Protecting Confidentiality and Encrypting Data on a Home Network - dummies

Protecting Confidentiality and Encrypting Data on a Home Network

By Lawrence C. Miller

Protecting the confidentiality of the data stored on your home network — including using encryption to convert data into an unintelligible format — is an important defense when you’re running a home business or working from home. Threats such as viruses, worms, and other malware can not only steal your personal data, but also corporate data or your customers’ personal data, which is a big problem.

In addition to protecting this data from Internet threats, it’s important to keep it safe with user accounts and permissions to avoid someone else on your home network accidentally deleting your work, and to regularly back it all up — just in case!

Protecting and encrypting data

Encryption converts data, such as a document or spreadsheet, into an unintelligible, scrambled format, to protect the confidentiality of the data. Encryption protects data by making it unreadable until it is decrypted, or unscrambled, using the correct cipher and key. A cipher is a mathematical algorithm used to scramble data.

In cryptography, there are known ciphers and, much less commonly, restricted ciphers. A known cipher is preferable because it relies on its mathematical complexity and the strength of the key (essentially a password or digital certificate) to protect data. A restricted cipher relies on the secrecy of the mathematical formula, rather than its complexity, to protect data.

If a hacker or thief is able to determine what encryption algorithm (lock) was used to encrypt your data, it should still be safe if you’re using a strong key (complex password) that you’ve kept secret, rather than a cute, little password (like your dog’s name) that you’ve taped to your keyboard!

The two most commonly used encryption standards today are 3DES (Triple Data Encryption Standard; pronounced triple-des) and AES (Advanced Encryption Standard).

The Encrypting File System (EFS)

The Encrypting File System (EFS) is a Windows program that encrypts individual files and folders on your hard disk. EFS is available in Windows 7 Professional Edition and Ultimate Edition.

BitLocker is a complementary (as in, it goes with EFS — not that it’s free!) program that works with EFS and is used to encrypt the entire hard disk. BitLocker is available in Windows 7 Ultimate and Enterprise Editions only. Windows 7 Ultimate Edition also includes BitLocker To Go, which encrypts removal media, such as USB drives.

EFS is a program that runs after Windows starts. This means that it is potentially vulnerable to programs that exploit weaknesses in the Windows operating system. There are many well-known vulnerabilities and widely available programs built specifically to crack an EFS-encrypted hard drive.

BitLocker runs before Windows starts. It protects your hard disk contents from Windows vulnerabilities by encrypting everything on your hard disk, including Windows.

A few important things to know about EFS include the following:

  • You can’t encrypt certain files or folders, such as system files and anything in the Windows folder.

  • You can’t encrypt any files or folders that aren’t on an NTFS (NT File System) partition. You can check this by right-clicking your hard disk (for example, C:) in Windows Explorer, clicking Properties, and looking at the file system in the Properties dialog box.

    Checking the file system type in the Properties dialog box.
    Checking the file system type in the Properties dialog box.
  • You can’t encrypt a Windows-compressed file or folder. But you can encrypt a file or folder compressed with a third-party program such as WinZip. You can also decompress a file or folder, and then encrypt it.

  • Windows 7 automatically decrypts a file (and will not automatically re-encrypt it) when you send it via e-mail, copy it to a different network location, or save it onto a hard disk partition that is not an NTFS partition.

  • EFS doesn’t prevent someone from accidentally (or maliciously) deleting an encrypted file.

There are many excellent, inexpensive (less expensive than upgrading from Windows 7 Professional Edition to Windows 7 Ultimate Edition), and easy-to-use third-party disk encryption programs available from security vendors such as McAfee.