Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

Would like to brainstorm: out there what are the controls/measures organizations put in place
when transferring/processing data (within same company) but across countries (which has
different laws & regulations) ?

So far, thought of the following:  pls add on or comment.  Certainly remove if there are
irrelevant ones.

Endpoint
-      Endpoint Encryption (if data flows to endpoint): what about data at rest??
-      USB lockdown

Gateway
-      Web Scanning
-      Email screening

Servers / DB
-      Database Activity Monitoring?  Is built-in DB audit trail sufficient or need
        DB activity monitoring tools like Imperva ?
-       Data masking of card# (for PCI-DSS)
-       Need DB encryption?

Transmission
-      Encryption of files (what are the standards?)
-      VPN / secure file transfers (is SSL/TLSV1.2 enough) ?

Non-disclosure agreement
-       Is there a need to sign NDA (for intra-company or this applies only to inter-company)

Is this treated as 'Outsourcing' if it's intra-company ?
0
Free Tool: Subnet Calculator
LVL 11
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

There's a discussion internally within our corporate if it's a concern that an internal staff attempts to copy out
SAM & passwd  and then run a password cracking tool on it.

Q1:
Is this a valid concern?

Q2:
In DoD B2 (or is it C2), the file containing hashed passwd  'vanishes' : is the purpose to prevent someone from
copying out the hashes for cracking?  Or what's the purpose of doing this?

Q3:
What are the measures we can put in place to prevent internal staff from making cracking attempts on SAM
& a Unix file containing the hashed passwords?  Should stronger hash (what's the current best practice?)  or
encryption be used?
0
HI
I'm just implementing a DPI inspection and I've download a key from my sonicwall firewall.
This cert. has been distributed to my PC over GPO.
How do I distribute the same cert to my MAC clients  ??
0
Hell0 Experts

I recently installed a Cisco 1921 router as the def gateway for my network. I also have a Cisco ASA5505 9.2 on the LAN behind the router. My goal is to allow AnyConnect Client SSL, Clientless SSL and site to site VPN passthrough on the router. So far I had a chance to test Client SSL and Clientless SSL and my router configuration does not seem to be working. From the LAN I can establish a VPN session to the outside interface of the ASA. Can you please review my configuration and point me in the right direction?

C1921 Config:
Int G0/0
ip add x.x.x.99 255.255.255.252
ip nat outside
ip virtual-reassebly
!
Int Gi0/0.17
des ASA UPLINK - OUTSIDE
enc dot.1Q 17
ip add 172.17.0.2 255.255.255.252
!
Int Gi0/0.100
desc LAN
enc dot1Q17
ip add 192.168.1.2 255.255.255.0
!
ip access-list standard ACL-NAT
permit 192.168.1.0 0.0.0.255
permit 172.16.0.0 0.0.0.255
!
ip nat inside source static list ACL-NAT int gi0/0 overload
ip nat inside source static udp 192.168.0.1 500 x.x.x.99 500 extendable
ip nat inside source static udp 192.168.0.1 4500 x.x.x.99 4500 extendable
ip nat inside source static udp 192.168.0.1 1701 x.x.x.99 1701 extendable
ip nat inside source static tcp 192.168.0.1 1723 x.x.x.99 1723 extendable
ip nat inside source static tcp 192.168.0.1 443 x.x.x.99 443 extendable

ASA Config
int vlan 17
nameif outside
ip add 172.17.0.1 255.255.255.252
!
int vlan 100
nameif inside
ip add 192.168.1.1 255.255.255.0
!
route outside 0.0.0.0…
0
Hi,

I  just got this message, never seen this before:

backup encryption
What is it? Can we disable this? Is this important?
0
I'm working a project for a company that needs to insure that the documents and files stored on the hard drives of its executives are completely unreadable if any of the IT employees copy these files from the executives' hard drives to their own computers.

While only a few employees have domain admin access and would be able to do this in the first place we need to insure that if this is ever done that the files that are copied will be highly encrypted and won't be able to be read since this has already been done by former domain admins.

What kind of whole hard drive encryption software will do this?

Is this something that Symantec PGP whole hard drive encryption will do once the entire Windows 10 OS and hard drive of a computer is encrypted?
0
What is the best whole hard drive encryption program for Windows 10?

Would this be Symantec PGP or are their better alternatives?
0
I am trying to re-image a laptop with a DVD that has the OS but the DVD player is new and external. The laptop that still has a previous image on it and has Pointsec as the encryption software. So when I select the DVD player to run it tell me there are no drivers. How can I get the DVD drivers installed since I do not have the old password to login to the laptop?
0
hey guys, i have a Win 10 Pro machine with a TPM (1.2), and i am trying to setup bitlocker, i dont get an option though to setup a password, am i missing a step somewhere?
0
The Sonicwall OS is 5.x. This is just the base router, no extra licenses for IPS, malware etc... I recently setup L2TP VPN for a couple users - using long and complex Pre-shared secret and each have a very long and complex password... I have been blocking obvious attempts from just IP addresses trying to access a webcam port using the info I found on how to do that - but blocking an IP address from WAN  - doesn't seem to affect efforts of a couple outsiders trying to access via L2TP - I see the failed messages from the different stages... but they keep trying - and added their IPs to my 'Blocked IPs' address object group has no effect.
I want to be able to deny them access to even try to authenticate and get them out of the logs - like blocking IP addresses.
Anyone savvy on the SonicWALL as to how to prevent attempted L2TP connections from undesired sources? Is there a way to create access rules to block from L2TP to ANY or LAN, we have the network on the X0 interface.
My understanding is there is a VPN access list on the SonicWALL - but it does not apply to L2TP.
Thank you!
0
Keep up with what's happening at Experts Exchange!
LVL 11
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Hi all

Does it really save any purpose to encrypt a database (BE)with a password when some people are saying there are some free software out there that can break the encryption easily , I know for the FE we seam to be fine as long as we only give clients Accde files.

For queries I'm still using a special code to hide special keys( This is also an extra cover to FE objects), unless someone knows my backdoor hot key it will not be possible to unhide the queries.

Though strictly speaking the software is anchored on queries , VBA code  , macros and reports because even if one steal the tables with entity relation , how is it going to help without the treasured code???

Kindly educate me if I'm wrong!

Regards

Chris
0
Hi guys

We have backup types and all Eternal HDD are encrypted using BitLocker, now when I plug in one of the disks I have to login to the host and Unlock it. Is there any script or Method that I can setup to "When I connect one of the External HDD it will Automatilcy Unlock it using the password"  

Please could you help me to figure it out the script?

thank you
0
Hi,

I purchased a Samsung SSD with a new Dell Vostro 3000 Series Laptop.

When trying to clone the drive with either Acronis or Samsung Data Migration 3.1 I get a "cloning failed" and seems to point to the fact that the built-in 1TB 2.5" HDD is BitLocker encrypted.

BitLocker encryption is not enabled for the drive in Windows, but on Disk Manager is already shows "BitLocker encrypted".

How does one disable this BitLocker encryption if it is not enabled in Windows but shows that the drive is BitLocker encrypted?

Some Google searches pointed me in the direction of the built-in TPM Module which I have disabled in BIOS, but still no luck, the built-in HDD still shows "BitLocker encrypted" and cloning fails.

Thanks,
Reinhard
0
We have a user who heavily depends on Truecrypt (she uses the last known version prior the site leaving their users).  The size of the volumes range from 360gb  to 1 tb and have been using them since 2012 with no glitch whatsoever.  She changes the volumes password successfully every year.

Yesterday, a colleague told her that she has to have the keyfiles of each volume and even more, that right after creating all her volumes, she should have backed up those keyfiles - she has never done this.  We have search on this topic and effectively it does says it (see pix below).

 tc quest
Based on the above, 2 questions:

1. Is there any considerations or maintenance she should consider for her TC volumes?
    (this is because the user is constantly using the TC volumes, sometimes having them open for
    days even is she hibernate her computer, the TC volumes are open)

2. Since she never backed the header or keyfiles when creating TC, may there be some problem?
    Also should we do regarding this?


Thank you very  much in advance.
0
I have several Dell SonicWALL's in service but with one of them,  a TZ205 wireless-N, I can't remotely manage the Sonicwall.  I can connect to all computers at this remote location from a VPN tunnel, Site to Site.  If I connect to a PC behind that SonicWall I can then connect and manage the SonicWall.  This is an extra step that I don't want to have to deal with.

I've compared settings to my other SonicWalls's but none are the exact same model.  As far as I can tell everything is the same.

What am I missing?
0
I am trying to turn on bit locker but I get the error listed below

How do I get around this?

Cjoego
encryption-Error.PNG
0
Hi

Were looking at this in detail.  Would like to audit and monitor data that is being driven by users, so services and apps they are using, and what they are sending via email in particular.
Tried exchange online DLP - pants.
Mimecast DLP - pants
Sophos DLP - seems ok, but not great.

Anything else out there?

Thanks
0
using 7zip on windows 10 I opened a password protected 7zip file and then added a small folder

now the small folder is not password protected

I dont want to unzip and then rezip
0
Where is the long term memory module on iPhone 4?
I actually disassembled it and took out the motherboard, but I am unsure which module is the long term memory.
Hope someone can help.
0
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

I am getting an error when installing libsodium through php pecl.

sudo add-apt-repository ppa:chris-lea/libsodium - No problems
sudo apt-get update && sudo apt-get install libsodium-dev - No problems
pecl install libsodium - ERROR

The error is thrown because of libsodium being installed at version 1.0.3

I believe I need version 1.0.9 or greater.

How can I install the latest version of libsodium so I'm not bombing out when running pecl install libsodium?

My php version is: 7.0.25
0
Hello All,

I found "IPsec (ESP) packet dropped" events in attempts section in Sonicwall GMS.
Can anyone help me to resolve this issue.

Thanks
Yogiraj Pattani
0
Hi Team,

I have a requirement from my client to find the encrypted & non-encrypted devices from SCCM report. We are using McAfee as  a encryption software and want to identify which devices are encrypted & which are not using SCCM query or any report. Can someone help me with a best possible solution. We are not using bitlocker through our OSD task sequence. McAfee team is handling this and need some help in identifying this scenario.

Thanks,
Sunil
0
Hello,

We know that Experts Exchange is not a promotional platform for commercial products.

We are not trying to sell our products here, we are simply looking for people who are interested in the purely technical aspect of them and who can to guide us on the repercussions that some of our discoveries might have.

Indeed, as indicated in a previous question, we have created a data security algorithm that generates among other extremely long security keys and which is not based on the RSA system or any other known system. (from 3000 to 9000 bit, 27000 bit is not yet being authorized in the "Beta version”)

We know that as soon as we exceed a certain length in the size of the security keys it concerns a very sensitive domain of IT and it is for prudence that we first chose to subscribe to Experts Exchange to address us exclusively to truly qualified people rather than publishing this information on large public broadcasts.

We have also created another algorithm for the verification and the generation of Large Prime Numbers and it seems that it is more powerful than those other tools that we know and that are currently available on the internet (we do not know if we are authorized to publish their links right here ?)

Here again we know that this is an extremely sensitive field and because this tool has no known limits (except the one we impose ourselves based on the physical hardware) it is very …
1
Hello again,

We forgot to ask you a question about prime numbers.

We are indeed releasing a number primality check tool for which there is no actual size limit beyond the one we have imposed for material resource issues.

However, it is often mentioned the existence of ILLEGAL prime numbers and we do not quite understand the meaning of being able to define a number, which ever it may be, illegal.

However, given the nature of our tool which has no processing limit, we do not wish to have any problem with the authorities.

What is your opinion on the issue, do you think we expose ourselves to any risk by releasing such a tool?

Looking forward to hearing from you.

Best regards,


Ex0-SyS
Roland LECOCQ
www.ex0-sys.ch


P.S. In attachment you will find a text file contains the 3 previous and the 3 next numbers following the first illegal known one that contains 1401 digits.
0
Hello,

We have designed a data encoding algorithm on which we have developed a digital file encryption software for which key security levels have lengths ranging from 3'000 to 9'000 and up to 27'000 bits (this has nothing to do with RSA technology).

We are being cautioned that key lengths in excess of 2'048 bits could potentially be considered to be usable as computer weapons.

We do not wish to make mistakes and because here there is a lot of IT experts, we are sending you this message to ask you for advice for not doing any illegal things.

We are looking forward to hearing from you.

Best regards,
 

Ex0-SyS
Roland LECOCQ
www.ex0-sys.ch
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.