Tag Archive for Encryption

| January 21, 2014
Comments Off on A History of Encryption

A History of Encryption

A History of EncryptionYour personal information is under attack from the Feds, Target, Neiman Marcus, and who knows else. One of the keys to keeping your personal information personal are secure passwords. But what makes a password secure? America Online (AOL), (rb- Yes they are still around) explains the concept of encryption (converting information into code) is not new.

In fact, as you can see below, encryption started with the Spartans in 500 B.C.  Yhey would rearrange the position of letters within a text. Through the years, this process has become more sophisticated, which brings us to Advanced Encryption Standard, or AES, which is what we use today. This standard is based on computing bits, basic units of information. The bits in passwords are what help to keep your data secure. Check out the infographic to see how encryption has evolved from 500 B.C. to the present day and their tips for keeping your passwords safe.

 

A history of encryption Infographic

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| September 17, 2013
Comments Off on Did NSA Subvert IPv6 Security?

Did NSA Subvert IPv6 Security?

Did NSA Subvert IPv6 Security?Cryptographer and Electronic Frontier Foundation (EFF) board member Bruce Schneier has given advice on how to be as secure as possible. “Trust the math,he says. “Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.

subverting the implementations of encryption

All UR emails R mine

Mr. Schneier confirms to Infosecurity that the growing consensus is that Bullrun‘s greatest success is in subverting the implementations of encryption and not in the ability to crack the encryption algorithms themselves. The general belief is that the NSA has persuaded, forced or possibly even tricked companies into building weaknesses or backdoors into their products that can be exploited later.

Infosecurity says the bottom line, however, is that the fabric of the internet can no longer be trusted. Meanwhile, John Gilmore, co-founder of EFF and a proponent of free open source software, has raised a tricky question: has NSA involvement in IPv6 and IPSEC discussions effectively downgraded its security? IPSEC is the technology that would make IP communications secure.

EFF.orgMr. Gilmore told the author that he was involved in trying to make IPSEC “so usable that it would be used by default throughout the internet.” But “NSA employees participated throughout, and occupied leadership roles in the committee and among the editors of the documents.

The result was “so complex that every real cryptographer who tried to analyze it threw up their hands and said, ‘We can’t even begin to evaluate its security unless you simplify it radically‘” – something that never happened EFF’s Gilmore observed.

Mr. Gilmore doesn’t explicitly say that the NSA sabotaged IPSEC, but the fact remains that in December 2011, IPSEC in IPv6 was downgraded from ‘must include’ to a ‘should include.’ He does, however, make very clear his belief in NSA involvement in other security standards.

Discussing cellphone encryption, the EFF co-founder says “NSA employees explicitly lied to standards committees” leading to “encryption designed by a clueless Motorola employee.

To this day, Mr. Gilmore notes that “no mobile telephone standards committee has considered or adopted any end-to-end (phone-to-phone) privacy protocols.  This is because the big companies involved, huge telcos, are all in bed with NSA to make damn sure that working end-to-end encryption never becomes the default on mobile phones.

 rb-

Following the Snowden leaks revealing Bullrun – the NSA program to crack the world’s encryption – the article states that there is an emerging consensus that users can no longer automatically trust any security.

Other articles say that NSA has compromised SSL so the NSA has access to credit cards and your 4G phones. This is another unnecessary attack on US e-commerce business who is going to buy something online when your account numbers are in the hands of US government hackers.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| June 18, 2013
Comments Off on Quantum Encryption for Grid Security

Quantum Encryption for Grid Security

Quantum Encryption for Grid SecurityVulnerabilities in the national grids and the potential for wide-scale outages have raised concerns over the past few years as high-profile companies have gone public with highly advanced hacking attempts. MIT‘s Technology Review reported on GridCOM Technologies, a startup that recently secured seed funding from Ellis Energy Investment which says quantum cryptography can make the electricity grid control systems secure.

Quantum cryptography

Quantum entanglementDr. Duncan Earl the chief technology officer of GridCOM Technologies told TR he plans to use the start-up money to build a prototype quantum encryption system designed specifically for the electricity grid. The company’s hope is to show a working system working next year near its home base in San Diego. Utilities would pay about $50 a month for access to a software service and hardware that encrypt critical communications in an area.

With GridCOM Technologies, Dr. Earl is trying to make critical infrastructure more secure by encrypting data sent to grid control systems. The article explains that traditional encryption techniques can’t work at the low latency speeds—measured in milliseconds–required for SCADA systems, which leaves them vulnerable to attack. CTO Earl is an expert in optical technologies who worked for the Cyberspace Sciences and Information Intelligence Research group at Oak Ridge National Laboratory and helped spin out an optical lighting company in 2006.

Quantum entanglement

twin photonsGridCOM Technology’s system works by generating two photons using a laser and storing them in optical fiber cables. These twin photons each have an opposition polarization—either a wave oscillating up and down or left and right, Dr. Duncan explained to the author, Martin LaMonica. According to quantum mechanics, if one tries to measure these photons, it will change the state of the other and the photons are no longer “entangled.” This phenomenon allows a communications system to detect if a message has been intercepted.

According to the article, the firm’s service would create an encryption key based on the arrangement of the photon pair. A hardware receiver posts that information on the Internet and the company’s hosted software will poll those devices. A subscriber to the service will be able to confirm that communications haven’t been tampered with and encrypt messages, Mr. Duncan says. “You’ve got physics that is ultimately securing the device, not mathematics. Mathematical complexity has been a great tool for encryption but it’s not future proof,” he told TR.

GridCOM’s Duncan says a key advantage of the system, is that it works quickly, a necessity for SCADA systems. “You’ve eliminated the possibility of somebody eavesdropping to hack the key. There’s no data latency and you’ve leveraged a random bit stream … That’s really all the grid needs.

Quantum Encryption

 

Limitations

One of the main limitations is that the cryptography is only point-to-point over a fiber cable and can’t work across switching equipment over the Internet. In GridCOM Technology’s case, the system is limited to 20 kilometers in distance. GridCOM’s CTO envisions that utilities will put a series of hardware receivers in secured buildings to encrypt communications for a whole region. There are already a number of efforts to build commercial quantum encryption systems GigaOm reported on the success that the scientists at Los Alamos have had running a quantum network for over two years and ID Quantique in Switzerland.

TR concludes that quantum encryption offers one promising route to securing the grid, but it shouldn’t be seen as a silver bullet. If it works, it would address one very specific application but securing something as complex as the power grid requires a full suite of options and above all good security practices.

Smart Grid Today provides (PDF) some background. Quantum physics was first described in a 1935 paper that included Albert Einstein as an author. Erwin Schrödinger coined the quantum term “entanglement” and that was the basis for his famous thought experiment of a cat that exists simultaneously in a state of being alive and dead.

CERN to prove quantum entanglement, utterly confounding Einstein’s theory of relativity because now information can be transmitted not at or below the speed of light, but literally instantaneously.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| October 25, 2011
One comment

Copier Security Best Practices

Copier Security Best PracticesMulti-function printers (MFP) can scan, copy, fax, and print. The lowly office copier can now send emails, host web-based administrative pages, and even tell you when the ink is low. While doing all that, MFPs can store image files on onboard hard drives, which can contain sensitive, personally identifiable information (PII). Compliance with standards/laws such as PCI-DSS, HIPAA, Sarbanes Oxley, state privacy laws, etc., may force MFPs to be secured.

MFP printer SecureState suggests some general questions to ask when trying to understand the criticality of these copier systems and to show some due diligence:

• Are these devices accessible on the network? If so, how is “Administrative” access controlled?
• How long are the image files retained on these systems?
• If the copier is compromised, can the attackers capture sensitive data?
• If a hard drive fails, does the replacement process follow the usual standard for securely destroying the disk?
• What are some of the services enabled on these devices? Is there an administrative website, SNMP client, or SMTP server? How about the accounts and passwords of the administrative websites; are they set to default accounts and passwords?

SecureState says If you answered “No” or “I don’t know” to these questions, some of the issues more than likely need to be addressed.

Just like any network appliance, MFPs and other print devices are small computers connected to the network that have memory, storage, processors, an operating system, and full-fledged web servers. These devices can hold sensitive information. Before that old printer is decommissioned, ensure the copier hard drive is securely wiped. If the existing device does not have advanced security options such as disk encryption or immediately overwriting data, the hard drive should be removed and securely wiped or destroyed separately before being decommissioned.

Recommended best practices

Recommended best practices for multi-function printers and copiers with disk drives:

  • Review vendor security configuration guides
  • Develop a standard configuration and check regularly
  • Enable immediate image to overwrite and schedule regular off-hours overwrite (DoD 3 pass)
  • Enable encryption (minimum 128-bit AES)
  • Use encryption and secure protocols such as IPSec, SSL, and SNMPv3 if network-enabled.
  • Regularly review copier vendor security bulletins.
  • Enable authentication and authorization (if possible, use network credentials)
  • Change admin password regularly
  • Enable audit log and review periodically
  • Treat network-enabled devices like any other computer on the network
  • Purchase a device that has an EAL2 Common Criteria certification

If the copier processes restricted data, it MUST have encryption and image overwrite. For devices that process restricted data but do not have the necessary security features:

  • Data destructionIf possible, buy the required security modules and enable the features.
  • If security features cannot be purchased or enabled, replace the copier as soon as appropriate and have the hard drive removed and destroyed.

By Copier Vendor

XeroxXerox—Newer Xerox (XRX) devices have security features that often need to be turned on. For more information, see the Xerox Information Security Guides.

RicohRicoh—Security options for Ricoh’s (7752) have to be purchased separately. For more information, see the Ricoh Common Security Features Guide (PDF).

CanonCanon—Security options for Canon (CAJ) devices must be purchased separately. For more information, see Canon Security Solutions for iR and iP Devices (PDF).

HP – All HP (HPQ) multi-function printers have hard drives.

  • HPThere is a disk-wipe utility for all MFPs.
  • This utility is not installed by default and must be downloaded from HP.COM. It is protected by an admin account and password.
  • The admin can configure the utility to do a printer disk wipe daily.
  • Some non-MFP HP printers may have hard drives. These printers will have an occupied EIO card (with a resident hard drive) in the slot next to the network card. Viewing the printer’s external case, this EIO card should be physically evident.
  • Third-party disk wipe utility cannot be used against HP MFP hard drives without removing the drive from the card, which is likely to damage the card and, possibly, the hard drive.
  • Non-MFPs with hard drives are rare and may be purchased for particular purposes.
  • Non-MFPs with hard drives and network connections can be remotely disk wiped. Non-MFPs with a hard drive but without a network connection need to be handled by HP.
  • The agreements should include a defective media retention provision for leased HP printers that permits the lessor to keep the hard drive before releasing the printer.
  • The WebJetAdmin tool, downloadable from HP.COM, can scan a network subnet and identify HP printers (and non-HP printers if the tool has an MIB for the non-HP printer).
rb-

Richard Nixon

All they focused on was the costs; they did not ask any of the due diligence questions pointed out in this post. They had no plans on wiping the HDDs on the 12 networked copy/scan/print Ricohs. It is pretty clear that all the info on the HDDs was bound for South America or else on the secondary market, as I wrote about here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| January 10, 2009
Comments Off on Ransomware Gets Tougher

Ransomware Gets Tougher

Ransomware Gets TougherAnti-malware vendor Trend Micro has noted an increase in ransomware. According to Wikipedia ransomware is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration.

This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim. If the victim opens/executes the attachment, the program encrypts a number of files on the victim’s computer. A ransom note is then left for the victim. The victim will be unable to open the encrypted files without the correct decryption key.

Once the ransom demanded in the ransom note is paid, the attacker may (or may not) send the decryption key, enabling decryption of the “kidnapped” files.

Recently, Trend Micro Advanced Threats Researcher Ivan Macalintal reported that a new version of the GPcode ransomware has surfaced, It is said that Gpcode[dot]ag utilizes a 660-bit RSA public modulus. Attackers appear to be upping the ante, in early June 2008, another Gpcode variant, Gpcode [dor]ak, has been detected and researchers believe it utilizes an RSA encryption algorithm with a 1024-bit public key. “We estimate it would take around 15 million modern computers, running for about a year, to crack such a key,” writes Aleks Gostev, senior virus analyst at Kaspersky, on the company’s blog.

The rise of ransomware makes regular successful data backups even more important. With current backups, you can delete the files in question, restore them from your backup and let someone else pay the attacker.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries   Recent Entries »