High Security Online Backup. A Cyphertite White Paper February, Cloud-Based Backup Storage Threat Models

Size: px
Start display at page:

Download "High Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models"

Transcription

1 A Cyphertite White Paper February, 2013 Cloud-Based Backup Storage Threat Models

2 PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256-bit AES keys in the secrets file. The secrets passphrase, 1024-bit salt and round count are used to decrypt both of the encrypted 256-bit AES keys using PBKDF2. Losing the secrets passphrase for any data backed up to Cyphertite.com means the data is irrevocably lost. Secrets File: The secrets file is composed of several pieces of cryptographic data used to encrypt chunks on a Cyphertite client machine: 2 encrypted 256-bit AES keys, 1024-bit salt and round count for PBKDF2, and a checksum for the rest of the data. Account Credentials: A user s account credentials are a username and password combination chosen by the user during account creation on Cyphertite. com. This information is usually stored in the user s Cyphertite.conf file on their client machine, but it can also be entered on-demand when running Cyphertite from the command line when Cyphertite.conf does not contain this information. Metadata File: A metadata file refers to a file which is required to restore a given backup. The metadata file is a list of filenames and directories each of which corresponds to a list of chunks, indexed by their SHA1 hash, that can be decrypted to reassemble individual files. It allows a single chunk to be stored once and referenced multiple times, saving computation time and drive space. Certificate Bundle: The certificate bundle is a collection of small files that containcryptographic data for network layer encryption: a CA certificate, a client certificate and a 521-bit ECDSA certificate authority keypair. Both certificates are signed using 521-bit ECDSA CA keys and all ECDSA keys use curve secp521r1, the NIST/SECG curve over a 521 bit prime field. Introduction Good disaster recovery (DR) practice requires keeping usable business-critical backups offsite. Organizations have traditionally implemented this by writing backups to tape and shipping the tapes to be stored offsite. This is costly and operationally complex, requiring hardware, personnel, and sound procedures to ensure that the offsite backups are up-to-date, secure, and able to be recalled and used in the face of disaster. Cloud-based backups are an attractive alternative to traditional methods because offsite storage is inexpensive, deduplication minimizes the use of bandwidth and drive space, and there is nothing to set up beyond the client on the local machine. However, when sensitive data is being backed up and the enterprise s responsibility encompasses the safekeeping of

3 PG. 2 that data, e.g. social security or credit card numbers, transmitting that data across the internet to an offsite location requires heightened attention to security and privacy issues. Current cloud-based backup systems often encrypt data only while in transit to the offsite server. Data is handled without encryption by both the local machine and the remote storage system so that it can be deduplicated, usually in a global deduplication pool. Cyphertite offers a solution to the security problems associated with cloud-based deduplicated backups, making high levels of data security attainable while still realizing the cost savings of realmwide deduplicated backup through the cloud. By encrypting data prior to transmission with cryptographic keys that are unique to each Cyphertite account and only ever reside with the account owners, Cyphertite literally puts the keys to securing data into the hands of the IT professionals who manage it. Cyphertite Transparency When serious security is a concern, those responsible want to be in control of how that data is secured. As an open source project, Cyphertite is fully inspectable by those who are using it to secure their DR data. They can see precisely how the Cyphertite code handles their data, and they can choose precisely how secure they want that data to be. Community testing and inspection help keep Cyphertite s security robust and current with the highest industry standards. The Threat Models There are at four threat models concerning disaster recovery data: 1. Client Machine Compromise 2. Client Machine Physical Theft 3. Eavesdropping and Interception 4. Offsite Storage Facility Data Disclosure 1. Client Machine Compromise If an intruder gains access to a client machine s root or administrator user, the intruder has access to the DR data for the account the client software is configured to use. There is nothing any backup software client can do to distinguish an intruder from the machine owner if the intruder authenticates as the owner. Even if steps are taken to secure the backup data, such as not storing the passphrase or account credentials on the client machine, there are several techniques an intruder could use to capture the passphrase and credentials, such as using a keylogger or other data capture techniques. Suffice it to say, in the case of a client machine compromise, all of the data on the client machine and the DR data have been compromised.

4 PG Client Machine Physical Theft For maximum protection in the case of the physical theft of a client machine or drives, encrypting hard drives offers a first layer of protection for all the data on the drives. The hard drive encryption would have to be cracked before the intruder could even access the Cyphertite backup software in order to then attempt to access the DR data. In all likelihood, physical theft of an encrypted client hard drive would not result in the disclosure of sensitive data. If the drive is not encrypted, then the intruder has access to all the data on the drive, and the backup software client becomes the only barrier preventing the intruder from accessing the offsite DR data. If the credentials are visible in the backup software client and no barriers to accessing DR data have been introduced, the intruder has access to the DR data. Cyphertite can be configured to impose one or more barriers and/or layers of encryption between an intruder and DR data in the case of the physical theft of a client machine. To use the Cyphertite client software on the stolen drive to gain access to the offsite DR data, the intruder needs the following Cyphertite configuration elements: Secrets Passphrase Secrets File Account Credentials Metadata File Certificate Bundle In brief, the secrets passphrase unlocks the secrets file which unlocks the DR data chunks which can be retrieved from the Cyphertite remote storage facility server using the account credentials, the certificate bundle and the metadata files. (see figure below). Secrets Passphrase Secrets File PBKDF2 2 Keys Salt Round Count Decrypted Keys USER ACCOUNT Account Credentials + Certificate Bundles Decrypted Files CLIENT Internet SERVER Account Credentials Encrypted Data Chunks Decrypted Metadata Encrypted Metadata FIGURE 1: Cyphertite Process

5 PG. 4 Where and how these five elements are stored determines how safe the DR data is in the case of the physical theft of an unencrypted client drive. It is possible to store any combination of one or more of these elements on or off the client machine and to store the secrets file and/or the metadata file on or off the Cyphertite storage facility server (the server always retains a copy of the certificate bundle and account credentials in order to authenticate clients). For a grid of all possible permutations of securing the five elements necessary to retrieve DR data from the Cyphertite server via the Cyphertite client in the case of a stolen, unencrypted hard drive, see Appendix 1. For maximum security, all five of the elements can be stored off of the client hard drive without storing a copy of the secrets file and the metadata files on the Cyphertite server. In this case, an intruder would have to first obtain the account credentials, the certificate bundle and the metadata file to retrieve the DR data from the CT server. If they were somehow able to attain those three elements and retrieve the DR data from the CT server, the intruder would then be faced with decrypting 256-bit AES-XTS and then decrypting 256-bit HMAC SHA256. There are two routes to accomplish that decryption, either by brute force or gaining access to the contents of the secrets file. The intruder would need to first acquire the secrets file, and then would need either to acquire the secrets passphrase or to break the PBKDF2 encryption of the secrets file by brute force. In short, storing all five elements off of the client and the secrets and metadata files off the server introduces the following barriers to access DR data on the CT server: 1. Acquiring Account Credentials 2. Acquiring the Certificate Bundle 3. Acquiring the Metadata File Additionally, it introduces the following barriers to decrypting that data if they manage to either: 1. Brute force decrypt 256-bit AES-XTS 2. Decrypt the secrets file, either via the secrets passphrase or by brute forcing PBKDF2 The owner of the machine, however, also needs all five elements in order to restore data from the offsite cloud-based storage. This means that maximum protection also means maximum inconvenience for the user. In order to perform a restore, the user would have to provide all five Cyphertite configuration elements. The user would also assume responsibility for securely storing these elements elsewhere than the client machine or Cyphertite server.

6 PG. 5 The default Cyphertite client setup is geared toward maximum convenience and stores all five elements on the client machine: the Cyphertite account username and the secrets passphrase are stored in the Cyphertite client config file. The certificate bundle, the metadata file and encrypted secrets file are all stored on the local drive. In addition, the default Cyphertite client setup stores a copy of the secrets file and an encrypted copy of the metadata file on the Cyphertite server. In the case of the default setup, since the secrets passphrase is visible in the Cyphertite configuration file, a stolen unencrypted hard drive means the intruder has access to all of the DR data from the account the client is configured to use. SECURING THE FIVE CONFIGURATION ELEMENTS: Securing the Secrets Passphrase To increase security of backup data in the case of a stolen, unencrypted hard drive, the secrets passphrase could be secured by storing it off of the client machine. The secrets passphrase is never transmitted to the CT server. Since it would not be stored in the Cyphertite configuration file and is never transmitted to the CT server, the user would have to secure that passphrase and provide it when performing operations with the Cyphertite client. In this case, if the other four elements are configured to be stored on the client, an intruder could access the encrypted DR data on the Cyphertite server, but would then be faced with decrypting that data. The weakest barrier would be the PBKDF2 encryption of the secrets file, which if cracked, would give the intruder access to the DR data. Securing the Secrets File To further increase security of DR data, the Cyphertite client can be configured to store the secrets file off of both the client and the server. Without the secrets file, the weakest barrier to DR data would be the 256-bit AES-XTS encryption used in the metadata files and the data chunks. Securing the secrets file becomes the responsibility of the user who must provide it to perform Cyphertite client operations. The secrets file can be stored off of the client and on the server, but unless the account credentials and certificate bundle are secured, an intruder can simply retrieve the secrets file from the server. Securing the Metadata File Each time a backup operation is performed, the Cyphertite client produces a metadata file which describes how meaningful files are constructed out of the chunked DR data. By securing the metadata files, the intruder is forced to manually reconstitute meaningful files from the chunked data. To secure the metadata files, they can be stored off of both

7 PG. 6 the client and server. It becomes the responsibility of the user to securely store the metadata file and provide it when restoring DR data. Metadata files can be stored off the client and on the server, but unless the account credentials and the certificate bundle are secured, the intruder can simply retrieve the metadata files from the Cyphertite server. They cannot, however, decrypt the metadata files without the secrets passphrase. Securing the Account Credentials In the case of a stolen, unencrypted hard drive, storing the account credentials off client introduces a barrier to an intruder attempting to access the Cyphertite server in order to acquire DR data. Securing the account credentials also affects the security of both the secrets file and the metadata file if these are configured to be stored on the server. If the secrets file or the metadata file are stored off client and on server, then the security of the account username and password becomes the primary barrier to acquiring those files. When storing the account credentials off client, their security becomes the responsibility of the user who must provide them in order to perform Cyphertite client operations. Securing the Certificate Bundle It is possible, though cumbersome, to keep the certificate bundle off client. This would have a similar effect to storing the account credentials off client, provided the account credentials are not stored on the client. If the account credentials are stored on the client it is possible to retrieve the certificate bundle via the web interface for the account which would then give access to the encrypted DR data on the server. 3. Eavesdropping and Interception Cyphertite cloud-based storage has two separate layers of encryption: client data is first encrypted prior to transmission and then encrypted again for transmission over the internet. The chunks of backup data are encrypted with 256-bit AES-XTS prior to leaving the client machine and those encrypted chunks are encrypted a second time for transmission using a 256-bit AES-CBC session key with 521-bit ECDSA keypairs used for session key exchange. The purpose of using encryption over the network is to prevent eavesdropping on client transfers to and from the Cyphertite servers. Were one to try to eavesdrop on DR data it would require extracting all 256-bit AES-CBC session keys which rotate regularly e.g. every 60 minutes. Connections can be intercepted and subjected to a Man-In-The-Middle (MITM)

8 PG. 7 attack but this will be detected if the client is using the correct certificate files supplied when signing up for an account. If a Cyphertite client account credentials are somehow intercepted, like via a plaintext between two employees (not great practice, but it could happen), the DR data would still be encrypted using session keys that are unknown to the eavesdropper. Even in the case that the account credentials *and* the key and cert bundle are known to an eavesdropper, the chunks and metadata files transmitted are themselves encrypted with 256-bit AES-XTS. DATA CHUNKS CYPHERTITE SERVER CLIENT SYSTEM ENCRYPTION 256 BIT AES-XTS TRANSMISSION ENCRYPTION KEYS & CERTS SYSTEM 521 BIT ECDSA FIGURE 2: Cyphertite Transmission Encryption 4. Offsite Storage Facility Data Disclosure In the real world, there is always the chance that the unforeseen can happen, and while unlikely, data on the Cyphertite server could be disclosed under a court granted subpoena. Data could also be disclosed in the case of physical or password theft at a Cyphertite storage facility. In all cases DR data on the CT server is protected by at least PBKDF2 encryption within the secrets file which even CT could not decrypt since the secrets passphrase only ever resides with the account owner. Cyphertite client configuration also allows for varying degrees of security/convenience where the remote storage facility is concerned. It is possible to configure the Cyphertite client to transmit its cryptographic keys files and/or its metadata files to the Cyphertite server. This is the least secure but most convenient configuration. As such, in order to perform a restore, the user needs to provide the account credentials, certificate bundle and the secrets passphrase file to perform a restore. A storage facility security breach in this scenario would mean that DR data is protected by the PBKDF2 encryption of secrets file since the secrets passphrase is never transmitted to the Cyphertite server. For added security, the client can be configured not to transmit the secrets file to the Cyphertite server. In this scenario an intruder would need to decrypt the 256-bit AES-XTS encryption of the DR data either by brute force or by acquiring access to the account s secrets file from the account owner.

9 PG. 8 For even more security, the Cyphertite client can be configured not to transmit the metadata file created during the backup process on the Cyphertite server. In this scenario, the intruder would be forced to manually reconstitute meaningful files from the any chunked data they managed to decrypt. Summary Data backup security including accessibility and privacy is without question one of the lead issues for IT professionals and the organizations they serve. Control, transparency, and accountability are critical attributes that informed managers value as the stakes in today s networked data environment rise. With its security protocols, its transparently-inspectable code and its respected track record in the open source community, Conformal System s Cyphertite is uniquely positioned to provide a credible and responsible answer to the threat models outlined in this paper. For more information, visit

10 PG. 9 Appendix 1 UNENCRYPTED CLIENT THEFT SCENARIOS Any combination of the below pieces of data may be stored off the CT client (2^5=32 configurations). Each piece of data being stored off the CT client carries an increase in security along with an inconvieniece of storing it off the client. CT CLIENT DATA SECURITY GAIN INCONVENIENCE 1 3 Secrets Passphrase 1 Secrets File 1 Metadata File 3 Account Credentials 1 Certificate Bundle 2 Due to the inconvenience and complexities associated with storing CT client data off the machine, we recommend use of full disk encryption on clients whenever feasible. Appendix 2 SERVER DATA DISCLOSURE SCENARIOS There are a number of scenarios that may arise where data is forcibly disclosed from the server side which are listed in Section 4. The security of DR data on the server depends on which pieces of data are stored on the server. In a similar fashion to the unencrypted client scenarios, there is a level of inconvenience attached to each peice of data being stored off the server. CT SERVER DATA SECURITY GAIN INCONVENIENCE 1 3 Secrets File 1 Metadata File 3

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

AD Image Encryption. Format Version 1.2

AD Image Encryption. Format Version 1.2 AD Image Encryption Format Version 1.2 17 May 2010 Table of Contents Introduction... 3 Overview... 3 Image Formats... 4 Keys... 4 Credentials... 4 Certificates... 4 Image Key encryption... 5 Appendix A

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure) Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

More information

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information

More information

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October 2015. Page 1 of 9

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October 2015. Page 1 of 9 Security CLOUD VIDEO CONFERENCING AND CALLING Whitepaper October 2015 Page 1 of 9 Contents Introduction...3 Security risks when endpoints are placed outside of firewalls...3 StarLeaf removes the risk with

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

Dashlane Security Whitepaper

Dashlane Security Whitepaper Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.

More information

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Analyzing the Security Schemes of Various Cloud Storage Services

Analyzing the Security Schemes of Various Cloud Storage Services Analyzing the Security Schemes of Various Cloud Storage Services ECE 646 Project Presentation Fall 2014 12/09/2014 Team Members Ankita Pandey Gagandeep Singh Bamrah Pros and Cons of Cloud Storage Services

More information

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two

More information

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA

More information

Maginatics Security Architecture

Maginatics Security Architecture Maginatics Security Architecture What is the Maginatics Cloud Storage Platform? Enterprise IT organizations are constantly looking for ways to reduce costs and increase operational efficiency. Although

More information

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery WHITE PAPER HIPPA Compliance and Secure Online Data Backup and Disaster Recovery January 2006 HIPAA Compliance and the IT Portfolio Online Backup Service Introduction October 2004 In 1996, Congress passed

More information

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of

More information

HOW ENCRYPTION WORKS. Introduction to BackupEDGE Data Encryption. Technology Overview. Strong Encryption BackupEDGE

HOW ENCRYPTION WORKS. Introduction to BackupEDGE Data Encryption. Technology Overview. Strong Encryption BackupEDGE HOW ENCRYPTION WORKS Technology Overview Strong Encryption BackupEDGE Introduction to BackupEDGE Data Encryption A major feature of BackupEDGE is the ability to protect archives containing critical client

More information

DRAFT Standard Statement Encryption

DRAFT Standard Statement Encryption DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

Crypho Security Whitepaper

Crypho Security Whitepaper Crypho Security Whitepaper Crypho AS Crypho is an end-to-end encrypted enterprise messenger and file-sharing application. It achieves strong privacy and security using well-known, battle-tested encryption

More information

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

CrashPlan Security SECURITY CONTEXT TECHNOLOGY TECHNICAL SPECIFICATIONS CrashPlan Security CrashPlan is a continuous, multi-destination solution engineered to back up mission-critical data whenever and wherever it is created. Because mobile laptops

More information

White Paper. Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1. Copyright 2014, ezdi, LLC.

White Paper. Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1. Copyright 2014, ezdi, LLC. White Paper ezcac: HIPAA Compliant Cloud Solution Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1 Copyright 2014, ezdi, LLC. TECHNICAL SAFEGUARDS Access Control 164.312 (a) (1)

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing

More information

Secure cloud access system using JAR ABSTRACT:

Secure cloud access system using JAR ABSTRACT: Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that

More information

EMC DATA DOMAIN ENCRYPTION A Detailed Review

EMC DATA DOMAIN ENCRYPTION A Detailed Review White Paper EMC DATA DOMAIN ENCRYPTION A Detailed Review Abstract The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers to

More information

Who Controls Your Information in the Cloud?

Who Controls Your Information in the Cloud? Who Controls Your Information in the Cloud? threat protection compliance archiving & governance secure communication Contents Who Controls Your Information in the Cloud?...3 How Common Are Information

More information

ERserver. iseries. Secure Sockets Layer (SSL)

ERserver. iseries. Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted

More information

SecureAge SecureDs Data Breach Prevention Solution

SecureAge SecureDs Data Breach Prevention Solution SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal

More information

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10. Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate A STEP-BY-STEP GUIDE to test, install and use a thawte Digital Certificate on your MS IIS Web

More information

Securing Ship-to-Shore Data Flow

Securing Ship-to-Shore Data Flow Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their

More information

Backup Exec Private Cloud Services. Planning and Deployment Guide

Backup Exec Private Cloud Services. Planning and Deployment Guide Backup Exec Private Cloud Services Planning and Deployment Guide Chapter 1 Introducing Backup Exec Private Cloud Services This chapter includes the following topics: About Backup Exec Private Cloud Services

More information

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and

More information

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Page 2 of 8 Introduction Patient privacy has become a major topic of concern over the past several years. With the majority

More information

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With

More information

Cloud Services for Backup Exec. Planning and Deployment Guide

Cloud Services for Backup Exec. Planning and Deployment Guide Cloud Services for Backup Exec Planning and Deployment Guide Chapter 1 Introducing Cloud Services for Backup Exec This chapter includes the following topics: About Cloud Services for Backup Exec Security

More information

efolder White Paper: HIPAA Compliance

efolder White Paper: HIPAA Compliance efolder White Paper: HIPAA Compliance October 2014 Copyright 2014, efolder, Inc. Abstract This paper outlines how companies can use certain efolder services to facilitate HIPAA and HITECH compliance within

More information

Online Backup Plus Frequently Asked Questions

Online Backup Plus Frequently Asked Questions Online Backup Plus Frequently Asked Questions 1 INSTALLATION 1.1 Who installs the Redstor Online Backup Plus service? 1.2 How does the installed client connect to Redstor s Cloud Platform? 1.3 On which

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

Security of Cloud Storage: - Deduplication vs. Privacy

Security of Cloud Storage: - Deduplication vs. Privacy Security of Cloud Storage: - Deduplication vs. Privacy Benny Pinkas - Bar Ilan University Shai Halevi, Danny Harnik, Alexandra Shulman-Peleg - IBM Research Haifa 1 Remote storage and security Easy to encrypt

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

Enova X-Wall LX Frequently Asked Questions

Enova X-Wall LX Frequently Asked Questions Enova X-Wall LX Frequently Asked Questions Q: What is X-Wall LX? A: X-Wall LX is the third generation of Enova real-time hard drive cryptographic gateway ASIC (Application Specific Integrated Circuit)

More information

An Encrypted File System

An Encrypted File System EncryptFS: An Encrypted File System By: Jorge Ornelas (joor2992) Ulziibayar Otgonbaatar (ulziibay) Otitochi Mbagwu (otitochi) 1 Abstract EncryptFS is an encrypted file system that stores files on an untrusted

More information

M Y S E C U R E B A C K U P. p r o d u c t o v e r v i e w O N L I N E B U S I N E S S B A C K U P

M Y S E C U R E B A C K U P. p r o d u c t o v e r v i e w O N L I N E B U S I N E S S B A C K U P O N L I N E B U S I N E S S B A C K U P Protect your company s files against loss, theft, viruses, and natural disasters. Share business data securely and privately in the office or across the globe. Sync

More information

eztechdirect Backup Service Features

eztechdirect Backup Service Features eztechdirect Backup Service Features Introduction Portable media is quickly becoming an outdated and expensive method for safeguarding important data, so it is essential to secure critical business assets

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

White Paper: Librestream Security Overview

White Paper: Librestream Security Overview White Paper: Librestream Security Overview TABLE OF CONTENTS 1 SECURITY OVERVIEW... 3 2 USE OF SECURE DATA CENTERS... 3 3 SECURITY MONITORING, INTERNAL TESTING AND ASSESSMENTS... 4 3.1 Penetration Testing

More information

Media Shuttle s Defense-in- Depth Security Strategy

Media Shuttle s Defense-in- Depth Security Strategy Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among

More information

DataTrust Backup Software. Whitepaper Data Security. Version 6.8

DataTrust Backup Software. Whitepaper Data Security. Version 6.8 Version 6.8 Table of Contents 1 Introduction... 3 2 DataTrust Offsite Backup Server Secure, Robust and Reliable... 4 2.1 Secure 128-bit SSL communication... 4 2.2 Backup data are securely encrypted...

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Only 8% of corporate laptop data is actually backed up to corporate servers. Pixius Advantage Outsourcing Managed Services

Only 8% of corporate laptop data is actually backed up to corporate servers. Pixius Advantage Outsourcing Managed Services Pixius Advantage Outsourcing Managed Services Move forward with endpoint protection by understanding its unique requirements. As the number of information workers rises, so does the growth and importance

More information

Is your data safe out there? -A white Paper on Online Security

Is your data safe out there? -A white Paper on Online Security Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

SELF SERVICE RESET PASSWORD MANAGEMENT ARCHITECTURE GUIDE

SELF SERVICE RESET PASSWORD MANAGEMENT ARCHITECTURE GUIDE SELF SERVICE RESET PASSWORD MANAGEMENT ARCHITECTURE GUIDE Copyright 1998-2015 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form

More information

FAQ. Hosted Data Disaster Protection

FAQ. Hosted Data Disaster Protection Hosted Data Disaster Protection Flexiion is based in the UK and delivers Infrastructure as a Service (IaaS) solutions, making the advantages of the Cloud and IaaS more accessible to mid-size, professional

More information

Alliance Key Manager Solution Brief

Alliance Key Manager Solution Brief Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major

More information

Encrypting Business Files in the Cloud

Encrypting Business Files in the Cloud Quick Guide for IT-Security and Data Privacy Encrypting Business Files in the Cloud Requirements for data security in the cloud End to end encryption Secure file transfers Data Security in the Cloud A

More information

Veeam Cloud Connect. Version 8.0. Administrator Guide

Veeam Cloud Connect. Version 8.0. Administrator Guide Veeam Cloud Connect Version 8.0 Administrator Guide April, 2015 2015 Veeam Software. All rights reserved. All trademarks are the property of their respective owners. No part of this publication may be

More information

Service Overview CloudCare Online Backup

Service Overview CloudCare Online Backup Service Overview CloudCare Online Backup CloudCare s Online Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house

More information

Secure Storage. Lost Laptops

Secure Storage. Lost Laptops Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include

More information

Securing Data in the Cloud

Securing Data in the Cloud Securing Data in the Cloud Meeting the Challenges of Data Encryption and Key Management for Business-Critical Applications 1 Contents Protecting Data in the Cloud: Executive Summary.....................................................

More information

PowerChute TM Network Shutdown Security Features & Deployment

PowerChute TM Network Shutdown Security Features & Deployment PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network

More information

TABLE OF CONTENTS. pg. 02 pg. 02 pg. 02 pg. 03 pg. 03 pg. 04 pg. 04 pg. 05 pg. 06-09 pg. 10. Feature-Benefit Summary How It Works. 1 www.keepitsafe.

TABLE OF CONTENTS. pg. 02 pg. 02 pg. 02 pg. 03 pg. 03 pg. 04 pg. 04 pg. 05 pg. 06-09 pg. 10. Feature-Benefit Summary How It Works. 1 www.keepitsafe. TABLE OF CONTENTS Secure Cloud Backup and Recovery Key Features Fast Backup & Restore 24/7 Corruption Detection Data Security Bandwidth Optimization Exchange Backups Long Term Archiving Feature-Benefit

More information

Proposal for Online Backup

Proposal for Online Backup Proposal for Online Backup Prepared for: Prepared by: Prepared on: Custom Proposal Prepared for Account Manager KeepItSafe 6922 Hollywood Blvd Los Angeles, CA 90028 Ph. 888 965 9988 [Prospect Name] [Company

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

Aegis Padlock for business

Aegis Padlock for business Aegis Padlock for business Problem: Securing private information is critical for individuals and mandatory for business. Mobile users need to protect their personal information from identity theft. Businesses

More information

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority

More information

Things You Need to Know About Cloud Backup

Things You Need to Know About Cloud Backup Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Types. Password-based Authentication. Off-Line Password Guessing Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

More information

2007 Microsoft Office System Document Encryption

2007 Microsoft Office System Document Encryption 2007 Microsoft Office System Document Encryption June 2007 Table of Contents Introduction 1 Benefits of Document Encryption 2 Microsoft 2007 Office system Document Encryption Improvements 5 End-User Microsoft

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

1. Secure 128-Bit SSL Communication 2. Backups Are Securely Encrypted 3. We Don t Keep Your Encryption Key VERY IMPORTANT:

1. Secure 128-Bit SSL Communication 2. Backups Are Securely Encrypted 3. We Don t Keep Your Encryption Key VERY IMPORTANT: HOW IT WORKS 1. Secure 128-Bit SSL Communication All communications between Offsite Backup Server and your computer are transported in a 128-bit SSL (Secure Socket Layer) channel. Although all your backup

More information

Universal Backup Device with

Universal Backup Device with Universal Backup Device with Fibre Channel Disk to Disk Backup with Affordable Deduplication and Replication for IBM Power Systems Executive Overview Copyright (c)2015 Electronic Storage Corporation Universal

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

CTERA Agent for Mac OS-X

CTERA Agent for Mac OS-X User Guide CTERA Agent for Mac OS-X June 2014 Version 4.1 Copyright 2009-2014 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without written

More information

Dispatch: A Unique Email Security Solution

Dispatch: A Unique Email Security Solution Dispatch: A Unique Email Security Solution 720 836 1222 sales / support sales@absio.com email www.absio.com web 8740 Lucent Boulevard, Ste 101 Highlands Ranch, CO, 80129 1 110-WP005-1 Organizations use

More information

The Case For Secure Email

The Case For Secure Email The Case For Secure Email By Erik Kangas, PhD, President, Lux Scientiae, Incorporated http://luxsci.com Contents Section 1: Introduction Section 2: How Email Works Section 3: Security Threats to Your Email

More information

BackupAssist v5 vs. v6

BackupAssist v5 vs. v6 COMPARISON www.backupassist.com 2 What s new in BackupAssist version 6? There are three main reasons why you should upgrade to BackupAssist v6: 1. To keep up with the latest best practice backup standards

More information

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications Hushmail Express Password Encryption in Hushmail Brian Smith Hush Communications Introduction...2 Goals...2 Summary...2 Detailed Description...4 Message Composition...4 Message Delivery...4 Message Retrieval...5

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC

More information

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application

More information

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY Varun Gandhi 1 Department of Computer Science and Engineering, Dronacharya College of Engineering, Khentawas,

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements... Hush Encryption Engine White Paper Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...4 Passphrase Requirements...4 Data Requirements...4

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

Privacy + Security + Integrity

Privacy + Security + Integrity Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels

More information

Our Key Security Features Are:

Our Key Security Features Are: September 2014 Version v1.8" Thank you for your interest in PasswordBox. On the following pages, you ll find a technical overview of the comprehensive security measures PasswordBox uses to protect your

More information

EMC BACKUP-AS-A-SERVICE

EMC BACKUP-AS-A-SERVICE Reference Architecture EMC BACKUP-AS-A-SERVICE EMC AVAMAR, EMC DATA PROTECTION ADVISOR, AND EMC HOMEBASE Deliver backup services for cloud and traditional hosted environments Reduce storage space and increase

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

Cloud Storage Backup for Storage as a Service with AT&T

Cloud Storage Backup for Storage as a Service with AT&T WHITE PAPER: CLOUD STORAGE BACKUP FOR STORAGE AS A SERVICE........ WITH..... AT&T........................... Cloud Storage Backup for Storage as a Service with AT&T Who should read this paper Customers,

More information

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

What IT Auditors Need to Know About Secure Shell. SSH Communications Security What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic

More information

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444 Working Together Managing and Securing Enterprise Mobility WHITE PAPER Larry Klimczyk Digital Defence P: 222.333.4444 Contents Executive Summary... 3 Introduction... 4 Security Requirements... 5 Authentication...

More information

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline

More information

SecureCom Mobile s mission is to help people keep their private communication private.

SecureCom Mobile s mission is to help people keep their private communication private. About SecureCom Mobile SecureCom Mobile s mission is to help people keep their private communication private. We believe people have a right to share ideas with each other, confident that only the intended

More information

Pros 4 Technology Online Backup Features

Pros 4 Technology Online Backup Features Pros 4 Technology Online Backup Features Introduction Computers are the default storage medium for most businesses and virtually all home users. Because portable media is quickly becoming an outdated and

More information

BANKING SECURITY and COMPLIANCE

BANKING SECURITY and COMPLIANCE BANKING SECURITY and COMPLIANCE Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions

More information