Author Comment

by:Allen Falcon
Comment Utility
I can quickly edit if you wish.
0
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
1
cloud
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our businesses and ultimately lives.
0
Crypto Ransomware
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
5
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
4
 
LVL 66

Expert Comment

by:Jim Horn
Comment Utility
Lots of content here and very well illustrated.  Voting Yes.
And I see it just made Featured Article on the homepage.  Congratulations!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE
LVL 4
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

The Ransomware Menace
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million dollar business.
5
 
LVL 64

Expert Comment

by:btan
Comment Utility
Recently there is also a ID ranswore toolkit which may be handy for identification though it may not be 100% since it is still signature based.
https://id-ransomware.malwarehunterteam.com/index.php
0
 
LVL 29

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
Thanks for the link btan.  The one I am looking at, Ransomware Detection Service, is similar to the one you point to, but console based instead of web based.  Also it is more for looking at network shares and identifying where an infection originated than anything else.  It should be noted that the website you linked is indeed an ID website and specifically says:

Can you decrypt my data?

No. This service is strictly for identifying what ransomware may have encrypted your files

Which is pretty much the same as RDS.
0
In this era, as you know, cybercrime and other sorts of frauds using the internet has increased day by day. We should protect our information assets and confidential information from getting exploiting by the attacker or intruders. Most of the fraud today is performed using email services. Intruder or Imposters send the emails to you pretending that the emails are coming from authenticated users and thereby get confidential information from you or about your organization. The imposter may manipulate or modify the email messages or attachments according to their benefits.

To protect from e-mail frauds using MS outlook and to save the messages from intruders, Microsoft Outlook provide a mechanism to deal with it known as digital signature and encryption of email messages.

Digital signature means digitally sign your document which identify the source of document (i.e. the documents is coming from or associated with the intended person which is sole owner of the document). In simple language a digital signature indicates the authenticity of a document. MS Outlook digitally signed the email using a digital ID formally known as a "digital certificate" which helps to prove the source identity. A digital signature helps prevent message tempering to protect the authenticity of your email message.
 

Before you digitally signed an e-mail message you need to create digital ID. Follow the steps below for creating digital ID that is being issued by certification authorities.

0
A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them more and more I decided to trial one so I could offer a better opinion.  The one I decided to trial was called 'LastPass'.  It came highly recommended from a couple of my Web Developer friends who now use it for every website that requires some form of login!

In addition to the recommendation I did some research on the program to give me a little more confidence and understanding – I suggest reading a few reviews prior to jumping into anything.



What is a Password Manager?
A password manager is a program that helps a user to better manage and organise their passwords for online accounts.  Most Password managers store your passwords and then encrypts them.  The programs then require the user to enter a Master Password to decrypt them before they can be access.

What is the benefit of having a Password Manager?:
If you’re anything like me you will have lots of online logins, then over time this can become difficult to manage.  I found myself trying multiple login credentials on sites before finding the one that works, eventually getting there but sometimes I would have to do a password reset.
Using a Password Manager takes away this problem.  All you have to do is remember the one password and the program …
4
Today, security is a big concern in an organization to prevent sensitive data leakage. In Outlook you can secure your Outlook items (emails, calendars, contacts and other stuff) using various techniques like by marking item as private, or you can put password in an entire personal folder (PST). Addionally, you can use a digital signature and digital certificate to achieve more security. In this article we will see some common practices that you can apply to secure your data in Outlook.

1.Mark Item as Private
When you create items, such as emails, calendars, journals and tasks, you can mark them as private. This practice will secure your item while sharing a folder with others (since the privately marked items don’t show up to other people while sharing). 
Read More on How to mark item as Private/Sensitive: https://support.office.com/en-nz/article/Mark-an-email-message-as-important-private-or-sensitive-f480dcea-59a9-48da-b7ed-3b3e0ab27a62​

2.Send Secure Encrypted Messages in Outlook
You can encrypt either an individual or all outgoing messages/mails in Outlook. Encryption means changing the plaintext into cyphertext which cannot be intercept in between. For sending a encrypted message in outlook you and the recipient must share Digital ID first and then only you can send or receive an encrypted message. Read More on How to Send Encrypted Message: https://support.office.com/en-sg/article/Encrypt-email-messages-373339cb-bf1a-4509-b296-802a39d801dc​
3.
7
If you are on a Windows computer and decide to protect a file with sensitive data, you can encrypt the file, password protect it or rely on steganography (hiding a file in an image). This technique is especially useful because unless someone knows that you have hidden a file in the picture, they might look at the picture and think nothing of it. 

Wikipedia has pretty good information on steganography. The link for that is here http://en.wikipedia.org/wiki/Steganography

The process is pretty straightforward and short. This article will show you how to hide and retrieve those files. You will need any software that creates zip or rar files like WinZip OR WinRAR, the files you wish to hide, and an image to hide the files inside.
 

HIDING THE FILES


1. Create a new folder (this is where you will put together the hidden files). I kept mine with the default name, "New folder"
  

2. In a separate file, select all the files you intend to hide and compress them into a ".rar" file.
This can be done by right clicking the highlighted files and clicking "add to archive" in the WinRAR group (the option might look different if you are using different software to compress files). I called my file "hide.rar".
step2.png
steptwo.png
3. Place the .rar file and your image (mine is called skydive) into the folder from step 1
step3.png
4. Open the command prompt
To do this press the Windows key + S then type "cmd" and press enter

5
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
Rar and Jpg are about the only compatible ways to do this now, used to be Gif and Zip.
https://www.cs.cmu.edu/~dst/DeCSS/Gallery/Stego/

Again this used to be true for ZIP, but is no longer (link above)
"There are two tiny facts about GIF files and ZIP files you might like to know about: GIF files have their length defined at the start of the file; any bytes after are ignored. ZIP files have a table at the end; anything at the start of the file is ignored. The result is that a file can be both a GIF and a ZIP, just change the extension."
---
Also note that when doing this (Rar+jpg), 3rd party programs do not understand the RAR file, only WinRAR can open the RAR file, not winzip, 7zip, or others.
-rich
0
 
LVL 5

Author Comment

by:Tj a
Comment Utility
Thanks for the extra info Rich.
0
Suppose you are a shopaholic and you shop online frequently from a website. That means that is obvious that you would have been registered yourself on that website. Now, once in a while that website that you always buy from becomes a victim of phishing attack. You are unaware of that fact and you visit that website again, but naturally you will login with your ID and password. You can’t even imagine the consequences you will have to face after that.

Well, for those of you who are still unknown to phishing, phishing is a process in which the actual website is hacked and a copy of that website is created (a fake one, of course) whose look and features are similar to that of the original one. It is normally done to acquire the usernames, passwords, credit card details and money, illegally.

So, if you own a website of any type -- be it commercial, educational, governmental -- and you have a login form that intakes the data like a username and password, you will very well understand the need of securing the login form. To fulfill this purpose you need a SSL certificate.

What happens when you don’t secure your Login Form?
 
  • When your login page is not secured at all, there is no way a user can know the authenticity of your website and hence he/she may drop the idea of going ahead.
  • If your website is not secured at all the browsers will show a warning regarding the untrusted connection and hence will decrease in visits and conversions.
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.