INVITATION TO CYBERSECURITY 240 transport, and if that thumb drive is lost, stolen, or “borrowed” for a period of time, then the information on it is not secure by default. Anybody who comes in possession of the drive can plug it into a computer and access all of the information on it. The same holds true for a laptop or smartphone. A person with full physical access to a computing device can bypass operating system-based access controls by directly reading the data stored on the device’s hard drive. A better approach for disk storage is to use full disk encryption. Full disk encryption stores data in encrypted form and decrypts and encrypts data transparently as needed. When full disk encryption is used, if an attacker gains physical access to a device, its data is encrypted and is of no value to the attacker. Because it works transparently in the background, the user experience is not affected—encryption and decryption occurs automatically. The data is unlocked with a master key, typically at log-in time. Windows has a built-in disk encryption utility called Bitlocker. Bitlocker can be used to encrypt an entire hard drive and removable media devices. For removable media, if data is transported from one computer to another it requires that Bitlocker be installed on the destination computer. In addition to Bitlocker, there are a variety of other disk encryption utilities— some cost money and others are free. Data at rest can also be encrypted in a one-off fashion with encryption software. OpenSSL is a free command line utility that performs a large variety of cryptographic operations. OpenSSL includes several different encryption algorithms. It comes installed by default on Linux and macOS systems and can be added to Windows devices. It can be used for symmetric key and public key cryptography, for creating hashes and message authentication codes, and for many other purposes. If used properly, OpenSSL can encrypt files that no person or government could ever hope to decrypt—the highest standards of cryptography available. Figure 9.9 shows a file named secret being encrypted as secret. crypt with the Advanced Encryption Standard (AES) cipher and a user-supplied password as the key. In this example, the security of the encryption resides in the password, so as long as it is a strong password, the file will remain safe. Many similar cryptographic tools are also available, both free and paid, with some featuring more user-friendly graphical user interfaces. Figure 9.9 An OpenSSL encryption example using a password.
RkJQdWJsaXNoZXIy MTM4ODY=