At a high level, encryption is the process of encoding yourcontent (referred to as plaintext) into ciphertext that cannot be used by people or computers unless and until the ciphertext is decrypted. Decryption requires an encryption key that only authorized users have. Encryption helps ensure that only authorized recipients can decrypt your content, such as email messages and files.

Encryption by itself does not prevent content, such as files or email messages, from getting into the wrong hands. Encryption is part of a larger information protection strategy for your organization. By using encryption, you can help ensure that only those who should be able touse encrypted content are able to.

You can have multiple layers of encryption in place at the same time. For example, you can encrypt email messages and also the communication channels through which your email flows. With Office 365, your content is encrypted at rest and in transit, using severalstrong encryption protocols, and technologies that include Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES).

More:
Encryption in Office 365 - Office 365

WHILE encryption can keep your network traffic safe from hackers and cybercriminals, it can also prevent your security and monitoring tools from seeing inside the packets crossing your network.

Knowing that many organisations pass encrypted traffic into their networks without full inspection, the bad guys use encryption to hide malware and launch attacks, effectively hijacking your network.

To keep defenses strong while limiting the risk of security breaches and data loss, you need to decrypt, examine, and re-encrypt all network traffic.

The burden of decryption

Devices for decryption must be powerful. Encryption algorithms are becoming longer and more complex to withstand hacking.

A test done by NSS Labs several years ago found that moving from 1024- to 2048-bit ciphers caused an average performance drop of 81% on eight leading firewalls . However, SSL decryption does not need to be performed on a firewall.

New strategies are available to offload decryption and send plain text to tools, enabling them to work efficiently and process more traffic. Here are four strategies to make decryption easier, faster, and cost-effective.

Strategy 1: Remove malicious traffic before decrypting

Many IP addresses used in cyberattacks are reused and known in the security community. Dedicated organisations track and verify known cyber threats on a daily basis, maintaining this information in an intelligence database. By comparing incoming and outgoing packets against this database, you can identify malicious traffic and block it from your network.

Because the comparison is made with packet headers in plain text format, this strategy eliminates the need to decrypt the packets. Eliminating traffic associated with known attackers reduces the number of packets to decrypt. And, eliminating traffic that would otherwise generate a security alert helps security teams improve productivity.

The fastest way to deploy this strategy is to install a special-purpose hardware appliance called a threat intelligence gateway in front of a firewall. This appliance is designed for fast, high-volume blocking, including untrusted countries, and is updated continuously by an integrated threat intelligence feed.

Once the gateway is installed, no further manual intervention is required, and no filters need to be created or maintained. Malicious traffic can be either dropped immediately or sent to a sandbox for further analysis.

Depending on your industry and how often you are targeted, you could see up to an 80% reduction in security alerts.

Alternatively, you can configure custom filters on your firewall to block specified IP addresses. Unfortunately, firewall filters must be manually configured and maintained, and there is a limit to how many filters can be created.

The explosion of connected devices and compromised IP addresses outstrips the capabilities of firewalls. Plus, using the processing cycles on an advanced device like a firewall to make simple comparisons is not a cost-efficient way to block traffic.

Strategy 2: Look for advanced decryption capabilities

Once the encrypted packets traveling from or to malicious sources is removed, a decryption device is needed to process the rest. Many security tools, such as next generation firewalls (NGFW) or intrusion prevention systems (IPS), include an SSL decryption feature.

However, a paper issued by NSS Labs warned that some tools may not have the latest ciphers, may miss SSL communications that occur on non-standard ports, may be unable to decrypt at advertised throughput, and may even fast-path some connections without performing decryption at all.

Cryptography relies on advances to stay one step ahead of the bad guys. Security solutions need to support the latest encryption standards, have access to a wide variety of ciphers and algorithms, and have the power to decrypt traffic using the larger 2048- and 4096-bit keys as well as newer Elliptic Curve keys.

As security technology grows in complexity, solutions must be able to process decryption efficiently and cost-effectively without dropping packets, introducing errors, or failing to complete a full inspection.

As the volume of SSL traffic increases, the quality of a decryption solution is more important to achieving total network visibility. In addition, Defense in Depth is a widely regarded best practice, which often involves multiple best-of-breed security devices (such as a separate firewall and IPS).

It is very inefficient for each of these devices to decrypt and re-encrypt traffic separately, which both increases latency and reduces policy effectiveness and end-to-end visibility.

Strategy 3: Choose tools with operational simplicity

Another key feature is the ease with which administrators can create and manage policies related to decryption. This is important in industries that must comply with the mandates of Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), Payment Card Industry Data Security Standard (PCI DSS), Sarbanes- Oxley Act (SOX), and other standards.

The best solutions provide a drag-and-drop interface for creating filters and the ability to selectively forward or mask information based on pattern recognition (such as social security numbers).

They also make it easy to keep a complete record of each SSL cipher used and all exceptions related to dropped sessions, SSL failures, invalid certifications, and sessions not decrypted for policy reasons. These detailed logs are valuable for audits, forensics, and network troubleshooting and capacity planning.

Strategy 4: Plan for cost-effective scalability

As the volume of encrypted traffic increases, decryption will have a greater impact on the performance of your security infrastructure. It pays to plan ahead. While it may seem logical to simply turn on the SSL decryption feature in a firewall or unified threat management (UTM) solution, decryption is a process-intensive function.

As SSL traffic increases and more cycles are required for decryption, performance will begin to suffer, and tools may begin to drop packets.

To increase the flow of traffic through a multifunction device, the only option is to increase overall capacity. Adding capacity is a significant capital expense and some features have an extra cost to ensure the device can handle decryption.

A better option is to use a network visibility solution or network packet broker (NPB) with SSL decryption to offload security tools. Many organisations use NPBs to aggregate traffic from across the network, identify relevant packets, and distribute them at high speed to security tools.

NPBs using hardware acceleration can process traffic at line rate with no packet loss, and can automatically load balance. They also eliminate the requirement for multiple inline devices to each perform independent decryption/re-encryption.

The cost of scaling an NPB is lower than scaling most security appliances, and can provide a quick return on investment.

Conclusion

As more of the Internet shifts toward encrypted traffic, attacks in SSL traffic will become more common. To protect data and networks from hackers and cybercriminals, it is essential to inspect all encrypted network traffic.

An organisation that does not develop a rigorous approach to inspecting encrypted traffic will undermine network security, creating an unacceptable risk of breach and data loss.

Fortunately, new solutions are emerging that improve the efficiency and cost-effectiveness of SSL decryption.

Phil Trainor is head of Security Business at Ixia, Asia Pacific.

Related Stories:Cybersecurity still not a top priority for local enterprisesSophos advises companies to tread carefully with IoTThe smarter way of dealing with cyberattacks

For more technology news and the latest updates, follow usonFacebook,Twitter or LinkedIn.

Read more here:
Four strategies to prevent data encryption from hijacking your network - Digital News Asia

Writing in the Daily Telegraph recently, British Home Secretary Amber Rudd stated that real people do not need such high levels of security as offered by end-to-end encryption (E2EE), going on to add that real people often prefer ease of use and a multitude of features to perfect, unbreakable security. This statement couldnt be further from the truth.

Encryptions benefits are far-reaching and essential in a world where most of our business and personal communications happen digitally. To cite just a few examples, E2EE allows people to communicate safely with one another in nations with oppressive regimes, enables LGBTQ individuals to stay in touch in countries where homosexuality is illegal, provides a way for doctors to share confidential patient information and ensures journalists can protect their sources.

Our online lives also necessitate an enormous and ever-increasing amount of personal data sharing, further driving a need for E2EE. For example, our personal details, credit card and other banking information and medical records are frequently shared online, increasing risk, as unsecure communication can be captured by a whole host of malicious actors such as sniffers on public WiFi networks, malware apps and ISP-level tracking.

In addition, our personal data has become the centre of a new economy, with retailers tracking and storing information on our shopping habits in data repositories, while social media has fuelled us to share our photographs, plans, whereabouts, and feelings on a daily basis. This has driven advertisers to utilise detailed and very personal information to target consumers, with vast resources spent collecting such information, all without transparency, policy, or oversight.

Furthermore, the volume of digital threats is increasing; Google saw a 32 per cent increase in the number of website hacks in 2016. Such breaches have enormous ramifications for both businesses and consumers, with investors losing 42 billion from hacking attacks on UK businesses since 2013.

The combination of these factors has powered demand for E2EE. As weve seen with the surge adblocker downloads, an increasing number of consumers are looking to escape the barrage of adverts and stop their personal communication passing through data mines, causing more and more people to turn to E2EE.

However, the most notable demand for strong encryption has stemmed from businesses, which until recently have lacked a user-friendly E2EE business communications tool. Companies have therefore been forced to rely on tools which lack a rich user experience and functionalities that are vital for business communications. Alternatively, they have had to use non-E2EE solutions such as Slack and Skype for Business that use transport layer security protocol that has been the subject of a number of high profile attacks.

As these breaches demonstrate, not using an E2EE tool leaves businesses chats, files and calls at the risk of being exploited by hackers who can compromise the servers and get hold of these details, as well as open to access by service providers.

At Wire, weve seen three distinctive drivers for E2EE from businesses:

The need to protect customer data (healthcare companies, businesses in the legal and financial sectors, tax advisors and private banking) The need to protect intellectual property amidst fears of growing industrial espionage, in particular with companies from the pharmaceutical, automotive and industrial sectors The need to protect their internal communications (government institutions and M&A departments of large corporations, etc.), and communication with customers, the real people

These drivers have fuelled a change in the communications landscape, and prompted us to launch a dedicated E2EE business platform.

The spate of high profile hacks during the past few years has shown the enormous damage a breach can do to a business customers, reputation and revenue; Oxford Economics found that companies share prices fall by an average of 1.8 per cent on a permanent basis following a severe breach where large amounts of sensitive information is lost. While this percentage may seem low, for FTSE 100 companies this would equate to an average of 120 million.

In addition, E2EE will be a vital tool for companies next year when the newGeneral Data Protection Regulation(GDPR) comes into force in May 2018. This will require companies to enforce greater levels of protection on their customer data, and securing communications channels is a vital part of this process.

Breaching GDPR could lead to fines of up to 20 million euros or 4 per cent of the annual global turnover, whichever is greater, demonstrating the importance of adhering to the regulations.

Digital Minister Matt Hancock also recently announced that firms could face steep fines of up to 17 million, or 4 per cent of global turnover, should they fail to protect themselves from cyber-attacks. In spite of Rudds comments regarding encryption, should businesses opt to communicate through non-secure channels, they could be perceived as not protecting themselves from breaches, and thus potentially at risk from fines.

As these use cases demonstrate, contrary to Rudds statement, real people and businesses not only want the high level of security offered by E2EE, they need it, and are demanding it, and these demands will only increase as technology advances. For example, were likely to soon witness a need for E2EE for the Internet of Things, and for the management of self-driving cars.

Fortunately some governmental institutions recognise the need to embrace E2EE. In June the EU Parliamentary Commission on Civil Liberties, Justice and Home Affairs highlighted the need for safe and secure communication, and recommended a ban on any attempt to weaken E2EE by any member state.

This proposal would forbid the use of so-called backdoors that allow the reading of encrypted messages, and places the EU in conflict with the UK government, with Rudd previously expressing the belief that technology companies should provide authorities with access to encrypted messages.

However, despite insistence by Rudd that such a backdoor would enable the UK to keep its citizens safe from some threats, it exposes them to a wealth of others. Building in a backdoor for the authorities would invalidate the encryption, and leave it wide open to exploitation from anyone.

Against a backdrop of growing digital threats, E2EE has become more important than ever, and its benefits should not be ignored. Instead of looking to remove encryption, governments, businesses and real people should look to utilise it and unlock the vast amount of benefits it can bring. E2EE is an essential building block of the ecosystem that protects consumers and businesses from privacy invasion and threats, and it is time it was recognised as such.

Alan Duric, Co-Founder, CEO, WireImage Credit: Yuri Samoilov / Flickr

See more here:
Amber Rudd is wrong - real people do want end-to-end encryption - ITProPortal

In BriefResearchers have sent the first high-dimensional, quantum-encrypted message through the air above a city. This real world test means high-capacity, free-space quantum communication will one day be practical and secure, enabling a global quantum network.

In a massive step forward, researchers have sent the first quantum-secured message through the air above a city containing more than one bit of information. This proof-of-concept success means that high-capacity, free-space quantum communication will one day be both a practical and secure process between satellites and Earthand a worldwide quantum encryption network will also be feasible.

In their demonstration, researchers used 4D quantum encryption to transmit data over a free-space optical network between two buildings. The buildings on the University of Ottawa campus stand 0.3 kilometers apart. The high-dimensional encryption scheme is described as 4D because it sends more information, as every photon encodes two bits of information. This, in turn, means that each photon carries four possibilities with it: 00, 01, 10, or 11.

High-dimensional quantum encryption is also more secure because it can tolerate more signal-obscuring noise such as noise from failed electronics, turbulent air, malfunctioning detectors, and even interception attempts without rendering the transmission unsecured. This higher noise threshold means that when 2D quantum encryption fails, you can try to implement 4D because it, in principle, is more secure and more noise resistant, Ebrahim Karimi said in a news release.

Current algorithms are unlikely to be secure in the future as computers become more powerful. Therefore, researchers are working to master stronger encryption techniques such as light-harnessing quantum key distribution, which uses the quantum states of light particles to encode and send the decryption keys for encoded data.

Now, the concept of quantum communications like this has been a theoretical concept until recently, because global implementation will demand transmission between Earth and satellites. Scientists have been using horizontal tests through the air over distances because the distortion that signals encounter can mimic what they might go through as they pass through the atmosphere. This successful demonstration proved that successful encryption is possible, despite distortion.

These researchers ported their optical setups from the lab to two different rooftops for the testing and protected them from the elements with wooden boxes. After some trial and error, the team successfully used this intracity link to send secure messages using 4D quantum encryption. The error rate for the messages was 11 percent, well below the 19 percent secure connection threshold. The team also compared 4D and 2D encryption, and they found that they were able to transmit 1.6 times more data per photon after error correction using 4D quantum encryption, in spite of turbulence.

Next, this research team plansto test the technology in a three-link network that spans longer distances, with each link about 5.6 kilometers apart. They will also use adaptive optics technology to compensate for the turbulence. The long-term goal is to link the network to the existing city network, creating a quantum communication network with multiple links but using more than four dimensions while trying to get around the turbulence, graduate student and team member Alicia Sit said in the press release.

See original here:
For the First Time Ever, Quantum Communication is Demonstrated in Real-World City Conditions - Futurism

How do I encrypt files in Windows 10?

Encrypting File System (EFS) is an encryption service found in Windows 10 Pro, Enterprise, and Education. A cousin to BitLocker, which can encrypt entire drives at once, EFS lets you encrypt individual files and folders.

Encryption is tied to the PC user, so if a different user is logged in than the user who encrypted the files, those files will remain inaccessible.

EFS encryption isn't as secure as other encryption methods, like BitLocker, because the key that unlocks the encryption is saved locally. There's also a chance that data can leak into temporary files since the entire drive is not encrypted.

Still, EFS is a quick and easy way to protect individual files and folders on a PC that's shared amongst several users. Encrypting with EFS doesn't take long let's take a look at how it's done.

EFS is only available on Pro, Enterprise, and Education versions of Windows 10. If you're using Windows 10 Home, you're out of luck. You also need to be using a password with your user account, preferably strong and difficult to crack.

Once you've encrypted a file or folder, Windows will automatically remind you that you should create a backup key in case you run into a problem where you can no longer log into your user account that's tied to the encrypted files. This requires some sort of removable media. In our case, we use a USB thumb drive.

Have a file or folder in mind for encryption? Here's how to enable EFS.

Click Properties.

Click the checkbox next to Encrypt contents to secure data.

Click Apply. A window will pop up asking you whether or not you want to only encrypt the selected folder, or the folder, subfolders, and files.

Click OK.

Files that you've encrypted with EFS will have a small padlock icon in the top-right corner of the thumbnail or icon.

After enabling EFS, a small icon will appear in the system tray in the bottom-right corner of your screen. This is your reminder to back up your EFS encryption key.

Click Back up now (recommended).

Click Next.

Type a password in the first Password field.

Click Next.

Click the USB drive.

Type a filename.

Click Next.

Click OK.

That's it. If you ever lose access to your user account, the backup key can be used to access the encrypted files on the PC.

Read more:
How to use EFS encryption to encrypt individual files and folders on Windows 10 - Windows Central