Encryption
Encryption
Encryption is the transformation of data into a form unreadable by anyone without a secret decryption key. Its purpose is to ensure confidentiality and privacy by keeping the information hidden from anyone for whom it is not intended. For example, one may wish to encrypt files on a hard drive to prevent an intruder from reading them. When an entire hard drive is encrypted, all the data on the drive is protected from unauthorized access if the computer is lost or stolen. Encryption can also be used to protect sensitive files that are sent through email or sensitive communications sent over the network. For more information, please refer to the pages linked below:
Strong encryption is the term we use to describe the minimum strength of encryption appropriate for use with confidential data know as Level 1 data. Strong encryption is 256-bit encryption and complies with ICSUAM Policy Information Security Asset Management Section 8065 with a strong passphrase (password).
No single encryption tool works for every situation. We've outlined below the major types of encryption, with some examples of tools that can be used with each type, but there is one important thing to remember about any encryption process: it is either extremely difficult or completely impossible to decrypt encrypted data if the passphrase is lost.
If you have any questions or concerns about encryption, please talk with your Information Security Office before proceeding.
Note on Server SSL Certificates
SSL certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, the certificate activates the padlock icon and the https:// protocol you see on banking, e-commerce and other secure sites and allows secure connections from the web server to your browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and is becoming widely used on social media sites. The Information Security Office offers SSL certificates through InCommon. Please create a ticket via https://techsupport.csun.edu.
Types of Encryption
Bluetooth itself as a technology isn't secure, it's not only about the implementation, there are some serious flaws in the design itself. Bluetooth isn't a short range communication method - just because you're a bit far doesn't mean you're safe. Class I Bluetooth devices have a range up to 100 meters. Bluetooth isn't a mature communicate method (security-wise). With smart phones, it has turned into something totally different from what it was meant to be. It was created as a way to connect phones to peripherals. Please don't use Bluetooth for accessing Level 1 data.
If you do need to use Bluetooth devices please do the following
- Enable Bluetooth functionality only when necessary.
- Enable Bluetooth discovery only when necessary.
- Pair devices using a secure long passkey.
- Keep paired devices close together and monitor what's happening on the devices.
- Never enter passkeys or PINs when unexpectedly prompted to do so.
- Regularly update and patch Bluetooth-enabled devices.
- Remove paired devices immediately after use.
Here is the Windows documentation.
Here is the Macintosh documentation
Disk encryption safely protects all the data stored on a hard drive. When the entire hard disk is encrypted, everything on that disk is protected if the computer is lost or stolen. CSUN recommends the following drive encryption programs for non-portable storage devices. Select the appropriate link for more information on how to use each program:
- Windows BitLocker works with Windows 7/8/10 and Server
- FileVault works with Mac OS X
E-mails may be encrypted and/or authenticated to prevent the contents from being read by unintended recipients. Please ask your local tech if you believe you need to encrypt e-mail messages.
The following encryption methods are available for protecting files and folders stored on portable storage devices such as, USB sticks, external hard drives and other mobile devices. Select the appropriate link below for more information on how to use each program:
- 7-Zip is an open-source, free utility that provides AES 256-bit encryption for files and folders under Windows 10/8/7 and Windows Server 2012/2008
- Disk Utility encryption is built into Macintosh OS X
- Bit Locker to Go is available for Windows Users.
- Symantec Endpoint Encryption (formally known as PGP) is a commercial product that has strong encryption and has tools for sharing encrypted files across teams.
There are storage devices that use hardware based encryption.
- Kingston DataTraveler is one that we recommend. DataTraveler has the necessary level of encryption, works with both Windows and Macs and is affordable. Available at the Campus Bookstore.
- IronKey is the best encrypted storage devices on the market. IronKey is encrypted all of the time and works with both Windows and Macs.
For more information: Encrypted Removable Media (PDF).
File encryption is designed to protect stored (at rest) files or folders.
Additional information is available by clicking on each product name.
Caution: Data in encrypted files are not retrievable if the encryption key is lost.
Following are examples of file encryption software to use when encrypting your data:
- 7-Zip is an open-source, free utility that provides AES 256-bit encryption for files and folders under Windows 10/8/7 and Windows Server 2012/2008
- PGP is a product that is a recommended commercial product that can be for department level sharing of Level 1 data.
- Disk Utility encryption software is built into MAC OS X
The following productivity tools let you password-protect and/or encrypt individual files:
- Microsoft Office 2010/2013/2016 - Password protection, encryption, and access permissions for documents, workbooks, and presentations
- Microsoft Office Mac 2011 - Password protection only (no encryption) for Word documents
- Microsoft Office Mac 2016 - Password protection only (no encryption) for Word documents
- Adobe Acrobat 10 and Later - Password protection and encryption for PDF files
It is possible to encrypt entire networks, which may be desirable in certain situations. If you think this may be relevant to you, please contact your local tech for assistance.