Data Security: Removable Media Encryption Tools and Database Encryption PDF

Summary

This document discusses data security, focusing on removable media encryption tools like GiliSoft USB Encryption and various database encryption methods. It covers concepts like symmetric and asymmetric encryption techniques. Includes practical implementation details, and different architectural approaches for data protection..

Full Transcript

Certified Cybersecurity Technician Data Security Exam 212-82 Removable Media Encryption Tools A solution for USB security that supports encrypting portable storage device (external drive) and can divide external drive into two parts after encryption: the secure area and public area GiliSoft USB Encryption GlliSoft USS Encryption ' iL idoo USB Encryption https://www.idooencryption.com Irerype USB het Lamgn Kakasoft USB Security......... https://www.kakasoft.com Enc & us Toolbox Rohos Mini Drive https://www.rohos.com McAfee File & Removable Media Protection https://www.mcafee.com MFG’s Removable Media Encryption https://www.manogedencryption.co.uk hitp//www.gilisoft.com Copyright © by EC{ I All Rights Reserved, ReproductionIs Strictly Prohibited Removable Media Encryption Tools = GiliSoft USB Encryption Source: http://www.gilisoft.com GiliSoft USB Encryption is a solution for USB security that supports the encryption of portable storage devices (external drives) and can divide an external drive into two parts after encryption: a secure area and a public area. It converts a regular USB flash drive into a secured one in less than a minute, and data on the protected area (secure area) is encrypted by a 256-bit AES on-the-fly encryption. Module 15 Page 1794 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security & GiliSoft USB Encryption Encrypt Help Language Pfi USB Encrypt a USB Toolbox Figure 15.35: Screenshot of GiliSoft USB Encryption Some additional removable media encryption tools are as follows: = jdoo USB Encryption (https://www.idooencryption.com) = Kakasoft USB Security (https://www.kakasoft.com) = Rohos Mini Drive (https://www.rohos.com) = McAfee File & Removable Media Protection (https.//www.mcafee.com) = MFG’s Removable Media Encryption (https://www.managedencryption.co.uk) Module 15 Page 1795 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Data Security Exam 212-82 Database Encryption 0O Database encryption is defined as a process of converting a plain text database into a ciphertext database using encryption techniques O Its main motive is to make the data in a database unreadable to individuals with potentially malicious intentions ¥ > & It uses a symmetric encryption key to » s It encrypts the » individual columns & Itisan enhanced transparent database encrypt the database, within the database tables using different where the database database encryption key encryption keys remains encrypted till it is not opened and and all backups using a > encryption method It uses one public key to encrypt the data and one private key per authorized user to decrypt the data accessed Database Encryption Database encryption is defined as a process of converting a plain text database into a ciphertext database using encryption techniques. Its main motive is to make the data in a database unreadable to individuals with potentially malicious intentions. It also minimizes the intention of hackers to hack the database as encrypted techniques and by security professionals to implement methods are used data cannot be easily deciphered. encryption Several in the database, such as: * Transparent/External database encryption: This type of database encryption methods encrypts the entire database, that is, it encrypts the “data at rest.” Transparent or external database encryption uses a symmetric encryption key to encrypt the database, and all backups using a database encryption key. A risk with using this method is that the security professional can encrypt only the data that is stored in the database tables; the data that is stored in memory or cache is not encrypted. An individual with a malicious intent may access that data. Access to symmetric encryption key can lead to an access to the database content. = Column-level encryption: This method is a form of partial database encryption. It encrypts the individual columns within the database tables using different encryption keys. This method is more secure, as it needs a separate decryption method for decrypting each encrypted column. However, this method minimizes the database index and search performance. Similarly, partial database encryption can be applied on individual rows, cells, and table spaces of the database table with a separate encryption key. Module 15 Page 1796 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security = Symmetric database encryption: This method is an enhanced transparent database encryption method where the database remains encrypted till it is not opened and accessed. However, in this method, the user requires a copy of the private key to access the database content. If the security professional uses this method to encrypt the database, then there is a chance that the private key can be leaked or identified by unauthorized users. = Asymmetric database encryption: This method is an improvement over symmetric database encryption, and uses only one private key to encrypt and decrypt data; however, this method uses one public key to encrypt the data and one private key per authorized user to decrypt the data. In case the public key is leaked or accessed by an unauthorized user, they would not be able to read the content of the encrypted file. Module 15 Page 1797 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Implementation of Transparent Database Encryption in MS SQL Server QO Transparent Database Encryption in MS SQL Server Transparent Database Encryption Architecture (TDE) encrypts the physical files of a database Windows Operating System Level Data Protection API (DPAPI) To implement Transparent Database Encryption in SQL Server: v Create a master key v g DPAPLencrypts tha Service Master Key saL Server R ervice Master Instance Level ud Create or obtain a certificate protected by the master key. Create a database encryption key and protect it using the certificate ~ Setthe database to use encryption Comect 3 9 [ O -~ I i U:cl:::(.':;wn Server 1104201 - ACO) N - : :::'(v.n,-m E:::X"Vu: ‘:"m "': ® O Managerment by certificate*/ Certificates'; GO [FIALTER DATABASE AdventureWorks2012 it the | SET ENCRYPTION ON; GO Figure 15.37: Transparent database encryption in MS SQL Server Module 15 Page 1799 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.