SlideShare ist ein Scribd-Unternehmen logo
1 von 15
Downloaden Sie, um offline zu lesen
© 2008, Linoma Software. All rights reserved . Protecting Sensitive Data using Encryption and Key Management
© 2008, Linoma Software. All rights reserved . Information Systems Trends ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
© 2008, Linoma Software. All rights reserved . Data Risks Databases can be accessed through a wide variety of tools by both external hackers and rogue employees. Backup media often passes through many hands to reach its off-site storage location. Unless otherwise protected, all data transfers travel openly over the Internet and can be monitored or read by others.
© 2008, Linoma Software. All rights reserved . Statistics    46% of interviewed organizations expect a serious data loss at least once a year. (Source: Symantec Corporation, January 2008)    Data breaches were 69% greater in 2008 than the same period in 2007. (Source: Identity Theft Resource Center)    56% of organizations reported a loss in existing customers from a data breach. (Source: Ponemon Institute, June 2008)    1 out of 3 computer professionals admit to accessing confidential data within their  companies. (Source: MSNBC, June 2008)    Employees, not hackers, cause most data losses (Source: ars technica, October 2008) “ A former Countrywide employee was arrested and charged with illegally accessing the firm’s computers for more than two years. As many as 2 million loan applicants may have had their data stolen, the FBI said.” (Source: LA Times Sept 11, 2008)
© 2008, Linoma Software. All rights reserved . Costs of Data Breaches   “ Data Loss Study” conducted by Ponemon Institute    32,000 lost customer records per breach    Average cost is £120 for each lost record    £4.0 million cost per breach    Costs: Administrative and IT resource costs Notifications to customers Public relations Regaining trust 44 U.S. states have enacted legislation requiring notification of security breaches involving personal information. ( http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm  )
© 2008, Linoma Software. All rights reserved . Data Which Needs a High Level of Protection    Anything that is confidential to the organization, its employees and its customers    Credit card numbers    National Insurance numbers    Birth dates    Payroll information (e.g. wages)    Health-related information    Bank Account numbers    Driver License information    Financial data    Trade Secrets (e.g. product formulas)
 To comply with regulations: HIPAA Sarbanes Oxley Gramm-Leach-Bliley    Data Protection Act    To avoid potential penalties and lawsuits    To comply with PCI Security Standards     To avoid bad public relations    To ensure your continued employment (you don’t want to be the one that “takes the fall”) © 2008, Linoma Software. All rights reserved . Why Should You Protect This Data? “ A senior database administrator at a subsidiary of Fidelity National Information Services took data belonging to as many as 8.5 million consumers. The stolen data included names, addresses, birth dates, bank account and credit card information, the company said.” (Source: ComputerWorld, July 2007)
© 2008, Linoma Software. All rights reserved . PCI 1.1 Data Security Standard    Data Security Standard developed by Payment Card Industry (PCI)    Latest Standard is 1.1 (released in Sept 2006)    View complete text of PCI Data Security Standard at: https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf Excerpt from Standard: 3.4  Render Primary Account Number (PAN), at minimum, unreadable anywhere it is stored (including data on portable digital media, backup media, in logs, and data received from or stored by wireless networks) by using any of the following approaches: •  Strong one-way hash functions (hashed indexes) •  Truncation •  Index tokens and pads (pads must be securely stored) •  Strong cryptography with associated key management processes and procedures. The MINIMUM account information that must be rendered unreadable is the PAN.
© 2008, Linoma Software. All rights reserved . PCI 1.1 Data Security Standard 3.5   Protect encryption keys used for encryption of cardholder data against both disclosure and misuse . 3.5.1  Restrict access to keys to the fewest number of custodians necessary 3.5.2  Store keys securely in the fewest possible locations and forms. 3.6  Fully document and implement all key management processes and procedures for keys used for encryption of cardholder data, including the following: 3.6.1  Generation of strong keys 3.6.2  Secure key distribution 3.6.3  Secure key storage 3.6.4  Periodic changing of keys •  As deemed necessary and recommended by the associated application (for example, re-keying); preferably automatically •  At least annually. 3.6.5  Destruction of old keys 3.6.6  Split knowledge and establishment of dual control of keys (so that it require two or three people, each knowing only their part of the key, to reconstruct the whole key) 3.6.7  Prevention of unauthorized substitution of keys 3.6.8  Replacement of known or suspected compromised keys 3.6.9  Revocation of old or invalid keys 3.6.10  Requirement for key custodians to sign a form stating that they understand and accept their key-custodian responsibilities. 10.0  Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are critical. The presence of logs in all environments  allows thorough tracking and analysis if something does go wrong. Determining the cause of a compromise is  very difficult without system activity logs.
© 2008, Linoma Software. All rights reserved . Encryption Basics    Encryption  is the process transforming understandable text (plaintext) into an unintelligible piece of data (ciphertext).    Encryption  hides the meaning of the message, but not its existence    Converts ordinary information into unreadable gibberish.  Example Before: The quick brown fox jumped over the lazy dog After: „OE Kä°BBY ý ê·Ñ‚C‹Ÿ^{F+rÀJ[1]Ï(¾Y½i›”®t    Cipher  is a pair of algorithms that perform encryption and decryption. Example ciphers are AES and TDES    Key  controls the detailed operations of the Cipher algorithms. The output (cipher text) is therefore manipulated by the Key. A Key is represented by bits (i.e. 101001…).  AES256  uses a 256 bit Key.    Symmetric Key  Cryptology is a form of cryptology in which the sender and receiver share the same key. The key must be kept secret or the security is compromised. Also known as Secret key cryptology.    Asymmetric Key  Cryptology is a form of cryptology that implements Key Pairs, in which the Public key portion of the Key Pair is used to encrypt information and the Private key portion is used to decrypt information. Otherwise known as Public Key Cryptology.
© 2008, Linoma Software. All rights reserved . AES Encryption    AES is the abbreviation for Advanced Encryption Standard    Ideal for protecting  database fields  and  backups    Uses Symmetric Keys    No known attacks    Fast form of Encryption – 6 times faster than Triple DES    Can use a 128, 192 or 256 bit key length Quote from US National Security Agency (NSA) – June 2003 "The design and strength of all key lengths of the AES  Algorithm (i.e., 128, 192 and 256) are sufficient to  protect classified information up to the  SECRET  level.
© 2008, Linoma Software. All rights reserved . Open PGP Encryption    Widely used for protecting data sent over the  internet.    Uses combination of Asymmetric-key and  Symmetric-key cryptology to provide high  level of protection and speed    Encrypt with Public Key -- Decrypt with  Private Key (Secret Key)    Encrypted files can be sent over standard  FTP connections or Email    Provides compression to reduce file sizes TERMS OpenPGP  standard is a non-proprietary and industry-accepted protocol which defines the standard format for encrypted messages, signatures and keys. This standard is managed by the IETF (Internet Engineering Task Force). Key Pair  is a combination of a Private key and its corresponding Public key. Key Pairs are used within Asymmetric Cryptology systems, such as OpenPGP, SSH and SSL. Private Key  is the portion of a Key Pair which is used by the owner to decrypt information and to encode digital signatures. The Private key, typically protected by a password, should be kept secret by the owner and NOT shared with trading partners. Also known as a Secret Key. Public Key  is the portion of the Key Pair which is used to encrypt information bound for its owner and to verify signatures made by its owner. The owner’s Public key should be shared with its trading partners.
© 2008, Linoma Software. All rights reserved . Secure FTP    FTPS  and  SFTP  will protect the entire  FTP  connection    Provides strong encryption with support for popular algorithms  such as  AES    FTPS  (FTP over SSL) - Authenticate using certificates - Support for self-signed certificates and CA certificates - Complies with SSL and TLS standard - Implicit and Explicit connections    SFTP  (FTP over SSH) - Authenticate using a password or an asymmetric key - Complies with SSH 2.0 standard - Popular in UNIX and LINUX systems TERMS Authentication  is a mechanism to positively identify the server, and optionally the client, by requesting credentials such as a password or a digital signature. Certificate  is a digital identification document that allow both servers and clients to authenticate each other. A certificate contains information about a company and the organization that signed the certificate (such as Verisign). SSL  is an abbreviation for Secure Sockets Layer. SSL is a security protocol for encrypting communications between two hosts over a network. SSL utilizes certificates to establish trust between the two hosts. The latest version of SSL is also called TLS (Transport Layer Security). SSH  is an abbreviation for Secure Shell. SSH is both a computer program and an associated network protocol designed for encrypting communications between two untrusted hosts over a network. It utilizes Public keys to provide asymmetric cryptology.
© 2008, Linoma Software. All rights reserved . Data Encryption Solutions Crypto Complete™  automates the encryption of System i database fields and backups with native key management and audit trails. Protegrity™  automates the encryption of Oracle, Informix, SQL Server, Sybase, DB/2 and Teradata database fields with centralized key management and audit trails. GoAnywhere™  automates data movement, encryption, translation and compression from one centralized solution. Runs on  System i ,  Windows ,  Linux ,  Unix ,  Solaris  and  HP-UX. COMPLETE OpenPGP - Secure FTP - Key Management - Audit Trails - Backup Encryption - AES - Key Management - Audit Trails
© 2008, Linoma Software. All rights reserved . Encryption Customers Customers Over 3,000 Installations Worldwide BeautiControl Cosmetics Carolina Biological Supply Centersoft Certegy City of Ketchikan City of Redding Consolidated Telephone Companies CU*Answers Discovery Toys EOG Resources Fairmount Minerals Fidelity Express The Geo Group Inc. Hermann Sons Ingram Industries KOA Kampgrounds of America Korta Payments Landau Uniforms Love’s Travel Stops & Country Stores Mid-Continent Group Muscatine Foods Corporation Northwest Natural Gas Oneida Tribe of Indians of WI Permanent General Agency Rural Community Insurance Services Service Insurance Group SG Private Banking Silverleaf Resorts Slomin’s Sturm, Ruger & Company United Music USA Mobility Wireless ViaTech Publishing Solutions

Weitere ähnliche Inhalte

Was ist angesagt?

CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)Sam Bowne
 
Talk28oct14
Talk28oct14Talk28oct14
Talk28oct14mjos
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionPrecisely
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocolsguestfbf635
 
Pki 201 Key Management
Pki 201 Key ManagementPki 201 Key Management
Pki 201 Key ManagementNCC Group
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
 
Storage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionStorage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionMphasis
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 
Secrity project keyvan
Secrity project   keyvanSecrity project   keyvan
Secrity project keyvanitrraincity
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...MongoDB
 
Securing Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefSecuring Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefMongoDB
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 

Was ist angesagt? (20)

Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy Nolan
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access Management
 
Cyber security
Cyber securityCyber security
Cyber security
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 
Security chapter6
Security chapter6Security chapter6
Security chapter6
 
Talk28oct14
Talk28oct14Talk28oct14
Talk28oct14
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-Motion
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocols
 
Pki 201 Key Management
Pki 201 Key ManagementPki 201 Key Management
Pki 201 Key Management
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
 
Storage on cloud using dynamic encryption
Storage on cloud using dynamic encryptionStorage on cloud using dynamic encryption
Storage on cloud using dynamic encryption
 
Unlock Security Insight from Machine Data
Unlock Security Insight from Machine DataUnlock Security Insight from Machine Data
Unlock Security Insight from Machine Data
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access Management
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
 
Secrity project keyvan
Secrity project   keyvanSecrity project   keyvan
Secrity project keyvan
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
Securing Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and ChefSecuring Data in MongoDB with Gazzang and Chef
Securing Data in MongoDB with Gazzang and Chef
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 

Andere mochten auch

Законодательство о свободе доступа к государственной информации: последствия ...
Законодательство о свободе доступа к государственной информации: последствия ...Законодательство о свободе доступа к государственной информации: последствия ...
Законодательство о свободе доступа к государственной информации: последствия ...Natasha Khramtsovsky
 
В достаточной ли мере развивается законодательная и нормативно-правовая база ...
В достаточной ли мере развивается законодательная и нормативно-правовая база ...В достаточной ли мере развивается законодательная и нормативно-правовая база ...
В достаточной ли мере развивается законодательная и нормативно-правовая база ...Natasha Khramtsovsky
 
О перспективах межведомственного электронного документооборота (МЭДО)
О перспективах межведомственного электронного документооборота  (МЭДО)О перспективах межведомственного электронного документооборота  (МЭДО)
О перспективах межведомственного электронного документооборота (МЭДО)Natasha Khramtsovsky
 
ГОСТ Р 54989-2012 Обеспечение долговременной сохранности электронных документов
ГОСТ Р 54989-2012 Обеспечение долговременной сохранности электронных документовГОСТ Р 54989-2012 Обеспечение долговременной сохранности электронных документов
ГОСТ Р 54989-2012 Обеспечение долговременной сохранности электронных документовNatasha Khramtsovsky
 
Тихая электронная революция в делопроизводстве и архивном деле
Тихая электронная революция в делопроизводстве и архивном делеТихая электронная революция в делопроизводстве и архивном деле
Тихая электронная революция в делопроизводстве и архивном делеNatasha Khramtsovsky
 
Национальные Архивы США: Перечень GRS 20 "Электронные документы"
Национальные Архивы США: Перечень GRS 20 "Электронные документы"Национальные Архивы США: Перечень GRS 20 "Электронные документы"
Национальные Архивы США: Перечень GRS 20 "Электронные документы"Natasha Khramtsovsky
 
Простая электронная подпись — наша тема?
Простая электронная подпись — наша тема?Простая электронная подпись — наша тема?
Простая электронная подпись — наша тема?Natasha Khramtsovsky
 
Лючиана Дюранти - Документы в «облаке»: Экономическая эффективность и защищён...
Лючиана Дюранти - Документы в «облаке»: Экономическая эффективность и защищён...Лючиана Дюранти - Документы в «облаке»: Экономическая эффективность и защищён...
Лючиана Дюранти - Документы в «облаке»: Экономическая эффективность и защищён...Natasha Khramtsovsky
 
[SPRINTER] Elasticsearch starter-guide for Developer
[SPRINTER] Elasticsearch starter-guide for Developer[SPRINTER] Elasticsearch starter-guide for Developer
[SPRINTER] Elasticsearch starter-guide for DeveloperSomkiat Puisungnoen
 
Market and economic outlook report june
Market and economic outlook report juneMarket and economic outlook report june
Market and economic outlook report juneagniV
 
Market and economic outlook august
Market  and economic outlook augustMarket  and economic outlook august
Market and economic outlook augustagniV
 
Внедрение ЭЦП в организации: с чего начинать?
Внедрение ЭЦП в организации:  с чего начинать?Внедрение ЭЦП в организации:  с чего начинать?
Внедрение ЭЦП в организации: с чего начинать?Natasha Khramtsovsky
 
PROEXPOSURE Photos: Football
PROEXPOSURE Photos: FootballPROEXPOSURE Photos: Football
PROEXPOSURE Photos: FootballPROEXPOSURE CIC
 
How Scary Is It
How Scary Is ItHow Scary Is It
How Scary Is Itramlal1974
 

Andere mochten auch (20)

Javier
JavierJavier
Javier
 
Законодательство о свободе доступа к государственной информации: последствия ...
Законодательство о свободе доступа к государственной информации: последствия ...Законодательство о свободе доступа к государственной информации: последствия ...
Законодательство о свободе доступа к государственной информации: последствия ...
 
В достаточной ли мере развивается законодательная и нормативно-правовая база ...
В достаточной ли мере развивается законодательная и нормативно-правовая база ...В достаточной ли мере развивается законодательная и нормативно-правовая база ...
В достаточной ли мере развивается законодательная и нормативно-правовая база ...
 
О перспективах межведомственного электронного документооборота (МЭДО)
О перспективах межведомственного электронного документооборота  (МЭДО)О перспективах межведомственного электронного документооборота  (МЭДО)
О перспективах межведомственного электронного документооборота (МЭДО)
 
ГОСТ Р 54989-2012 Обеспечение долговременной сохранности электронных документов
ГОСТ Р 54989-2012 Обеспечение долговременной сохранности электронных документовГОСТ Р 54989-2012 Обеспечение долговременной сохранности электронных документов
ГОСТ Р 54989-2012 Обеспечение долговременной сохранности электронных документов
 
Workshop sociusonderzoek
Workshop sociusonderzoekWorkshop sociusonderzoek
Workshop sociusonderzoek
 
Тихая электронная революция в делопроизводстве и архивном деле
Тихая электронная революция в делопроизводстве и архивном делеТихая электронная революция в делопроизводстве и архивном деле
Тихая электронная революция в делопроизводстве и архивном деле
 
Национальные Архивы США: Перечень GRS 20 "Электронные документы"
Национальные Архивы США: Перечень GRS 20 "Электронные документы"Национальные Архивы США: Перечень GRS 20 "Электронные документы"
Национальные Архивы США: Перечень GRS 20 "Электронные документы"
 
Ctel2
Ctel2Ctel2
Ctel2
 
Простая электронная подпись — наша тема?
Простая электронная подпись — наша тема?Простая электронная подпись — наша тема?
Простая электронная подпись — наша тема?
 
Hoe zich positioneren in een sterk veranderende arbeidsmarkt?
Hoe zich positioneren in een sterk veranderende arbeidsmarkt?Hoe zich positioneren in een sterk veranderende arbeidsmarkt?
Hoe zich positioneren in een sterk veranderende arbeidsmarkt?
 
Лючиана Дюранти - Документы в «облаке»: Экономическая эффективность и защищён...
Лючиана Дюранти - Документы в «облаке»: Экономическая эффективность и защищён...Лючиана Дюранти - Документы в «облаке»: Экономическая эффективность и защищён...
Лючиана Дюранти - Документы в «облаке»: Экономическая эффективность и защищён...
 
[SPRINTER] Elasticsearch starter-guide for Developer
[SPRINTER] Elasticsearch starter-guide for Developer[SPRINTER] Elasticsearch starter-guide for Developer
[SPRINTER] Elasticsearch starter-guide for Developer
 
Market and economic outlook report june
Market and economic outlook report juneMarket and economic outlook report june
Market and economic outlook report june
 
Creative Europe - samenwerkingsprojecten
Creative Europe - samenwerkingsprojectenCreative Europe - samenwerkingsprojecten
Creative Europe - samenwerkingsprojecten
 
Market and economic outlook august
Market  and economic outlook augustMarket  and economic outlook august
Market and economic outlook august
 
Внедрение ЭЦП в организации: с чего начинать?
Внедрение ЭЦП в организации:  с чего начинать?Внедрение ЭЦП в организации:  с чего начинать?
Внедрение ЭЦП в организации: с чего начинать?
 
Lordi Lana
Lordi LanaLordi Lana
Lordi Lana
 
PROEXPOSURE Photos: Football
PROEXPOSURE Photos: FootballPROEXPOSURE Photos: Football
PROEXPOSURE Photos: Football
 
How Scary Is It
How Scary Is ItHow Scary Is It
How Scary Is It
 

Ähnlich wie Protecting Sensitive Data using Encryption and Key Management

Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Mukesh Chinta
 
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET-  	  Ensuring Security in Cloud Computing Cryptography using CryptographyIRJET-  	  Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using CryptographyIRJET Journal
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security IssuesEditor IJCATR
 
Introduction And Mechanics Of Encryption
Introduction And Mechanics Of EncryptionIntroduction And Mechanics Of Encryption
Introduction And Mechanics Of EncryptionSamantha Reed
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...IOSR Journals
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 
Private Key Infrastructure Advantages And Disadvantages
Private Key Infrastructure Advantages And DisadvantagesPrivate Key Infrastructure Advantages And Disadvantages
Private Key Infrastructure Advantages And DisadvantagesAlison Hall
 
Encryption-Decryption of Email
Encryption-Decryption of EmailEncryption-Decryption of Email
Encryption-Decryption of EmailShashank Singhal
 
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docxalinainglis
 
Advantages Of Elliptic Curve Cryptography
Advantages Of Elliptic Curve CryptographyAdvantages Of Elliptic Curve Cryptography
Advantages Of Elliptic Curve CryptographyLissette Hartman
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
Protecting Data Through Encryption Essay
Protecting Data Through Encryption EssayProtecting Data Through Encryption Essay
Protecting Data Through Encryption EssayDawn Mora
 
The Security Of Data Tightly And Information Security
The Security Of Data Tightly And Information SecurityThe Security Of Data Tightly And Information Security
The Security Of Data Tightly And Information SecurityTina Jordan
 
IRJET- Securing the Transfer of Confidential Data in Fiscal Devices using Blo...
IRJET- Securing the Transfer of Confidential Data in Fiscal Devices using Blo...IRJET- Securing the Transfer of Confidential Data in Fiscal Devices using Blo...
IRJET- Securing the Transfer of Confidential Data in Fiscal Devices using Blo...IRJET Journal
 
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionUlf Mattsson
 

Ähnlich wie Protecting Sensitive Data using Encryption and Key Management (20)

Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
 
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET-  	  Ensuring Security in Cloud Computing Cryptography using CryptographyIRJET-  	  Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security Issues
 
Introduction And Mechanics Of Encryption
Introduction And Mechanics Of EncryptionIntroduction And Mechanics Of Encryption
Introduction And Mechanics Of Encryption
 
L017136269
L017136269L017136269
L017136269
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
 
Data Encryption Essay
Data Encryption EssayData Encryption Essay
Data Encryption Essay
 
Private Key Infrastructure Advantages And Disadvantages
Private Key Infrastructure Advantages And DisadvantagesPrivate Key Infrastructure Advantages And Disadvantages
Private Key Infrastructure Advantages And Disadvantages
 
Encryption-Decryption of Email
Encryption-Decryption of EmailEncryption-Decryption of Email
Encryption-Decryption of Email
 
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx
4202016 NIST SP 800-12, Chapter 19httpfas.orgirpdod.docx
 
security issue
security issuesecurity issue
security issue
 
Network security
Network securityNetwork security
Network security
 
Advantages Of Elliptic Curve Cryptography
Advantages Of Elliptic Curve CryptographyAdvantages Of Elliptic Curve Cryptography
Advantages Of Elliptic Curve Cryptography
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
Protecting Data Through Encryption Essay
Protecting Data Through Encryption EssayProtecting Data Through Encryption Essay
Protecting Data Through Encryption Essay
 
The Security Of Data Tightly And Information Security
The Security Of Data Tightly And Information SecurityThe Security Of Data Tightly And Information Security
The Security Of Data Tightly And Information Security
 
IRJET- Securing the Transfer of Confidential Data in Fiscal Devices using Blo...
IRJET- Securing the Transfer of Confidential Data in Fiscal Devices using Blo...IRJET- Securing the Transfer of Confidential Data in Fiscal Devices using Blo...
IRJET- Securing the Transfer of Confidential Data in Fiscal Devices using Blo...
 
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
 

Kürzlich hochgeladen

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdfPaige Cruz
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideHironori Washizaki
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimizationarrow10202532yuvraj
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 

Kürzlich hochgeladen (20)

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 

Protecting Sensitive Data using Encryption and Key Management

  • 1. © 2008, Linoma Software. All rights reserved . Protecting Sensitive Data using Encryption and Key Management
  • 2.
  • 3. © 2008, Linoma Software. All rights reserved . Data Risks Databases can be accessed through a wide variety of tools by both external hackers and rogue employees. Backup media often passes through many hands to reach its off-site storage location. Unless otherwise protected, all data transfers travel openly over the Internet and can be monitored or read by others.
  • 4. © 2008, Linoma Software. All rights reserved . Statistics  46% of interviewed organizations expect a serious data loss at least once a year. (Source: Symantec Corporation, January 2008)  Data breaches were 69% greater in 2008 than the same period in 2007. (Source: Identity Theft Resource Center)  56% of organizations reported a loss in existing customers from a data breach. (Source: Ponemon Institute, June 2008)  1 out of 3 computer professionals admit to accessing confidential data within their companies. (Source: MSNBC, June 2008)  Employees, not hackers, cause most data losses (Source: ars technica, October 2008) “ A former Countrywide employee was arrested and charged with illegally accessing the firm’s computers for more than two years. As many as 2 million loan applicants may have had their data stolen, the FBI said.” (Source: LA Times Sept 11, 2008)
  • 5. © 2008, Linoma Software. All rights reserved . Costs of Data Breaches  “ Data Loss Study” conducted by Ponemon Institute  32,000 lost customer records per breach  Average cost is £120 for each lost record  £4.0 million cost per breach  Costs: Administrative and IT resource costs Notifications to customers Public relations Regaining trust 44 U.S. states have enacted legislation requiring notification of security breaches involving personal information. ( http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm )
  • 6. © 2008, Linoma Software. All rights reserved . Data Which Needs a High Level of Protection  Anything that is confidential to the organization, its employees and its customers  Credit card numbers  National Insurance numbers  Birth dates  Payroll information (e.g. wages)  Health-related information  Bank Account numbers  Driver License information  Financial data  Trade Secrets (e.g. product formulas)
  • 7.  To comply with regulations: HIPAA Sarbanes Oxley Gramm-Leach-Bliley  Data Protection Act  To avoid potential penalties and lawsuits  To comply with PCI Security Standards  To avoid bad public relations  To ensure your continued employment (you don’t want to be the one that “takes the fall”) © 2008, Linoma Software. All rights reserved . Why Should You Protect This Data? “ A senior database administrator at a subsidiary of Fidelity National Information Services took data belonging to as many as 8.5 million consumers. The stolen data included names, addresses, birth dates, bank account and credit card information, the company said.” (Source: ComputerWorld, July 2007)
  • 8. © 2008, Linoma Software. All rights reserved . PCI 1.1 Data Security Standard  Data Security Standard developed by Payment Card Industry (PCI)  Latest Standard is 1.1 (released in Sept 2006)  View complete text of PCI Data Security Standard at: https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf Excerpt from Standard: 3.4 Render Primary Account Number (PAN), at minimum, unreadable anywhere it is stored (including data on portable digital media, backup media, in logs, and data received from or stored by wireless networks) by using any of the following approaches: • Strong one-way hash functions (hashed indexes) • Truncation • Index tokens and pads (pads must be securely stored) • Strong cryptography with associated key management processes and procedures. The MINIMUM account information that must be rendered unreadable is the PAN.
  • 9. © 2008, Linoma Software. All rights reserved . PCI 1.1 Data Security Standard 3.5 Protect encryption keys used for encryption of cardholder data against both disclosure and misuse . 3.5.1 Restrict access to keys to the fewest number of custodians necessary 3.5.2 Store keys securely in the fewest possible locations and forms. 3.6 Fully document and implement all key management processes and procedures for keys used for encryption of cardholder data, including the following: 3.6.1 Generation of strong keys 3.6.2 Secure key distribution 3.6.3 Secure key storage 3.6.4 Periodic changing of keys • As deemed necessary and recommended by the associated application (for example, re-keying); preferably automatically • At least annually. 3.6.5 Destruction of old keys 3.6.6 Split knowledge and establishment of dual control of keys (so that it require two or three people, each knowing only their part of the key, to reconstruct the whole key) 3.6.7 Prevention of unauthorized substitution of keys 3.6.8 Replacement of known or suspected compromised keys 3.6.9 Revocation of old or invalid keys 3.6.10 Requirement for key custodians to sign a form stating that they understand and accept their key-custodian responsibilities. 10.0 Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are critical. The presence of logs in all environments allows thorough tracking and analysis if something does go wrong. Determining the cause of a compromise is very difficult without system activity logs.
  • 10. © 2008, Linoma Software. All rights reserved . Encryption Basics  Encryption is the process transforming understandable text (plaintext) into an unintelligible piece of data (ciphertext).  Encryption hides the meaning of the message, but not its existence  Converts ordinary information into unreadable gibberish. Example Before: The quick brown fox jumped over the lazy dog After: „OE Kä°BBY ý ê·Ñ‚C‹Ÿ^{F+rÀJ[1]Ï(¾Y½i›”®t  Cipher is a pair of algorithms that perform encryption and decryption. Example ciphers are AES and TDES  Key controls the detailed operations of the Cipher algorithms. The output (cipher text) is therefore manipulated by the Key. A Key is represented by bits (i.e. 101001…). AES256 uses a 256 bit Key.  Symmetric Key Cryptology is a form of cryptology in which the sender and receiver share the same key. The key must be kept secret or the security is compromised. Also known as Secret key cryptology.  Asymmetric Key Cryptology is a form of cryptology that implements Key Pairs, in which the Public key portion of the Key Pair is used to encrypt information and the Private key portion is used to decrypt information. Otherwise known as Public Key Cryptology.
  • 11. © 2008, Linoma Software. All rights reserved . AES Encryption  AES is the abbreviation for Advanced Encryption Standard  Ideal for protecting database fields and backups  Uses Symmetric Keys  No known attacks  Fast form of Encryption – 6 times faster than Triple DES  Can use a 128, 192 or 256 bit key length Quote from US National Security Agency (NSA) – June 2003 "The design and strength of all key lengths of the AES Algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level.
  • 12. © 2008, Linoma Software. All rights reserved . Open PGP Encryption  Widely used for protecting data sent over the internet.  Uses combination of Asymmetric-key and Symmetric-key cryptology to provide high level of protection and speed  Encrypt with Public Key -- Decrypt with Private Key (Secret Key)  Encrypted files can be sent over standard FTP connections or Email  Provides compression to reduce file sizes TERMS OpenPGP standard is a non-proprietary and industry-accepted protocol which defines the standard format for encrypted messages, signatures and keys. This standard is managed by the IETF (Internet Engineering Task Force). Key Pair is a combination of a Private key and its corresponding Public key. Key Pairs are used within Asymmetric Cryptology systems, such as OpenPGP, SSH and SSL. Private Key is the portion of a Key Pair which is used by the owner to decrypt information and to encode digital signatures. The Private key, typically protected by a password, should be kept secret by the owner and NOT shared with trading partners. Also known as a Secret Key. Public Key is the portion of the Key Pair which is used to encrypt information bound for its owner and to verify signatures made by its owner. The owner’s Public key should be shared with its trading partners.
  • 13. © 2008, Linoma Software. All rights reserved . Secure FTP  FTPS and SFTP will protect the entire FTP connection  Provides strong encryption with support for popular algorithms such as AES  FTPS (FTP over SSL) - Authenticate using certificates - Support for self-signed certificates and CA certificates - Complies with SSL and TLS standard - Implicit and Explicit connections  SFTP (FTP over SSH) - Authenticate using a password or an asymmetric key - Complies with SSH 2.0 standard - Popular in UNIX and LINUX systems TERMS Authentication is a mechanism to positively identify the server, and optionally the client, by requesting credentials such as a password or a digital signature. Certificate is a digital identification document that allow both servers and clients to authenticate each other. A certificate contains information about a company and the organization that signed the certificate (such as Verisign). SSL is an abbreviation for Secure Sockets Layer. SSL is a security protocol for encrypting communications between two hosts over a network. SSL utilizes certificates to establish trust between the two hosts. The latest version of SSL is also called TLS (Transport Layer Security). SSH is an abbreviation for Secure Shell. SSH is both a computer program and an associated network protocol designed for encrypting communications between two untrusted hosts over a network. It utilizes Public keys to provide asymmetric cryptology.
  • 14. © 2008, Linoma Software. All rights reserved . Data Encryption Solutions Crypto Complete™ automates the encryption of System i database fields and backups with native key management and audit trails. Protegrity™ automates the encryption of Oracle, Informix, SQL Server, Sybase, DB/2 and Teradata database fields with centralized key management and audit trails. GoAnywhere™ automates data movement, encryption, translation and compression from one centralized solution. Runs on System i , Windows , Linux , Unix , Solaris and HP-UX. COMPLETE OpenPGP - Secure FTP - Key Management - Audit Trails - Backup Encryption - AES - Key Management - Audit Trails
  • 15. © 2008, Linoma Software. All rights reserved . Encryption Customers Customers Over 3,000 Installations Worldwide BeautiControl Cosmetics Carolina Biological Supply Centersoft Certegy City of Ketchikan City of Redding Consolidated Telephone Companies CU*Answers Discovery Toys EOG Resources Fairmount Minerals Fidelity Express The Geo Group Inc. Hermann Sons Ingram Industries KOA Kampgrounds of America Korta Payments Landau Uniforms Love’s Travel Stops & Country Stores Mid-Continent Group Muscatine Foods Corporation Northwest Natural Gas Oneida Tribe of Indians of WI Permanent General Agency Rural Community Insurance Services Service Insurance Group SG Private Banking Silverleaf Resorts Slomin’s Sturm, Ruger & Company United Music USA Mobility Wireless ViaTech Publishing Solutions