Hiding in Plain Site

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Just prior to World War II, Germans invented a multi-wheel mechanical cipher, which they named Enigma. It was almost universally considered to be uncrackable. As the war progressed, more “security” was added to Enigma by increasing the number of its rotors. Nonetheless, the Allies were able to break the code through the work of Polish mathematicians who had escaped the German onslaught in 1939. With the Germans believing they had a perfect system and the Allies able to intercept (and inject) messages, the tide of the war was turned. Messages and their transmission continue to impose profound effects on both senders and recipients today.

Perhaps we need to take a closer look at what we do when we receive an e-mail message requesting something seemingly innocuous. Do we question it, or just respond to it outright? E-mail is often not encrypted and is essentially about as private as the writing on the back of a postcard. Strong encryption is a significant crime-prevention tool in stopping online theft, vandalism and snooping. Breaches of computer security cause direct financial losses to organizations worldwide. Fortunately, there are several tools that can be used to authenticate and encrypt data to help keep that information stored safely even when its transported across the public Internet.

Invisible Secrets 4 ($39.95 for a single-user license) was designed to keep sensitive information private. Invisible Secrets4 goes beyond ordinary data and file encryption and also hides that data within sound files, pictures or Web pages. Unknowing eyes will view them as routine, innocuous images and text. Featuring strong file encryption algorithms, Invisible Secrets4 also offers password management for aid in creating secure passwords and for storing them afterwards. This product also can supply your organization with a shredder to destroy files, Internet traces and folders and a locker providing password protection for individual applications. Finally, Invisible Secrets4 allows the creation of self-decrypting packages that can be mailed to friends or clients. Visit www.invisiblesecrets.com for more details.

WinGuard Pro 2004 is considered an all-in-one, Windows-based freeware encryption program. WinGuard Pro 2004 offers password protection of your programs, Web pages and windows. It also enables you to encrypt your personal folders and files. The added features in the Premium edition enable you to lock the desktop, task and boot keys, and to block Internet access and software installations. For additional information regarding these products, visit www.winguardpro.com.

Cyperix, another cryptography and data security company, offers Cryptainer LE. (See Figure 1.) This handy encryption software provides file and disk encryption free of charge. The easy-to-use software establishes a 128-bit “vault,” which will encrypt and store any type of file. Users simply drag and drop files into the vault for encryption. Cryptainer LE also enables you to create secure files for safe e-mailing and ensures only authorized users will have access to confidential or critical data. Interested parties can download a copy from www.cypherix.co.uk.

Figure 1: Cryptainer LE From Cyperix

CompuSec PC Security Suite 4.16sp3 is another freeware product, from CE-Infosys Pte Ltd. The full-version suite–with full hard-disk encryption using AES as the standard algorithm–was designed with the protection of your desktop and notebook data in mind. With this suite installed, your system will not boot up until a user enters his or her user ID. After the user is authenticated, a screen-saver lock must be transcended as well. CompuSec promises fast encryption without reducing performance and provides a file-encryption function your users can apply to FTP or e-mail attachments. Removable media like USB thumb drives and floppy disks can be encrypted to secure data among your other CompuSec-protected PCs. Additional versions are available, with features like e-Identity smart cards and biometric fingerprint scanners for stronger, two-factor authentication of users. Visit www.ce-infosys.com.sg/CeiNews_FreeCompuSec.asp for more information.

Keep in mind the adage that “the best defense is a good offense.” Organizations large and small are encouraged to take advantage of the various protective measures that are available and to use encryption to protect their information assets.

Douglas Schweitzer, A+, Network+, i-Net+, CIW, is an Internet security specialist and the author of “Securing the Network From Malicious Code” and “Incident Response: Computer Forensics Toolkit.” He can be reached at dschweitzer@certmag.com.


Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|