Embed Size (px)
Citation preview
Easy Encryption:OS X and Windows 2K/Xp
Shawn SinesOARTech
August 8, 2007
Agenda• What is Encryption?• History of Encryption• Types of Data Encryption• Why Encrypt?• Encryption’s Impact• Commercial Tools:
– PGP Whole Disk Encryption• Free Encryption tools
– FileVault– Windows EFS
• Caveats • How to Encrypt
– Enabling FileVault on OS X– Enabling EFS for an encrypted
folder • Questions?
What is Encryption?
“Encryption is a procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.”Source: Kroll
History of Encryption
• The history of cryptography begins thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids.
• The development of cryptography has been paralleled by the development of cryptanalysis — of the "breaking" of codes and ciphers.
• Until the 1970s, secure cryptography was largely the preserve of governments. Two events have since brought it squarely into the public domain: the creation of a public encryption standard (DES); and the invention of public-key cryptography.
Source: Wikipedia
Types of Data Encryption
• Two Types of Encryption methods: Cipher and Code based– Cipher is more common method today.
• Encryption can be applied to computer data in a number of ways:– Storage/Hard Drive Encryption: Protects
Data at Rest– Traffic Encryption: Protects Data in Transit
Why Encrypt
• Encryption protects the university– ORC 1347: Exempt
from notification of exposure of personal information if encrypted
– Reduces risk of data loss through laptop/desktop theft
– Keeps our research and secrets safe
Encryption’s Impact
• Encryption is only one method of protecting data and in this example is keyed to disk encryption specifically - not encrypted transport of information.
• Encryption is “free” – Consider impact on backup strategies and
repurposing of [equipment]– Encryption also introduces support issues
with data use and access that have costs in manpower and resources
Commercial Encryption Tools
• PGP Whole Disk Encryption– Encrypts physical hard drives and implements boot
level protection.– Integrates with Active Directory– Centrally managed Private-key encryption system
using PGP Universal Server– Offers Public-Key storage as well for users– Does not encrypt Mac boot drives currently– Has limitations in dealing with multi-user machine
environments– OSU is currently piloting PGP for ODS users and some
colleges
Free Encryption Tools
1. Macintosh OS X FileVault
• Protects user home directory and desktop
• On-the-fly encryption/decryption
• Uses login password; no secret code
• Can use Master phrase in case of user corruption
2. Windows EFS• Protects files and
folders• Keyed to user to
keep personal files safe from prying eyes
• Can have key backed up
Caveats• Disk encryption increases wear on drives
because of the on-the-fly read/write nature• Many encryption forms are susceptible to
corruption if users do not shut down properly or power off properly - UPS and frequent data backups mitigate this risk
• Both EFS and FileVault rely on users to do the right thing to protect the data - it is not a whole disk solution.
How to Encrypt: FileVault on OS X
1. Go to "System Preferences", then click on "Security".
2. If desired, click on "set Master Password" to set a master password.
3. Click on "Turn on FileVault" to turn on FileVault; select other options as desired.
4. When finished, close the FileVault window.
How to Encrypt: File Vault on OS X
• Notes:
– FileVault only encrypts data stored in your user directory
– FileVault is not a tool to protect against hackers or viruses
– Because of the nature of encryption you should be careful to avoid force-quitting applications and minimize the number of improper shutdowns.
How to Encrypt: Windows EFS
1. Locate the files you want to encrypt• We recommend that you encrypt folders as opposed to
individual files – any new files you add to this folder will also be encrypted.
2. Select the file or folder and right-click on it; select “Properties”.
3. In Properties, select the “General” tab.4. Select the “Advanced” button. The Advanced
Attributes window will open and there will be 4 check boxes.
5. Check “Encrypt contents to secure data” (bottom).
6. Select “OK” button. EFS encrypts the file or folder.
How to Encrypt: WindowsEFS
• Notes:– Can only encrypt files and folders on
NTFS file system volumes.– Cannot encrypt:
• compressed files or folders. If a compressed file or folder is encrypted, it will be uncompressed.
• files marked with the System attribute • files in the system root directory structure
How to Encrypt: EFS
• Notes:– When a single file is encrypted, you are asked
if you also want to encrypt the folder that contains it.
– When a folder that contains files or subfolders is encrypted, you are asked if you want all files and subfolders within the folder to be encrypted.
– If you choose to encrypt the folder only, all files and subfolders currently in the folder are not encrypted.
– Any new files or subfolders added to the encrypted folder are encrypted once they are created.
Questions?
Resources:http://cio.osu.edu/buckeyesecure/
http://safecomputing.osu.edu8help
