5. What is
encryption?
the process of encoding a message or information
in such a way that only authorized parties can
access it and those who are not authorized
cannot. Encryption does not itself prevent
interference, but denies the intelligible content to
a would-be interceptor
6. History of Encryption
This Photo by Unknown Author is licensed under CC BY-SA
This Photo by Unknown Author is licensed under CC BY-SA
This Photo by Unknown Author is licensed under CC BY-SA
8. Why Encrypt?
Compliance – you are required to
encrypt some or all data due to its
classification
Risk management - information that
you are working with is sensitive and
shouldn’t be publicly disclosed.
Security - encrypting our information
is a Best Practice
9. Written & Updated Policies
Predictive Intelligence
Security Training & Awareness
Passwords Antivirus Backups Patching
Encryption
Good Security Practices
12. Glossary of
Terms
Encrypted at Rest: Data being stored on a server is encrypted. It
may still be possible for the hosting company to access the data.
Encrypted in Transit: Data is encrypted between the user and the
server. The hosting company would have access to the data.
End to End Encryption: Typically communication encryption where
only the participating parties have they key. This term is sometimes
used incorrectly as providers change the meaning of “end”.
Zero Knowledge Encryption: Data is encrypted at all times and not
even the hosting company can access the data. You do not have to
trust that the service would not give out your information since
they do not have access to it. This is especially important in the
event of a subpoena or data breach.
13.
14. What to
encrypt?
• In Transit
• By Service Provider
• By end user
Email
Chat Programs
Full Disk Encryption
Within Applications
15. Email
Encryption
• TLS - Enabling TLS or using a TLS compliant email service
such as Office 365, or Gmail ensures that no one can read
your email as it is in transit between another TLS
compliant provider.
In the example below, we can see that I have received a
message that was protected by TLSv1.2
Received: from mail-lf0-f48.google.com (mail-lf0-
f48.google.com [209.85.215.48]) by
mx1423.ess.rzc.cudaops.com (version=TLSv1.2
cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128
verify=NO); Thu, 03 May 2018 13:20:40 +0000
Received: by mail-lf0-f48.google.com with SMTP id v85-
v6so25907237lfa.13for
<MEshleman@communityit.com>; Thu, 03 May 2018
06:20:41 -0700 (PDT)
17. Email
Encryption
• Service Provider
• Office 365
• Google Mail Encryption
• Barracuda
• Zix
• Virtu
• The easiest type of encryption to implement. It
is email encryption that is performed by the
service provider
18. Email
Encryption
• PGP - This form of encryption is performed on
the sender’s computer which uses a
public/private key pair to encrypt the message.
• Sender encrypts (or locks) the contents of a
message using the Public Key of the intended
recipient and their own Private Key
• Both the sender and receiver to have PGP
configured. Based on “web of trust” model.
20. Disk
Encryption
• Window Pro
• Combine with
InTune or MBAM for
administration
Bitlocker
(Windows)
• Can be centrally
managed with
Casper
FileVault
(Mac)