Removable Media Encryption Tools PDF

Summary

This document discusses various removable media encryption tools, including GiliSoft USB Encryption. It explains how they protect portable storage devices by encrypting data.

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Data Security

Removable Media Encryption Tools

A solution for USB security that supports encrypting portable
GiliSoft USB
storage device (external drive) and can divide external drive into idoo USB Encryption
Encryption
Encryption s
https://www.idooencryption.com
two parts after encryption: the secure area and public area

GlliSoft USS Encryption
1'
Irerype het Lamgn......... Kakasoft USB Security
iATy
L USB Enc ey https://www.kakasoft.com
e ——— ) |
& ush
us Toolbox

Rohos Mini Drive
https://www.rohos.com

McAfee File & Removable Media
Protection
https://www.mcafee.com

MFG’s Removable Media Encryption
https://www.manogedencryption.co.uk
hitp//www.gilisoft.com

Copyright © by EC-{ cll.I All Rights Reserved.
Reserved, ReproductionIs Strictly Prohibited
Prohibited

Removable Media Encryption Tools
= GiliSoft USB Encryption
Source: http://www.gilisoft.com

GiliSoft USB Encryption is a solution for USB security that supports the encryption of
portable storage devices (external drives) and can divide an external drive into two parts
after encryption: a secure area and a public area. It converts a regular USB flash drive
into a secured one in less than a minute, and data on the protected area (secure area) is
encrypted by a 256-bit AES on-the-fly encryption.

Module 15 Page 1794 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

R
& USB Encryption
GiliSoft USB — 3
|R
Encrypt
Encrypt Help
Help Language
Language _ Register

ik USB
Pfi USB Encrypt
Encrypt
ey
as
a USB
USB Toolbox

Figure 15.35: Screenshot of GiliSoft USB Encryption
Some additional removable media encryption tools are as follows:

*= jdoo USB Encryption (https://www.idooencryption.com)
idoo
= Kakasoft USB Security (https://www.kakasoft.com)
= Rohos Mini Drive (https://www.rohos.com)

= McAfee File & Removable Media Protection (https://www.mcafee.com)
(https.//www.mcafee.com)
*= MFG’s Removable Media Encryption (https://www.managedencryption.co.uk)

Module 15 Page 1795 Certified Cybersecurity Technician Copyright © by EC-Council
EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

Database Encryption
0O Database encryption is defined as a process of converting a plain text database into a
ciphertext database using encryption techniques

O Its main motive is to make the data in a database unreadable to individuals with potentially
malicious intentions

¥ 2& ~s ©&
> It uses a symmetric >» It encrypts the » Itisan enhanced »> It uses one public key
encryption key to individual columns transparent database to encrypt the data and
encrypt the database, within the database encryption method one private key per
and all backups using a tables using different where the database authorized user to
database encryption encryption keys remains encrypted till it decrypt the data
key is not opened and
accessed

Database Encryption
Database encryption is defined as a process of converting a plain text database into a ciphertext
database using encryption techniques. Its main motive is to make the data in a database
unreadable to individuals with potentially malicious intentions. It also minimizes the intention
of hackers to hack the database as encrypted data cannot be easily deciphered. Several
techniques and methods are used by security professionals to implement encryption in the
database, such as:
* Transparent/External database encryption: This type of database encryption methods
encrypts the entire database, that is, it encrypts the “data at rest.” Transparent or
external database encryption uses a symmetric encryption key to encrypt the database,
and all backups using a database encryption key. A risk with using this method is that
the security professional can encrypt only the data that is stored in the database tables;
the data that is stored in memory or cache is not encrypted. An individual with a
malicious intent may access that data. Access to symmetric encryption key can lead to
an access to the database content.
= Column-level encryption: This method is a form of partial database encryption. It
encrypts the individual columns within the database tables using different encryption
keys. This method is more secure, as it needs a separate decryption method for
decrypting each encrypted column. However, this method minimizes the database index
and search performance. Similarly, partial database encryption can be applied on
individual rows, cells, and table spaces of the database table with a separate encryption
key.

Module 15 Page 1796 Certified Cybersecurity Technician Copyright © by EG-Gouncil
EG-Bouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

= Symmetric database encryption: This method is an enhanced transparent database
encryption method where the database remains encrypted till it is not opened and
accessed. However, in this method, the user requires a copy of the private key to access
the database content. If the security professional uses this method to encrypt the
database, then there is a chance that the private key can be leaked or identified by
unauthorized users.
= Asymmetric database encryption: This method is an improvement over symmetric
database encryption, and uses only one private key to encrypt and decrypt data;
however, this method uses one public key to encrypt the data and one private key per
authorized user to decrypt the data. In case the public key is leaked or accessed by an
unauthorized user, they would not be able to read the content of the encrypted file.

Module 15 Page 1797 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Data Security

Implementation of Transparent Database Encryption in
MS SQL Server

OQO Transparent Database
Database Encryption
Encryption inin MS SQL
SQL Server
Server Transparent Database
Transparent Database Encryption
Encryption Architecture
Architecture
(TDE) encrypts the physical files of a database Windows Operating System Level Data Protection API (DPAPI)

To implement Transparent Database Encryption g DPAPI
DPAPLencrypts tha Service
encrypts the Service Master
Master Key
Key
in SQL Server: saL Server
SQL Server R ’
’ Created
Created at
at time
time ofof SQL
SQL
e (o ervice Master
Service Master Key Server setup
vv Create
Create aa master
master key
key Instance Level ud Server setup
v Create or obtain a certificate protected by the master key Service Master
Service Master Key
Key encrypts
encrypts the
the Database
Database

v Create a database encryption key and protect it using the certificate. =
v§ Master Key for the master database
,o
o

~~ Setthe
Set database toto use
the database use encryption
encryption master
master
e Database Master Key
,
Statement:
Statement:
vp Database Level Database Master Key CREATE MASTER KEY...
Objuc Gplerw.
- 9 % CHEATE PASTER KEY
T
-~ I
ENCAYVPTION
—
Comect
Cormect> B3 9R [ OBY PASLCHD-
St ‘Uswttronglas is dre v Database Master
Database Master KeyKey ofof the
the master
master database
database
U:cl:::(.':;wn
¢S
16 PODWCT (SGL Server 1104201
1104001ACO)
- REC) Nw0 e
v
EJ__
» (3 Dotabases f*Craate or odtain o < Vayt/
@ creates a certificate in the master database Statement:
v (3 Secunty CHEATE CERTLFICATE Mys
P:::'(v.n,-m
o- :L Seron Ctigeens ™
wE:::X"Vu: ‘:"m "': This certificate encrypts the Database Encryption CREATE CERTIFICATE...—
% G Rephcation SUDIECT- "My DIK Cartdf
D @ Replicaion
+® 3O Managemant
rillisar
w0 v Keyin the user database
Key
Managerment
(3 [
(#) (22 Security | [