|
Many different types of encryption storage serve anyone from home users to major corporations. There are online encrypted storage "vaults" for individuals to server farms dedicated to encrypted storage. There are also external drives that attach to your computer via firewire or USB. What you get depends upon what you need and what you need will depend upon your requirements.
There doesn't seem to be any industry standard or a vendor solution that tops them all. So, it's really hard to say which is best. Nonetheless, the number of solutions available on the market is mind boggling.
Media encryption
 | A good practice, especially when you are dealing with laptops or home computers, is to use media encryption (disk encryption). This is usually in the form of a special software program that encrypts the entire hard disk. The only portions that are not encrypted are the boot sector, which is needed to boot the computer. You can also get external hard drives that automatically encrypt everything that is saved or copied to them. Some of these have a special security device called a dongle. The dongle is a physical device that you plug into the port and the cable of the external drive is plugged into the dongle. |
Because laptop theft is so common, it's a good idea for every road warrior to encrypt his drives. This will keep strategic information out of the hands of the competition and the customers. If the laptop is stolen, the thief won't be able to read any of the data or software programs, and his only resort would be to completely reformat the hard drive. No, encryption doesn't do anything to prevent theft but it can keep your data out of the wrong hands.
Home users often have a great deal of sensitive personal financial data stored on their home computers. Because these users are often unaware of the security measures they can take to prevent hackers from gaining access to their home systems, it's a good idea to keep all sensitive information encrypted. This will protect the user against identity theft, as well.
Encrypting software programs are usually the choice over hardware encrypting devices because the hardware devices can be very slow to work. Or, if the hardware device is fast, it's likely to be very expensive.
| One thing to be aware of is that some encrypting software programs store the encryption keys in the encryption software. This isn't safe, because a thief or intruder can conceivably obtain those keys and decrypt all the data. Encryption keys that are derived from a password are also vulnerable. Look for a system that has some type of access control. Some products allow the use of tokens or smartcards for access, too. Whatever the case, be sure to save your key and/or your passphrase is a very, very safe place. |
Encrypting File System (EFS)
And then there's Microsoft. In the Windows 2000 and Windows XP (but not XP Home Edition) operating systems, Microsoft has included a little-explored feature called EFS (Encrypting File System). Of course your systems have to be using one of these versions of Windows to work and it will only work if all the hard drives are NTFS (NT File System) formatted — FAT formatted drives won't work. EFS can be applied on a file-by-file basis, or applied to an entire folder.
EFS works through the use of public and private keys, so if you don't already have a PKI system up and running, you may have to consider it (especially for a large organization.) Each file has a File Encryption Key that is encrypted with the user's public key. There are administrative key recovery capabilities you can use if someone leaves the company without giving anyone his key. The type of encryption available varies, depending on what version of Windows you are using. The latest version (Windows 2003 Server) can use DES or 3DES. If you plan on using this, do read all of Microsoft's Knowledge Base articles on the subject because there are some configurations that won't encrypt properly.
Program-specific encryption
Many different software programs come with the ability to encrypt their own files; the majority of them are Microsoft products. If you have the more recent versions of Outlook, Outlook Express, GroupWise, PKZIP, and Adobe Acrobat you can encrypt the files made with those programs. Unfortunately, the encryption abilities built into these programs aren't necessarily the safest and strongest.
Encrypted backup
Backups can be a real pain, but it's one of those necessary evils of network maintenance. Not all backups need to be encrypted but if your data has a lot of sensitive, proprietary information or contains personal data of individuals, it would be a good thing to encrypt your backup tapes, CDs, or whatever. Imagine going to all the trouble of securing your network only to have someone walk off with a backup tape full of very important stuff.
 | Encrypted backup can be either hardware- or software-based. The hardware solutions are likely to have a special crypto chip on board to make the processing faster. If you have your choice, a public/private key system is much better than a secret key system. The reason being is that you occasionally find disgruntled network administrators (who normally have access to the keys) who copy the secret key, steal data, and sell it to competitors. The whole point is that you don't want to put all your eggs in one basket — secret keys are hard to hide and they can be stolen or copied. |
|
