Encryption |
 |
|
| Back to home page | ||
What is it?
Why would they require it?
Who needs it?
How does it work?
Encryption is the process of converting readable data into unreadable characters to prevent unauthorised access. Encrypted data is treated the same as any other data - it can be stored or sent just like other data. To view the data, you must decrypt it first. Two main areas of encrypting data are stored data encryption & data transmission encryption. (Both of these work in a similar fashion.)
Sensitive data for people or organisations should be encrypted to (primarily) prevent unauthorised access. Anyone who does not wish their data to be accessed by unauthorised people or groups, such as a traveling salespeople, government departments, or a businesses should encrypt that data (or possibly everything on the concerned computer(s)).
Governments (and their military branches) would definitely want all data encrypted to protect it from other countries and militaries, for example. Businesses would want to keep financial information, trade secrets and such out of competitors hands. travellers (especially salespeople) should encrypt their data, in the case of them losing their laptop(s) (or in case it is stolen).
As mentioned before, there are two main areas of encryption:
|
|
Stored data can be encrypted (whether it is on a hard drive, or on removable media). Stored data can also be encrypted, usually with the help of disk encryption software. Two forms of disk encryption are:
Full disk encryption involves encrypting every bit that is stored on a drive. This has an advantage over filesystem-level encryption as it also encrypts temporary areas such as temporary files and swap space on the drive, which can contain data that you may desire to keep "hidden" (encrypted).
Filesystem-level encryption only encrypts individual files and/or folders. Advantages of this encryption include easier management of encrypted data, and allows you to assign different encryptions keys (e.g. passwords) to different files/folders.
One program that deals with this is PGP Whole Disk Encryption. (The following extracted off the PGP Official Web site)
Proactively secure confidential data on disks and removable media
Mobile computers are quickly emerging as the industry standard for increasing user productivity. However, the portable nature of these devices increases the possibility of loss or theft. Consequent exposure of sensitive data can result in financial loss, legal ramifications, and brand damage.
PGP Whole Disk Encryption provides enterprises with comprehensive, nonstop disk encryption, enabling quick, cost-effective protection for data on PCs, laptops, and removable media. The encrypted data is continuously safeguarded from unauthorized access, providing strong security for intellectual property, customer and partner data, and corporate brand equity.
Easy, automatic operation – Protects data without changing the user experience.Enforced security policies – Automatically enforce data protection with centrally managed policies.Accelerated deployment – Achieves full disk encryption using the existing infrastructure.Reduced operation costs – Result from centrally automating encryption policies.As a PGP Encryption Platform–enabled application, PGP Whole Disk Encryption can be used with PGP Universal Server to manage existing policies, users, keys, and configurations, expediting deployment and policy enforcement. PGP Whole Disk Encryption can also be used in combination with other PGP encryption applications to provide multiple layers of security.
(Further information is available here)
With data transmission encryption, traffic (data that is being sent) that is sent over a network, or the internet, can be encrypted. The two different algorithm types used in encryption are symmetric-key (also known as secret-key, single-key, shared-key, one-key or private-key encryption) encryption and asymmetric-key (more commonly known as public-key) encryption.
With symmetric-key encryption, the same key is used both to encrypt AND decrypt - which makes it faster than asymmetric-key encryption. However, as only one key is used, it is less secure than asymmetric-key encryption - if the key is obtain by an authorised person, data transmissions both ways will be comprised.
Public-key encryption uses two keys, a public key, and a private key - one used to encrypt, the other to decrypt. One of these keys (usually the public-key) is given out to others, so they can encrypt the data they wish to send you. The other (usually the private key) is kept by you, and used to decrypt the data.
The best way to describe the differences between the two in everyday terms is Wikipedia's postal analogy.
Page made by Gregory Hemingway