160 likes | 386 Views
Easy Encryption: OS X and Windows 2K/Xp. Shawn Sines OARTech August 8, 2007. Agenda. What is Encryption? History of Encryption Types of Data Encryption Why Encrypt? Encryption’s Impact Commercial Tools: PGP Whole Disk Encryption Free Encryption tools FileVault Windows EFS Caveats
E N D
Easy Encryption:OS X and Windows 2K/Xp Shawn Sines OARTech August 8, 2007
Agenda • What is Encryption? • History of Encryption • Types of Data Encryption • Why Encrypt? • Encryption’s Impact • Commercial Tools: • PGP Whole Disk Encryption • Free Encryption tools • FileVault • Windows EFS • Caveats • How to Encrypt • Enabling FileVault on OS X • Enabling EFS for an encrypted folder • Questions?
What is Encryption? “Encryption is a procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.” Source: Kroll
History of Encryption • The history of cryptography begins thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. • The development of cryptography has been paralleled by the development of cryptanalysis — of the "breaking" of codes and ciphers. • Until the 1970s, secure cryptography was largely the preserve of governments. Two events have since brought it squarely into the public domain: the creation of a public encryption standard (DES); and the invention of public-key cryptography. Source: Wikipedia
Types of Data Encryption • Two Types of Encryption methods: Cipher and Code based • Cipher is more common method today. • Encryption can be applied to computer data in a number of ways: • Storage/Hard Drive Encryption: Protects Data at Rest • Traffic Encryption: Protects Data in Transit
Why Encrypt • Encryption protects the university • ORC 1347: Exempt from notification of exposure of personal information if encrypted • Reduces risk of data loss through laptop/desktop theft • Keeps our research and secrets safe
Encryption’s Impact • Encryption is only one method of protecting data and in this example is keyed to disk encryption specifically - not encrypted transport of information. • Encryption is “free” • Consider impact on backup strategies and repurposing of [equipment] • Encryption also introduces support issues with data use and access that have costs in manpower and resources
Commercial Encryption Tools • PGP Whole Disk Encryption • Encrypts physical hard drives and implements boot level protection. • Integrates with Active Directory • Centrally managed Private-key encryption system using PGP Universal Server • Offers Public-Key storage as well for users • Does not encrypt Mac boot drives currently • Has limitations in dealing with multi-user machine environments • OSU is currently piloting PGP for ODS users and some colleges
Macintosh OS X FileVault Protects user home directory and desktop On-the-fly encryption/decryption Uses login password; no secret code Can use Master phrase in case of user corruption Windows EFS Protects files and folders Keyed to user to keep personal files safe from prying eyes Can have key backed up Free Encryption Tools
Caveats • Disk encryption increases wear on drives because of the on-the-fly read/write nature • Many encryption forms are susceptible to corruption if users do not shut down properly or power off properly - UPS and frequent data backups mitigate this risk • Both EFS and FileVault rely on users to do the right thing to protect the data - it is not a whole disk solution.
How to Encrypt: FileVault on OS X • Go to "System Preferences", then click on "Security". • If desired, click on "set Master Password" to set a master password. • Click on "Turn on FileVault" to turn on FileVault; select other options as desired. • When finished, close the FileVault window.
How to Encrypt: File Vault on OS X • Notes: • FileVault only encrypts data stored in your user directory • FileVault is not a tool to protect against hackers or viruses • Because of the nature of encryption you should be careful to avoid force-quitting applications and minimize the number of improper shutdowns.
How to Encrypt: Windows EFS • Locate the files you want to encrypt • We recommend that you encrypt folders as opposed to individual files – any new files you add to this folder will also be encrypted. • Select the file or folder and right-click on it; select “Properties”. • In Properties, select the “General” tab. • Select the “Advanced” button. The Advanced Attributes window will open and there will be 4 check boxes. • Check “Encrypt contents to secure data” (bottom). • Select “OK” button. EFS encrypts the file or folder.
How to Encrypt: WindowsEFS • Notes: • Can only encrypt files and folders on NTFS file system volumes. • Cannot encrypt: • compressed files or folders. If a compressed file or folder is encrypted, it will be uncompressed. • files marked with the System attribute • files in the system root directory structure
How to Encrypt: EFS • Notes: • When a single file is encrypted, you are asked if you also want to encrypt the folder that contains it. • When a folder that contains files or subfolders is encrypted, you are asked if you want all files and subfolders within the folder to be encrypted. • If you choose to encrypt the folder only, all files and subfolders currently in the folder are not encrypted. • Any new files or subfolders added to the encrypted folder are encrypted once they are created.
Questions? Resources: http://cio.osu.edu/buckeyesecure/ http://safecomputing.osu.edu 8help