Presentation on Black Hat Europe 2003 Conference. Security Analysis of Microsoft Encrypting File System (EFS)
|
|
- Tracey Skinner
- 8 years ago
- Views:
Transcription
1 Presentation on Black Hat Europe 2003 Conference Security Analysis of Microsoft Encrypting File System (EFS)
2 Microsoft Encrypting File System Encrypting File File System System (EFS) (EFS) is is a a new new feature feature in in Microsoft Windows EFS EFS lets lets to to protect protect sensitive data data in in files files that that are are stored stored on on disk disk using using the the NTFS NTFS file file system. system. It It uses uses symmetric key key encryption in in conjunction with with public public key key technology to to provide provide confidentiality for for files. files. It It runs runs as as integrated system system service, service, which which makes makes EFS EFS easy easy to to manage, difficult difficult to to attack, attack, and and transparent to to the the file file owner owner and and to to applications. Even Even if if the the file file can can be be stolen, stolen, over over the the network network or or physically, it it cannot cannot be be decrypted without without first first logging logging on on the the network network as as the the appropriate user. user. Since Since it it cannot cannot be be read, read, it it cannot cannot be be surreptitiously modified. The The file file encryption key key (FEK) (FEK) Ñ a a symmetric bulk bulk encryption key key Ñ is is used used to to encrypt encrypt the the file file and and is is then then itself itself encrypted by by using using the the public public key key taken taken from from the the user's user's certificate, which which is is located located in in the the user's user's profile. profile. The The encrypted FEK FEK is is stored stored with with the the encrypted file file and and is is unique unique to to it. it. To To decrypt decrypt the the FEK, FEK, EFS EFS uses uses the the encryptor's private private key, key, which which only only the the file file encryptor has. has.
3 Structure of Encrypted File Header File Encryption Key Encrypted with file ownerõs public key. File Encryption Key Encrypted with public key of recovery agent 1. File Encryption Key Encrypted with public key of recovery agent 2 (optional). Encrypted Data... Data Decryption Field Data Recovery Fields
4 How EFS files are recovered If If the the owner's owner's private private key key is is unavailable (for (for example, because because it it is is damaged), aa recovery agent agent account account can can open open the the file file by by using using the the private private key key for for recovery, which which is is applied applied to to the the DRF DRF to to unlock unlock the the FEK. FEK. The The mechanism for for file file recovery works works essentially the the same same way way as as decrypting a a file, file, by by using using the the user's user's private private key. key. A private private key key for for recovery cannot cannot decrypt decrypt the the DDF. DDF. If If there there are are multiple multiple recovery agent agent accounts, each each private private key key for for recovery decrypts only only its its own own DRF DRF and and no no other. other. Thus, Thus, there there is is no no danger danger that that an an unauthorized recovery agent agent account account can can access access information from from the the file file that that enables enables access access to to other other files. files.
5 File decryption process The The following steps steps are are needed needed to to be be accomplished to to decrypt decrypt a a file file encrypted encrypted by by Windows Windows 2000: 2000: 1. Get the System Key from Registry, floppy disk or password. 2. Decrypt userõs password hash stored in SAM Registry record. 3. Decrypt userõs Master Key. 4. Decrypt userõs Private Key. 5. Decrypt File Encryption Key of the file. 6. Decrypt file data.
6 System Key A System System Key Key is is used used to to protect protect the the SAM SAM (System (System Account Manager) record record in in the the Registry. There There are are three three ways ways to to store store a a System System Key: Key: 1. System Key is stored in the Registry in obfuscated form. ItÕs loading automatically when Windows starts. 2. System Key is stored on a floppy disk. This disk is needed to be inserted when Windows starts to unlock the SAM. 3. System Key is derived from a password entered by user on Windows startup. In this case System Key is not stored somewhere.
7 User password hash decryption process System Key Session Key Secret Key PID Password Hash Hash
8 Master Key decryption process (Windows 2000) Password MD4 Hash SID User Encryption Key 16 bytes from Master Key container Master Master Key Key
9 Master Key decryption process (Windows XP) Password SHA1 Hash SID User Encryption Key 16 bytes from Master Key container Master Master Key Key
10 Private Key decryption process (the original version of Windows 2000) Master Key 16 bytes from Private Key container 5 bytes part of key 11 bytes part of key from Private Key container Private Private Key Key
11 Private Key decryption process (version of Windows 2000 with Service Pack) Master Key 16 bytes from Private Key container Private Private Key Key
12 FEK encryption/decryption process Private Key File File Encryption Key Key
13 Small cryptanalysis of EFS encryption Generally algorithms used used in in the the EFS EFS are are cryptographically stable stable when when the the key key length length is is enough enough to to make make a a brute-force attack attack impossible. Only Only one one exclusion is is an an RC4 RC4 algorithm used used to to encrypt encrypt the the Private Private Key Key in in the the original original version version of of Windows In In this this case case the the key key length length is is bits bits but but only only bits bits are are dependent from from the the Master Master Key. Key. Other Other bits bits are are well-known and and stored stored in in the the Private Private Key Key Container. Therefore in in the the original original version version of of Windows each each Private Private Key Key is is protected by by 40-bits 40-bits key key which which can can be be found found by by a a brute-force attack attack during during the the reasonable time. time. After After that that the the File File Encryption Key Key can can be be found found instantly and and therefore itõs itõs possible possible to to decrypt decrypt the the file. file. This This vulnerability is is fixed fixed in in the the Windows Service Service Pack Pack There There is is strong strong 160-bit 160-bit Triple Triple DES DES encryption of of a a Private Private Key. Key. Windows XP XP donõt donõt have have this this vulnerability at at all all because because EFS EFS uses uses SHA1 SHA1 password hash hash instead instead of of MD4 MD4 hash hash to to decrypt decrypt a a Master Master Key. Key. SHA1 SHA1 hash hash is is not not stored stored on on the the physical physical disk disk so so it it cannot cannot be be stolen stolen by by an an unauthorized user. user.
14 Possible attacks to decrypt EFS-encrypted files Although Although the the algorithms algorithms used used in in the the EFS EFS are are cryptographically cryptographically stable stable there there are are several several attacks attacks which which can can be be used used to to decrypt decrypt files: files: 1. There are files which contain Private and Master Keys, SAM and System records of the Registry. Any user passwords are unknown. For example we have a hard disk with installed Windows 2000 and we donõt know user passwords as well as Administrator password. All files can be decrypted instantly. 2. There are files which contain Private and Master Keys. We need to find a user password and then decrypt the Private Key. 3. There is a Private Key container only. We can brute-force the 40-bits RC4 key to decrypt the Private Key.
15 Recovery possibilities Using Using Private Private and and Master Master Key Key containers as as well well as as SAM SAM and and System System Registry records records allow allow to to recover recover a a data data in in cases cases when when even even a a user user or or recovery agent agent certificate is is lost. lost. When When these these files files are are accessible we we can can decrypt decrypt any any EFS-encrypted file file of of any any user. user. EFS EFS in in Windows does does not not allow allow to to secure secure the the files files when when an an intruder intruder have have an an access access to to these these files files but but at at the the same same time time there there are are good good recovery possibilities in in aa cases cases when when recovery certificates are are lost. lost.
16 Advanced EFS Data Recovery Advanced EFS EFS Data Data Recovery is is a a program to to recover recover (decrypt) files files encrypted on on NTFS NTFS (EFS) (EFS) partitions created created in in Windows Files Files are are being being decrypted even even in in aa case case when when the the system system is is not not bootable and and so so you you cannot cannot log log on, on, and/or and/or some some encryption keys keys (private (private or or master) master) have have been been tampered. Besides, decryption is is possible possible even even when when Windows is is protected using using SYSKEY. AEFSDR effectively (and (and instantly) decrypts the the files files protected under under all all versions versions of of Windows (including Service Service Packs Packs 1, 1, 2 and and 3). 3).
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationEncrypting stored data. Tuomas Aura T-110.4206 Information security technology
Encrypting stored data Tuomas Aura T-110.4206 Information security technology Outline 1. Scenarios 2. File encryption 3. Encrypting file system 4. Full disk encryption 5. Data recovery Simple applications
More informationSecure Storage. Lost Laptops
Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include
More informationSecure data storage. André Zúquete Security 1
Secure data storage André Zúquete Security 1 Problems (1/3) ( The classical file system protection is limited Physical protection assumptions Physical confinement of storage devices Logical protection
More information2007 Microsoft Office System Document Encryption
2007 Microsoft Office System Document Encryption June 2007 Table of Contents Introduction 1 Benefits of Document Encryption 2 Microsoft 2007 Office system Document Encryption Improvements 5 End-User Microsoft
More informationNew Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer
New Technologies File System (NTFS) Priscilla Oppenheimer NTFS Default file system for Windows NT, 2000, XP, and Windows Server 2003 No published spec from Microsoft that describes the on-disk layout Good
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationMCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationUsing BitLocker As Part Of A Customer Data Protection Program: Part 1
Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationHow Endpoint Encryption Works
WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint
More informationPasscape Software. DPAPI flaw. Vulnerability of DPAPI data protection in Win2K, Win2K3, Windows Server 2008, and Windows Server 2012
DPAPI flaw Vulnerability of DPAPI data protection in Win2K, Win2K3, Windows Server 2008, and Windows Server 2012 Content 1 Brief description of the vulnerability 2 1.1 The... problem 2 1.2 Affected...
More informationTPM. (Trusted Platform Module) Installation Guide V3.3.0. for Windows Vista
TPM (Trusted Platform Module) Installation Guide V3.3.0 for Windows Vista Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM...
More informationManaging and Supporting Windows XP Chapter #16
Managing and Supporting Windows XP Chapter #16 Amy Hissom Key Terms Backup Operator A Windows 2000/XP user account that can back up and restore any files on the system regardless of its having access to
More informationTPM. (Trusted Platform Module) Installation Guide V2.1
TPM (Trusted Platform Module) Installation Guide V2.1 Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM... 6 2.2 Installing
More informationUsing Microsoft Windows Encrypted File System (EFS)
Using Microsoft Windows Encrypted File System (EFS) Agenda Protecting our Data Types of Data What is EFS How to use EFS Best Practices Protecting our Data Two types of disk encryption: Full Disk Encryption
More informationHow To Understand The History Of Anntds.Dntd.Dt.Dotnetdt Database On A Pc Or Macbook (Windows) With A Password Key (For A Macbook) And Password History (For Annt
Active Directory Offline Hash Dump and Forensic Analysis Csaba Barta csaba.barta@gmail.com July 2011 Disclaimer The views, opinions and thoughts in this document are the views, opinions and thoughts of
More informationSecure Socket Layer. Introduction Overview of SSL What SSL is Useful For
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
More informationOffice of Information Technologies (OIT)
Office of Information Technologies (OIT) Encrypting File System (EFS) November 14th, 2007 Contents Introduction... 1 Benefits... 1 How it works... 1 Enabling EFS... 2 Step 1: Obtain an EFS key pair...
More informationWhat users should know about Full Disk Encryption based on LUKS
What users should know about Full Disk Encryption based on LUKS Andrea VISCONTI Department of Computer Science Università degli Studi di Milano BunnyTN15 andrea.visconti@unimi.it December 17, 2015 1 /
More informationLegal Notes. Regarding Trademarks. Models supported by the KX printer driver. 2011 KYOCERA MITA Corporation
Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable for any problems arising from
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationEncrypting with BitLocker for disk volumes under Windows 7
Encrypting with BitLocker for disk volumes under Windows 7 Summary of the contents 1 Introduction 2 Hardware requirements for BitLocker Driver Encryption 3 Encrypting drive 3.1 Operating System Drive 3.1.1
More informationFile System Encryption in C#
INTEGRATED FILE-LEVEL CRYPTOGRAPHICAL ACCESS CONTROL Abstract Ryan Seifert ryanseifert@earthlink.net T. Andrew Yang Yang@UHCL.edu Division of Computing and Mathematics University of Houston - Clear Lake,
More informationHow Drive Encryption Works
WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................
More informationForensic Decryption of FAT BitLocker Volumes
Forensic Decryption of FAT BitLocker Volumes P. Shabana Subair, C. Balan (&), S. Dija, and K.L. Thomas Centre for Development of Advanced Computing, PO Box 6520, Vellayambalam, Thiruvananthapuram 695033,
More informationEncrypt-FS: A Versatile Cryptographic File System for Linux
Encrypt-FS: A Versatile Cryptographic File System for Linux Abstract Recently, personal sensitive information faces the possibility of unauthorized access or loss of storage devices. Cryptographic technique
More informationConfiguring Authentication for Microsoft Windows
Chapter 4 Configuring Authentication for Microsoft Windows In this chapter: Storing and Transmitting Credentials..............................69 Storing Secrets in Windows......................................83
More informationGuide to Securing Microsoft Windows 2000 Encrypting File System
Report Number: C4-006R-01 Guide to Securing Microsoft Windows 2000 Encrypting File System Systems and Network Attack Center (SNAC) Authors: Graham Bucholz Harley Parkes Updated: January 2001 Version 1.0
More information1 Step 1: Select... Files to Encrypt 2 Step 2: Confirm... Name of Archive 3 Step 3: Define... Pass Phrase
Contents I Table of Contents Foreword 0 Part I Introduction 2 1 What is?... 2 Part II Encrypting Files 1,2,3 2 1 Step 1: Select... Files to Encrypt 2 2 Step 2: Confirm... Name of Archive 3 3 Step 3: Define...
More informationExecutable Integrity Verification
Executable Integrity Verification Abstract Background Determining if a given executable has been trojaned is a tedious task. It is beyond the capabilities of the average end user and even many network
More informationThe Misuse of RC4 in Microsoft Word and Excel
The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft
More informationCHAPTER 1 INTRODUCTION
1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing
More informationFile System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1
File System Forensics FAT and NTFS 1 FAT File Systems 2 File Allocation Table (FAT) File Systems Simple and common Primary file system for DOS and Windows 9x Can be used with Windows NT, 2000, and XP New
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More informationSecuring the DB2 Database of your SAP System with Windows Encrypting File System
Securing the DB2 Database of your SAP System with Windows Encrypting File System Applies to: All SAP releases on IBM DB2 for Linux, UNIX, and Windows (in the following referred to as DB2 for LUW) on a
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationInnovative Secure Boot System (SBS) with a smartcard.
Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationCS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationHOW ENCRYPTION WORKS. Introduction to BackupEDGE Data Encryption. Technology Overview. Strong Encryption BackupEDGE
HOW ENCRYPTION WORKS Technology Overview Strong Encryption BackupEDGE Introduction to BackupEDGE Data Encryption A major feature of BackupEDGE is the ability to protect archives containing critical client
More informationWhitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015
Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is
More informationForensic Toolkit. Sales and Promotional Summary ACCESSDATA, ON YOUR RADAR
Forensic Toolkit Sales and Promotional Summary ACCESSDATA, ON YOUR RADAR What is AccessData s Forensic Toolkit? Also known as FTK, this application enables you to perform complete and thorough computer
More informationMessage Authentication Codes
2 MAC Message Authentication Codes : and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l08, Steve/Courses/2013/s2/css322/lectures/mac.tex,
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationWhite Paper: Whole Disk Encryption
How Whole Disk Encryption Works White Paper: Whole Disk Encryption How Whole Disk Encryption Works Contents Introduction to Whole Disk Encryption.....................................................................
More informationIntroduction to BitLocker FVE
Introduction to BitLocker FVE (Understanding the Steps Required to enable BitLocker) Exploration of Windows 7 Advanced Forensic Topics Day 3 What is BitLocker? BitLocker Drive Encryption is a full disk
More informationSecuring Data at Rest ViSolve IT Security Team
Securing Data at Rest ViSolve IT Security Team 1 Table of Contents 1 Introduction... 3 2 Why Data at Rest needs to be secure?... 4 3 Securing Data... 4 3.1 Encryption - Access Control Approach... 5 3.1.1
More informationGuidelines on use of encryption to protect person identifiable and sensitive information
Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More informationDIGIPASS CertiID. Getting Started 3.1.0
DIGIPASS CertiID Getting Started 3.1.0 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationDo "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?
Product Insight Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media? Author Version Document Information Utimaco Product Management Device Security 4.30.00
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationWindows passwords security
IT Advisory Windows passwords security ADVISORY WHOAMI 2 Agenda The typical windows environment Local passwords Secure storage mechanims: Syskey & SAM File Password hashing & Cracking: LM & NTLM Into the
More informationDeploying EFS: Part 1
Security Watch Deploying EFS: Part 1 John Morello By now, everyone has heard reports about personal or sensitive data being lost because of laptop theft or misplacement. Laptops go missing on a regular
More informationPointsec Enterprise Encryption and Access Control for Laptops and Workstations
Pointsec Enterprise Encryption and Access Control for Laptops and Workstations Overview of PC Security Since computer security has become increasingly important, almost all of the focus has been on securing
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationCertification Report
Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationUnderstanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization
Understanding Northwestern University s contract with Symantec Symantec Solutions for Cost Reduction & Optimization Chris Hagelin and Shane Scholes Symantec Account Manager and Symantec Sales Engineer
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationThe costs involved in securing data at the user level are minimum and its criticality maximum.
Cryptainer SE Secure the data, not just the network. Most companies invest millions of dollars in putting up firewalls and trying to secure their networks. Ironically they spend the least amount of money
More informationLab 7. Answer. Figure 1
Lab 7 1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server), determine the number of SSL records that are included in the frame, and list the SSL record types that
More informationImplementing and Managing Security for Network Communications
3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication
More informationVirtual Machine Encryption Basics
VMWARE TECHNICAL NOTE VMware ACE Virtual Machine Encryption Basics VMware ACE gives administrators the option of enhancing the security of virtual machines they distribute to end users by encrypting key
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationDigital Forensics. Tom Pigg Executive Director Tennessee CSEC
Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze
More informationDisk Encryption. Aaron Howard IT Security Office
Disk Encryption Aaron Howard IT Security Office Types of Disk Encryption? Folder Encryption Volume or Full Disk Encryption OS / Boot Volume Data Volume Managed or Unmanaged Key Backup and Data Assurance
More informationHP ProtectTools Embedded Security Guide
HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More information25. DECUS München e.v. Symposium 2002 2C02. EFS / Recovery
25. DECUS München e.v. Symposium 2002 2C02 EFS / Recovery Josef Beeking Compaq Computer GmbH Overview How EFS Works Recovery Basics Windows 2000 Standalone Scenarios Windows 2000 Domain Scenarios Windows.NET
More informationHTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)
CSCD27 Computer and Network Security HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) 11 SSL CSCD27 Computer and Network Security 1 CSCD27F Computer and Network Security 1 TLS (Transport-Layer
More informationB U S I N E S S G U I D E
VeriSign Microsoft Office/Visual Basic for Applications (VBA) Code Signing Digital Certificates Realizing the Possibilities of Internet Software Distribution CONTENTS + What Is Developer Code Signing?
More informationAD Image Encryption. Format Version 1.2
AD Image Encryption Format Version 1.2 17 May 2010 Table of Contents Introduction... 3 Overview... 3 Image Formats... 4 Keys... 4 Credentials... 4 Certificates... 4 Image Key encryption... 5 Appendix A
More informationMaintaining a Microsoft Windows Server 2003 Environment
Maintaining a Microsoft Windows Server 2003 Environment Course number: 2275C Course lenght: 3 days Course Outline Module 1: Preparing to Administer a Server This module explains how to administer a server.
More informationGoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey
GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With
More informationSecurity Recommendations for Multifunction Printers Will Urbanski, Virginia Tech IT Security Office and Lab
Security Recommendations for Multifunction Printers Will Urbanski, Virginia Tech IT Security Office and Lab September, 2010 Security Recommendations for Multifunction Printers 2 Overview With the rise
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationSQL Server Encryption Overview. September 2, 2015
SQL Server Encryption Overview September 2, 2015 ABOUT ME Edmund Poillion Data Platform Systems Engineer Skyline Associate since 1999 Started in App Dev, changed focus to SQL Server in 2012 Email: epoillion@skylinetechnologies.com
More informationEnova X-Wall LX Frequently Asked Questions
Enova X-Wall LX Frequently Asked Questions Q: What is X-Wall LX? A: X-Wall LX is the third generation of Enova real-time hard drive cryptographic gateway ASIC (Application Specific Integrated Circuit)
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationHigh Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models
A Cyphertite White Paper February, 2013 Cloud-Based Backup Storage Threat Models PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256-bit
More information7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.
Content 1.Introduction to Data and Network Security. 2. Why secure your Network 3. How Much security do you need, 4. Communication of network systems, 5. Topology security, 6. Cryptosystems and Symmetric
More informationHow To Understand And Understand The History Of Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professors Jaeger Lecture 5 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
More informationEFS Table of Contents
Encrypting File System for Windows 2000 Abstract This document provides an executive summary and a technical overview of the encrypting file system (EFS) that will be included with the Microsoft Windows
More informationHow To Use Pki On A Pc (For A Non-Profit)
Using PKI for PC Security Public Key Infrastructure (PKI) is an important foundation for network and information security. In essence, PKI provides an enterprise infrastructure for managing the keys necessary
More informationadvantages and disadvantages of EFS and effective recovery of encrypted data
advantages and disadvantages of EFS and effective recovery of encrypted data whitepaper Copyright (c) 2007 ElcomSoft Co.Ltd. Contents What is EFS? 3 EFS advantages and disadvantages 4 Data can be lost
More informationWireless ATA: A New Data Transport Protocol for Wireless Storage
Wireless ATA: A New Data Transport Protocol for Wireless Storage Serdar Ozler and Ibrahim Korpeoglu Department of Computer Engineering, Bilkent University, 06800 Bilkent, Ankara, Turkey {ozler, korpe}@cs.bilkent.edu.tr
More informationSecuring Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution
Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution NOTICE This Technology Brief may contain proprietary information protected by copyright. Information
More informationCIS433/533 - Computer and Network Security Cryptography
CIS433/533 - Computer and Network Security Cryptography Professor Kevin Butler Winter 2011 Computer and Information Science A historical moment Mary Queen of Scots is being held by Queen Elizabeth and
More informationBitLocker To Go User Guide
BitLocker To Go User Guide 1. Introduction BitLocker To Go a new feature of Windows 7 is a full-disk encryption protection technology for removable storage devices that are connected to one of the USB
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationAegis Padlock for business
Aegis Padlock for business Problem: Securing private information is critical for individuals and mandatory for business. Mobile users need to protect their personal information from identity theft. Businesses
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More information, ) I Transport Layer Security
Secure Sockets Layer (SSL, ) I Transport Layer Security _ + (TLS) Network Security Products S31213 UNCLASSIFIED Location of SSL -L Protocols TCP Ethernet IP SSL Header Encrypted SSL data= HTTP " Independent
More informationSafeNet MSSQL EKM Provider User Guide
SafeNet MSSQL EKM Provider User Guide Version 4.8.5 Documentation Version: 20080705 Copyright Information 2009 SafeNet, Inc. All rights reserved All intellectual property is protected by copyright. All
More information