Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Guys,

We have a couple of "internal" servers with self-signed certificates.  An IT audit raised concerns about the self-signed certificates as some are using SSL 2 & SSL 3 encryption methods.  Services and applications running on these servers are only accessible internally.

A second scenario is a server which has external access, but do have a proper SH2 2048 public certificate installed.  However, the report still picks up an issue with another self-signed certificate on the same server.

My question, does these self-signed certificates pose any security risks, or can it be safely ignored?
0
Become a Microsoft Certified Solutions Expert
LVL 13
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Hi,

I have a question regarding exchange 2016. I need a statistic of how many emails are encrypted on our server.

We want to switch from opportunistic to mutua TLS, but I need to know how many companies do not have TLS enabled.

Thank you in advance!

Best regards,
Bernhard
0
I have a hard drive that has been formatted by mistke and need to recover data. I am able to run a scan using EaseUS Data Recovery. I can see the entire folder structure, etc but no files. I have since been informed that the drive was encrypted using Symantec Endpoint Encryption. Is this the reason no files are visible? Would have assumed if it was encrypted I would not be able to see folder structure, etc?

I would like to know how to unencrypte the drive so i can run another scan to see if I can recover this data. Any help is appreciated. Let me know if you need any additional information.
0
Hi Experts,

What are the drawbacks for using keybase as an encryption engine in Terraform scripts?

Thanks a lot!
0
I am trying to establish a site-to-site VPN tunnel between an ASA 5505 and a Fortigate300d but the tunnel does not come up .
I have attached the config of the ASA.

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 192.168.0.251

!

interface GigabitEthernet0/2

nameif E1(outside)

security-level 0

ip address 192.168.1.2



access-list ooredoo-Tunnel extended permit ip host aspen1 10.71.100.0 255.255.255.0

access-list ooredoo-Tunnel extended permit ip 10.71.100.0 255.255.255.0 host aspen1

 

 

access-list E1_access_in extended permit icmp 10.71.100.0 255.255.255.0 host 192.168.0.205 echo-reply

access-list E1_access_in extended permit icmp 10.71.100.0 255.255.255.0 host 192.168.0.205 echo

access-list E1_access_in extended permit icmp any host 10.150.1.4 echo

access-list E1_access_in extended permit icmp any host 10.150.1.4 echo-reply

access-list E1_access_in extended permit icmp host 10.150.1.4 any echo

access-list E1_access_in extended permit icmp host 10.150.1.4 any echo-reply

access-list E1_access_in extended permit ip any any log

access-list E1_access_in extended permit ip any host 192.168.0.205

access-list E1_access_in extended permit tcp any host 192.168.0.205 eq www

access-list E1_access_in extended permit ip host 192.168.2.100 any

access-list E1_access_in extended permit ip any host 192.168.2.100

access-list E1_access_in extended permit tcp host 192.168.2.100 any eq https

0
The client needs to have a licensed version installed for Symantec Encryption Desktop.
I can't find any place to purchase this.

Thanks.
0
I know encryption decryption mechanism for a typical HTTPS based communications.

However, Failed to understand the how chemistry between below 2 blocks works  
{private&Public key} ---vs-  {SSL certificate }

Please advice
0
We build WordPress plugins that are widely distributed, of course.  Within our plugins, we need to make a call to a service that we have setup, which includes our own API credentials for this service.  These credentials need to stay protected.

We're at a loss at how we can distribute a plugin making calls to a service with our credentials, yet protect those credentials..??

First thought was encryption, but then the encrypted value would have to be included in the plugin, and if we're decryption in our service then all anybody would need is that encrypted value, so that won't work.

I'm struggling to think of another way around this.  Any ideas for me?  Any information on this would be greatly appreciated.  Thanks!
0
We had our guests' Wi-Fi network appear to be available with the same name and with "_A8" added to it. Users did not notice and tried connecting to it and connected to it. Only when I noticed they told me that its been a while there. I connected to it and checked connected device and discovered the booster. Can't remember the make and model now, but remember that it was Chinese brand I haven't heard of and it was the one you plug into the electricity socket and it picks up Wi-Fi and boosts it. I guessed that booster's login (admin and admin or something like that). I logged in there and disabled it. Did not think much about it because it was our guests' Wi-Fi which was separated from our main network by vlan. We set up new Wi-Fi straight away with new super long password and WPA2. I asked users to let me know if anything suspicious happens.
Last week users reported that the Wi-Fi with _A8 appeared and this time it is the new Wi-Fi with _A8. Not really sure how that happened. Users reported that they did not connect to it yet nor they did try to connect (difficult to say that this did not happen for 100%).
Normally we do not give out Wi-Fi password even though it is for guests as we do not have that many customers visiting. Users do not remember anybody asking for Wi-Fi password recently. hard to say for 100% when this new Wi-Fi with _A8 really appeared.

I need your help with:
1. How could this happen? We always use WPA2 encryption and the fact that the booster was …
0
Hey all,

This is more of a help with providing a client with a solution so hope you guys can help.

I am trying to work out a solution for one of my clients who has very sensitive data on his laptop. It is one user and also doesn't have the funds to put in place a lot of security measures. I have been thinking of BitLocker Encryption with Bios password and Biometric login with MFA on his emails.

This client likes Google Stream so we might go down this route for his emails and document storage. If we enable file stream, I am assuming the data is all in the cloud not on his computer?

What else is everyone doing in this scenario, I would love to know.

TIA
0
CompTIA Network+
LVL 13
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

Was just informed that one of our users laptops was stolen from a vehicle.  We're in the process of implementing some security measures, but it seams like this one might be too late.  We believe we had MBAM on the machine as well as bit-locker.  We also believe one-drive was being used.  Is  there anything we can do to protect us from any malicious activity or stolen info at this point?  

What can do we do on this issue and what can we do in the future?
0
How to add algorithms which are not supported by ADFS 4.0 out of the box. Trying to import an ECC certificate but the error message is the certificate key algorithm is not supported
0
Hi,

Hope somebody could help us with this issue..

We recently purchased a 5506-X firewall to add to our existing network. We work in a shared office environment and the IT department provided us with a Static IP for (outside) configuration of the firewall. In order to have access to the internet in our network environment we must authorize devices by MAC address. I have tested the outside IP on my laptop and was able to connect to the internet from the uplink provided to me.

We have followed all the steps necessary to setup the 5506-x firewall but cannot seem to get internet access. Also, we have allowed the mac address of each interface on the 5506-x to have access to the network.

Maybe we missed something and someone could help guide us in the right direction. We followed the instructions here but still know luck.

Below is the show configuration log...

 Saved

:
: Serial Number: JAD22310EK4
: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
: Written by enable_15 at 18:30:29.659 UTC Tue Jun 11 2019
!
ASA Version 9.8(2)
!
hostname AI-Firewall
enable password $sha512$5000$oN0ERX19wEcf1sA20aNprA==$h4DD3XDf1aAxawHyqyjPYQ== pbkdf2
names
ip local pool AI-Pool 10.222.222.100-10.222.222.120 mask 255.255.255.0

!
interface GigabitEthernet1/1
 nameif outside
 security-level 0
 ip address 67.71.213.166 255.255.255.252
!
interface GigabitEthernet1/2
 bridge-group 1
 nameif inside_1
 security-level 100
!
0
Dear Sir,

I have a question about https . In case, I apply a SSL cert (e.g. intranet.abc.com) but I type https://intranet instead of https://intranet.abc.com . Are there still have SSL encryption between the web browser and the web server?

Please advise. Thank you.

With regards,
Wataw
0
Does anyone know the best way to enable a Digital ID Encryption Certificate with Public Key using office 365?
0
Hello,

Whenever I start up Excel, I am getting the prompt "This document is both encrypted and password protected. The Office Open XML Formats available in Office 2007 and later provide stronger encryption. Do you want to increase the security of this document by converting to an Office Open XML document?"

However, I am not opening a file when starting Excel. No file opens either once Excel has started.

I am using Excel for Windows. Version: Office 365 MSO (16.0.11601.20174). Installed on my computer (not the web version). I am running Windows 10.

Any help with this error would be much appreciated. Thanks.
0
I have win 10 with bit locker enabled and then there is software issue then I tried to make restore to earlier point without disable bit locker and then I found it took more then 3 hours and not changing screen of  restoring system settings

1-do restore is not working while bitlocker is enabled
2-  whar are correct actions in this situation either before restoring when bitlocker is enabled or now after  problem has arrived
0
I'm trying to implement searchable encryption as proposed by Paragonie in a blog post on their website titled Building Searchable Encrypted Databases with PHP and SQL.  I am very new to data encryption, so there are a several points I'm not understanding and hope I explain it clearly.

Using their examples, I've created a test table per the example in the blog and changed a few datatypes to suite mySQL better:
CREATE TABLE humans (
    humanid int PRIMARY KEY,
    first_name varchar(500),
    last_name varchar(500),
    ssn varchar(500), /* encrypted */
    ssn_bidx  varchar(500) /* blind index */
);
CREATE INDEX ON humans (ssn_bidx);

Open in new window

The example then goes on to use a series of functions to encrypt/decrypt the data and pull data from the table
function encryptSSN(string $ssn, string $key): string
{
    $nonce = random_bytes(24);
    $ciphertext = sodium_crypto_secretbox($ssn, $nonce, $key);
    return bin2hex($nonce . $ciphertext);
}

function decryptSSN(string $ciphertext, string $key): string
{
    $decoded = hex2bin($ciphertext);
    $nonce = mb_substr($decoded, 0, 24, '8bit');
    $cipher = mb_substr($decoded, 24, null, '8bit');
    return sodium_crypto_secretbox_open($cipher, $nonce, $key);
}

function getSSNBlindIndex(string $ssn, string $indexKey): string
{
    return bin2hex(
        sodium_crypto_pwhash(
            32,
            $ssn,
   

Open in new window

0
We have a server (W2012) that we have encrypted the D drive using Bit Locker. After the drive is unlocked we receive  "Drive is not  accessible, Parameter is incorrect." error. we can restore access to the drive after running CHKDSK D: /F /R However this is not a permanent fix because this happens again after after the next server reboot. I was able to turn off Bit Locker on the drive and every check disk comes back clean. Once again we re-encrypted and the same thing happened all over again.
0
CompTIA Cloud+
LVL 13
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

I wanted to know what are some upcoming security conferences for the remaining year.  IE..blackhat….RSA...
Maybe some Artificial Intelligence / Machine Learning conferences pertaining to security, if any.
Maybe some financial and mortgage security training...
0
background, we host SAP onsite, Version 9.1
windows 10 machine - latest updates
Antivirus - Sophos endpoint
Encryption - bitlocker

Sap randomley crashes and gives us this error:

The description for Event ID 1000 from source Application Error cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

SAP Business One.exe
9.10.180.0
55b66d89
B1_Engines.dll
9.10.180.0
55b656a6
c000041d
0025121c
3f70
01d4fb37bfbaf172
C:\Program Files (x86)\SAP\SAP Business One\SAP Business One.exe
C:\Program Files (x86)\SAP\SAP Business One\B1_Engines.dll
945ce100-9174-4f26-99bf-d66d0c84b785

The handle is invalid
0
Hi there, I typically have all my computers (personal or work related) with preboot encryption implemented. Everything has been fine until recently my newest pc can no longer recognize that there is a keyboard connected via usb,  so in this case... I know the password which is fine, but there had been nothing out of the ordinary the day prior to this happening.

No updates, nothing that realistically would have changed anything...

PC is an MSI tridentx on windows... If theres anything specific I have to recall let me know and I will get back to you asap.... Really need to be able to access the pc so if someone can give me a solution relatively quickly I'd be inclined to offer some sort of bounty / reward..
0
Hi Experts,

I would like to exchange encrypted  information (by a certificate) from an IBM I-server to a Microsoft SQL server (2016)
Can I exchange the certificate used for the encryption from IBM to MSSQL server or vice versa?

For what I have read: I can create identical certificates on a source and target MS SQL server, but I cannot export and import this certificate.\

Can anyone help, please?
0
We have a Windows 2016 Standard Server running on VMWare ESX 6.7.  
There is a data drive on this server that we have encrypted with bitlocker.
It's set to automatically unlock the drive, however, this auto unlock doesn't happen until a user has logged back into the server.
So what's been happening, is our client will have a power outage, the server will shutdown, and boot back up when the power is restored.
They go to access this drive on their PC's because it's locked.  It become's available when the administrator logs into the server.

Is there a way to set bit locker to automatically unlock when the server boots and doesn't require an administrator logon?
0
Hey EE,

We want to install our internal root certs on all mobile phones in our org through BES UEM so that once the employee's phones
registered on BES, connect to Corportate-Wifi, they have access to internal resources like sharepoint / RDP etc.
In this question though, please ignore the BES pushing part as currently we are in the testing phase and BES is not in the question,
just trying to clear my concepts and installing cert manually for now. We are doing this so that only the authorized company phones
are able to get to our internal resources.

We are using BES UEM interface to push the certs to iphones, androids, and Blackberries. So far starting our test with iPhone only.
With BES UEM I am only able to push certs in format - .der, .cer, .key, .pem, .crt  which makes sense as we do not want
to push .pfx as it contains private key too.

These certs are provided by our Network team to us in server team and so far I am not sure how they were created and using
which internal root CA servers but I am told that they should be working as tested by installing them manually on the phone.   I got the cert
file in two different formats - .cer and .pfx

Issue is that if install the .CER file manually  on test iphone, it installs fine, user connects to Corporate-Wifi ( which installs another wifi cert )
And ABLE to browse internet but NOT ABLE to access internal resources like sharepoint or RDP to servers.

On the other hand, we are able to access internet as…
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.