File Insecurity & Encryption PDF

Summary

This document discusses file insecurity and encryption methods. It compares digital and manual files, highlighting the benefits and limitations of digital methods. It also explores the concept of password entropy and various cybersecurity strategies.

Full Transcript

File Insecurity &
Encryption

Return to Table
of Contents
https://njctl.org/video/?v=zsPmWzV9dsE
 Digital v Manual Files
Digital and Manual files are similar in that they both store and file
documents and/or information.
The major differences between them are:
1) Format ­ digital files consist of information that is typed while
manual files are handwritten.
2) Storage ­ manual files are always in hard copy form (files or
papers) in different places while digital files are stored in soft
copy in a digital location (computer, hard disk, etc.).
3) Transfer ­ transporting manual files from one place to another
is difficult because they would need to be carried everywhere.
Digital files can be easily transferred through e­mail and
through many other forms electronically. It is also more time
consuming to transfer files manually than through a
computer.
 Digital File Benefits
The major benefits of using digital files are:
1) Time saving in editing, changing, and transferring files
2) Better efficiency in record keeping
3) Easier to set up paper trails when needed for businesses, etc.
4) Use of templates removes repetition in file keeping
5) No more paper and filing costs, as well as saving space, as
less filing cabinets are needed for storage
6) Files can be accessed quickly and at any time
 Limitations of Digital Files
Using digital files does not come without its risks and they do have
limitations.
For example, if the Internet is down, you can no longer share a
document with a colleague as you would by simply handing them a
piece of paper.
New users to technology can be skeptical about the authenticity and
validity of digital documents and therefore defer from using them.
Security breaches are also a concern when it comes to digital files.
 File Insecurity
File Insecurity is the concept that all files have vulnerabilities and
can be lost or missing in the computer.
File security is a feature of your file system that controls who can
access which files and can limit what users can do to various files
in your computer.
 Effects of File Insecurity
Some of the major effects of insecurity in files are losing,
overriding, or corrupting information.
When a file is insecure and can be accessed by anyone,
information in the file can be deleted or changed without the owner
of the file knowing.
Also, a non­authorized user can corrupt the file so that the next
time the owner of the file goes to open it, it can fail to open and
create problems for the computer.
 Securing a File
There are a few steps to take to ensure files are safe and readily
accessible whenever needed:
1) Keep your computer and devices updated
2) Use strong passwords
3) Use anti­virus software
4) Encrypt your hard drive and mobile device
5) Restrict access to others accessing files (non­editing
permissions, etc)
 Five Pillars of Cybersecurity
When practicing and developing means of protecting digital
information, there are five pillars that are fundamental to ensuring
the safety of a cyber space.
Confidentiality assures that information is not disclosed to the
wrong individuals by ensuring that data is properly encrypted.

Integrity describes a cyberspace's ability to ensure that
information is not damaged or modified during the transmission of
it from one host to another.

The availability of services must be maintained for users to have
access to the information and functions that the service provides.

Non­repudiation security principles prove the identities of the
sender and recipient when transferring information from one to the
other.

Authentication practices are implemented when confirming
identities, before allowing access to cyber services.
 Digital Security Strategies
When implementing the five pillars of cybersecurity, there are
both digital and physical strategies that can be used. Over the
course of the next few slides, we'll take a look at various
strategies that enforce the fundamental ways to prevent cyber
attacks.
 Password Entropy
In addition to meeting a list of criteria to ensure the strongest
possible password, a password's strength can also be
characterized by what is known as password entropy.

Password entropy is the concept that measures how unpredictable
a password is based on the type and combination of characters that
are used (i.e. lowercase and capitalized letters, symbols, numbers,
etc.) and the length of the password. Password entropy is
expressed in bits.
For example, a password that is known would have 0 bits of
entropy; one that would require one guess at least half of the time
would have 1 bit of entropy. The entropy of a password can be
calculated by multiplying the number of characters in the password
by log base 2.
 Password Entropy Example
log2(SL)
S = Size of the pool of the unique possible symbols
L = Password Length
If the requirements for creating a password were as follows:
6 characters
Use letters of the same case
 Password Entropy Example
log2(SL)
S = Size of the pool of the unique possible symbols
L = Password Length
If the requirements for creating a password was as follows:
6 characters
Use letters of the same case
Length ­ 6 characters
Possible Symbols (S) ­ 26 possible symbols
 Password Entropy Example
log2(SL)
S = Size of the pool of the unique possible symbols
L = Password Length
If the requirements for creating a password was as follows:
6 characters
Use letters of the same case
Length ­ 6 characters
Possible Symbols (S) ­ 26 possible symbols
Possible Combinations ­ 266 = 308,915,776
 Password Entropy Example
log2(SL)
S = Size of the pool of the unique possible symbols
L = Password Length
If the requirements for creating a password was as follows:
6 characters
Use letters of the same case
Length ­ 6 characters
Possible Symbols (S) ­ 26 possible symbols
Possible Combinations ­ 266 = 308,915,776
Bits of Entropy ­ log2(266) = 28.2
Consider what would happen to the bits of entropy and
subsequently, the password strength, if we were to add more
requirements for creating a password?
 Encryption and Decryption
as Security Measures
Encryption is the process by which a message or a piece of
information is changed to read or display something different to hide
the information's true meaning.
During the encryption process, plaintext (the message written in
plain language) is turned into what's known as ciphertext (an
encrypted text) for the purpose of security.
An encrypted message can contain many types and combinations of
characters that may be similar or completely different than the
original message.
Encryption is used when confidentiality is absolutely necessary in
securing a message. The encoded message will require a key in
order to be decrypted.
 Decryption Explained
When the key is known and the user wants to know the original
message, the encrypted message has to be decrypted.
Decryption takes the encrypted message and converts it back to the
original plaintext.
 Symmetric Key Encryption
All encryption methods need a key in order to be encrypted and
decrypted. When an encryption method is described as a
symmetric key encryption, it means that there is one key to both
encrypt a message and decrypt a message. The same key is used
for both.
 Advantages and Disadvantages
A disadvantage to symmetric key encryption is that since the same
key is used for both encryption and decryption, the key can exist
with multiple parties or companies. Trust issues and key security
can be a challenge in that situation.

An advantage is that if a large amount of data is being encrypted
and is not being decrypted by another company, such as when data
is encrypted in the hard drive of a computer, using a symmetric key
encryption is a fast and efficient way of securely storing data.
 Public Key Encryption
The main difference between symmetric key encryption methods
and public key encryption is that in public key encryption there are
different keys used for encryption and for decryption.

To encrypt a message, a public key is made and is known to
everyone. A private key is only known to the user decrypting the
message and is not accessible by anyone else.
 Public Key Encryption Example
Let's look at an example.
Bob sends the plain text
message "Hello Alice!".
This message is
encrypted into a
nonsensical but secure
ciphertext using Alice's
public key.
Alice's private key is
used to decrypt the
ciphertext and output the
message, "Hello Alice!"
to her device.
 Why is encryption necessary?
Think about a few of these scenarios.
How does an ATM know which bank account to withdraw money
from?
How can military groups communicate on the battlefield without
the enemy knowing what they're saying?
How does a website store and house all of your information?

If any of this information was easily accessible by others, what
would happen?
 Physical Cybersecurity Strategies
There are many ways to ensure a safe cyberspace by using physical
security strategies. Consider the following points:

Understand that any connected devices i.e. cameras, sensors,
doors can be considered entry points for an attacker
Biometric authentication such as facial recognition, finger or eye
scans, can improve authenticity in a system
Ensuring servers and data centers are secure from unwanted
attackers