13.8 File Encryption

Ace your homework & exams now with Quizwiz!

What key length is considered to be minimally strong for encryption algorithms?

80

Trusted Platform Module (TPM)

A Trusted Platform Module (TPM) is a special hardware chip included on the computer motherboard that contains software in firmware that generates and stores cryptographic keys. The TPM chip must be enabled in the BIOS/UEFI. The TPM chip stores the BitLocker key that is used to unlock the disk partitions and stores information about the system to verify the integrity of the system hardware. The TPM ensures system integrity as follows: 1. The TPM examines the startup components present on the unencrypted partition. 2. Based on the hardware and system components, a system identifier is generated and saved in the TPM. 3. At startup, components are examined and a new system identifier is generated. 4. The new identifier is compared to the saved identifier. If the identifiers match, the system is allowed to boot.

Trusted Platform Module (TPM)

A special hardware chip that generates and stores cryptographic keys.

Decryption

An encrypted file can be converted back to its original format by a process known as what?

Data transmission encryption

Data that is sent through a network can potentially be intercepted and read by an attacker. Use some form of encryption to protect data sent through a network.

Why VPN is used?

Data that passes through the unsecured network (over the internet) is encrypted and protected.

After a file has been encrypted, it is stored in what format?

Encrypted

File Encryption

Encryption cannot be used together with compression (you can use either, but not both).

File encryption

Encrypts individual files so that only the user who created the file can open it.

Disk encryption

Encrypts the entire contents of a hard drive.

You can encrypt individual files, but Microsoft recommends encrypting at what level?

Folder

Secure Sockets Layer (SSL) is a protocol that can be added to other protocols to provide security and encryption. What protocol uses SSL to secure Web transactions.

HTTPS (Port 443)

A virtual private network (VPN) uses one of three encryption protocols to establish a secure communication channel between two hosts, or between one site and another site.

IPsec, PPTP, and L2TP

BitLocker partition

Implementing BitLocker requires two NTFS partitions: • The system partition is a 100 MB volume that contains the boot files. This partition is set to active, and is not encrypted by the BitLocker process. • The operating system partition must be large enough for the operating system files. This partition is encrypted by BitLocker. Be aware of the following: • A new Windows installation creates both partitions prior to the installation of the operating system files. • For operating systems already installed on a single partition, you may need to resize the existing partition and create the system partition required by BitLocker.

wireless encryption with 802.1x

Provide authentication for devices trying to connect with other devices on LANs or wireless LANs.

When implementing network services, do not use protocols such as FTP or Telnet that pass logon credentials and data in clear text. Instead, use a secure alternative such as FTP-S ?

SSH (port 22)

What's the status of your data if someone has your public key?

Safe

On what type of computer is BitLocker not commonly used?

Servers

Single-key encryption is also known as what kind of encryption?

Symmetric

What happens if you move unencrypted files into an encrypted folder?

The new files become encrypted

What built-in computer hardware feature makes BitLocker Drive Encryption far more secure than other forms of folder or file-based encryption?

Trusted Platform Module

Public-key cryptography uses how many keys?

Two, Public key, Private key

Encryption is the process of converting data into what kind of format?

Unreadable

wireless encryption

Use WPA, WPA2, or WEP to secure wireless communications, which are highly susceptible to eavesdropping (data interception). WEP, WPA Personal, and WPA2 Personal use a common shared key configured on the wireless access point and on all wireless clients.

Disk Encryption

Whole disk encryption encrypts the entire contents of a hard drive, protecting all files on the disk. • During system startup, a special key is required to unlock the hard disk. Without the key, data on the drive is inaccessible. Providing the key allows the system to decrypt files on the hard drive. • You cannot access the contents of an encrypted drive by moving it to another computer because the encryption keys needed to decrypt the data do not exist on the other computer system. • Most solutions provide for a backup recovery key that can be used to unlock the drive if the original key is lost. If both the encryption key and the recovery key are lost, data cannot be retrieved. • BitLocker is a Microsoft solution that provides whole disk encryption. BitLocker is supported on Ultimate or Enterprise editions of Windows. • You can implement BitLocker with or without a Trusted Platform Module (TPM). o When using BitLocker with a TPM, the key required to use the disk can be stored in the TPM. This means that the computer can boot without a prompt as long as the hard drive is in the original computer. o Without a TPM, the startup key must be stored on a USB drive. On Windows 10, you can also supply a password at system boot to unlock a BitLocker-encrypted drive. o When the startup key is saved in the TPM, you can require an additional PIN or startup key that must be used to start the system. • You can use BitLocker to encrypt removable storage devices (such as USB flash drives).

What is the meaning of EFS?

Windows feature that can encrypt data.- it links directly to specific user- Only the user that encrypted thedata will be able to access the encrypted files or folders.

Non-TPM Security

You have the following options for implementing Bitlocker on systems without a TPM chip: • You can save the BitLocker key on a USB device. The USB device is inserted before starting the computer and provides authentication before the operating system drive is decrypted. The BIOS must support reading USB devices during startup. • Windows 8 and later allows you to configure an unlock password for the operating system drive. To use this feature, enable Configure Use Of Passwords For Operating System Drives policy in the Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives node of Computer Configuration. • Windows supports authentication using a smart card certificate. The smart card certificate is stored on a USB device and is used similarly to the BitLocker key on a USB device.

EFS encryption is what type of feature that can be enabled or disabled at will, similar in effect to read-only, compression, or hidden?

attrib(Attribute)

What happens if you move encrypted files into a non-NTFS folder?

non-encrypted

What is one purpose of using hash function (extra effort) encryption?

o store passwords in a non-readable format

main step needed before using BitLocker

the user needs to enable Trusted Platform Module (TPM) in the BIOS


Related study sets

Business Law Quiz's 9, 10, 11, 12

View Set

Object Oriented Programming with Ruby

View Set

Chapter 8; Designing and evaluating training systems

View Set

Ch 23 Nursing Care of a Family Experience a Complication of Labor or Birth

View Set

Chapter 52 - Sexually Transmitted Infections

View Set