|
Langa Letter: Easy Encryption |
|
|
Fred Langa looks at the universe of products that help you protect sensitive files and data from prying eyes and hackers.
A recent change in federal privacy laws is causing huge numbers of IT
departments to examine the steps they take to keep data secure. Although the
specific law affects organizations that store or process medical
records--hospitals, insurance companies, human-resource departments, and so
on--the change actually touches on an even larger issue, that of keeping
any kind of private information truly private, as this reader letter
suggests: [more...]
June 02, 2003
By Fred Langa
Fred, I do medical research and am being asked for recommendations
about keeping medical data secure. As you probably know, a new set of
regulations took effect on April 16 pertaining to privacy of medical records.
These are the so-called "HIPAA standards http://www.hhs.gov/ocr/hipaa/ " I'm
glad that the new regulations are inspiring people to pay closer attention to
this topic and would like to respond to their questions. Very frequently,
researchers use portable media (notebook computers, mainly, but also Zip disks
and PDA's) to transport their data, and most statistical-analysis software
doesn't claim to offer even a modicum of security. So I'm asking for advice.
Specifically, what measures do you and your readers recommend to secure
sensitive data that resides on a notebook computer? There are several software
products that encrypt individual files and create encrypted virtual drives.
Which of these products do you recommend, if any? --Paul Falzer
Any form of encryption--file-, folder-, partition-, or disk-level--can
substantially improve your data security by helping to ensure that only you (or
those you authorize) can access the protected data. But picking both the right
type of encryption, and then picking the right tool, takes a little digging: As
with most things technoid, there's no absolute right or wrong answer. What's
right for one circumstance may not be optimal in another. File Versus Disk Encryption
For example, I personally prefer file- or folder-level
encryption tools to whole-disk solutions. Although I have a number of sensitive
business records on my system that need high-level protection, most of what's on
my hard drive isn't worth worrying about. For me, a tool that encrypts
everything on a hard drive would simply waste time and CPU cycles in processing
these nonprivate files. I prefer to pick and choose exactly what gets encrypted
and when.
I also prefer file- or folder-level encryption because, unlike whole-disk
methods, a single failure in the encryption system cannot take out the entire
PC. For example, a whole-disk encryption tool may encrypt system files, and also
may require that special low-level drivers be loaded at boot time. (This is
especially the case with "virtual disk" systems that create an encrypted file
that must be mounted, like a disk drive, for use.) A problem with either of
these kinds of whole-disk encryption systems might render all your files
inaccessible. In contrast, file- or folder-level encryption can be constrained
only to data that really needs protection, leaving boot- and system-level files
untouched. This way, a problem in the encryption system will at least leave your
PC able to boot and run, so you can perform whatever backup, restoration, or
repair is needed to recover the damaged files.
Another drawback to disk-level protection is that it usually operates in an
"all or nothing" mode: Once you've unlocked the encrypted disk, all files on the
disk are open and available for use. This means that anyone with access to the
PC, either physically or electronically, also may have access to everything on
the disk, just as if it were never encrypted.
In contrast, more granular encryption, such as at the file level, prevents
this problem because opening any one encrypted file leaves the others untouched:
Anyone with physical or electronic access to a PC can access only files that
have been unlocked, leaving the others secure.
File-level encryption also makes it easy to move, E-mail, or copy the data
without compromising its security: The encrypted file remains encrypted until
the decryption tool is explicitly invoked. Disk-level tools (and some
folder-level tools), especially those that try to be ultra user-friendly and
"transparent" to use, may automatically decrypt files when moved, copied, or
emailed. I much prefer a form of encryption that requires a deliberate action
before the data is decrypted.
The tool I use most is File2File, a free Windows utility by Cryptomathic. Like many current
encryption tools, it uses AES, the "Advanced Encryption
Standard" with a 128-bit key. Assuming you use a good passphrase--no less than
seven characters long, containing at least one number and one symbol character
(e.g., punctuation), not containing your name or user name or any simple
variation thereof, and not a common word or name (nothing found in a
dictionary)--128-bit AES provides reasonable security for most routine needs.
(For more information on generating secure passwords. see the resources at Passphrase FAQs or see the
section called "Passwords And Availability" on page two of XP
Professional's "Remote Control".) Cryptomathic also offers many other
security tools, including more advanced E-security suites and toolboxes.
But those are my preferences--yours may be different, and you may need more
or less security. Let's take a look at some specific options, up to
"military-strength" ciphers:
| |
|
Article continues...
Information Week |
 | |
|
|
|
 |
| "Langa Letter: Easy Encryption" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 5
Votes: 1
|
|
|
