Presentation on theme: "Introduction to Computer Security USC School of Medicine Office of Information Technology."— Presentation transcript:
Introduction to Computer Security USC School of Medicine Office of Information Technology
Overview AxCrypt What is AxCrypt? HIPAA info AxCrypt Installation Encrypting a File What is a Key File Making a Key File How to Decrypt a File Shred and Delete Additional AxCrypt Options Additional AxCrypt Resources KeePass What is KeePass Starting the Program Creating a new database Adding a New Entry Using the Password Using the User Name Searching for Passwords Creating Random Passwords Selecting Password Options Opening Your Database Summary TrueCrypt What is TrueCrypt? Copying Files to and from a TrueCrypt Volume Saving Data TrueCrypt Installation Creating a TrueCrypt Volume Mounting a TrueCrypt Volume Dismounting a TrueCrypt Volume
What is AxCrypt? AxCrypt is a free, and easy to use, open source strong file encryption tool. Can be used on Windows 95/98/ME/NT/2K/XP/Vista, integrated with Windows Explorer. With AxCrypt we can encrypt, compress, decrypt, wipe, view and edit with a few mouse clicks. AxCrypt uses AES encryption. Axantum Software AB is a Microsoft Certified Partner.
Is AxCrypt HIPAA compliant encryption? Only organizations and procedures can be HIPAA compliant. Technical Safeguards are governed by the HIPAA Security Standards, 45 CFR 160, 162 and 164. No recommendations or requirements concerning specific encryption technologies are made. Every organization must evaluate it's position and risks, and then implement specifications commensurate with that level.
How to Install Download software: http://axcrypt.sourceforge.nethttp://axcrypt.sourceforge.net During installation process, verify the Certificate Publisher is: Axantum Software.
How to Install Select the language that fits your needs. Approve the license agreement
How to Install Select Install Location Start Menu Folder
Encrypting a file Once Axcrypt is installed, you can start using it immediately. 1. Using Windows Explorer, select a file (multiple) and right click on them. 2. Expand the AxCrypt menu and left click on Encrypt 3. Enter a passphrase or password. You will be required to enter it two times.
What is a Key File? A key file is any file, where the content is used as an additional part of the passphrase provided.
Key File Background The created passphrase in the key file will be different each time you go through with the procedure. You can never do one again if you lose it. The passphrase is extremely difficult to crack Using the key file passphrase makes encrypting your file even more secure than using the initial password. Example: Y9Iv vDw7 jR7b KIqP CB0W Tm0y H933 4lGg XVJj vBBW mfI=
Suggested Key File Media Make at least one copy of your key file as a backup A good idea is to print out a copy of the contents of your key file passphrase Depending on the likelihood of the media to become corrupted, you may want to make multiple backups (i.e. if you are using a floppy disk which could easily become broken or a CD that could become scratched).
Making a Key File Using Windows Explorer, right-click on any file and then mouse over AxCrypt and select Make Key File. You will get the following message pop-up. 1. Print a hardcopy of your key-file phrase. 2. Store Key-File on removable media (jump drive, ½ floppy, or CD-R/RW drive.
How to Decrypt the file Using Windows Explorer, select an encrypted file, right click, move your cursor over AxCrypt and then left click Decrypt.
How to Decrypt the file Here is what you will see after selecting Decrypt. If you used a key file. Insert your key file floppy, CD, or jumpdrive prior to decrypting the file. Then left click on the Key File button to browse to your Key File location.
Shred and Delete Feature Documents that you delete can be very easily recovered by any number of ways. With AxCrypt you can elect to delete files and documents in a more permanent way. 1.Select the files you want to shred and select Shred option on the right click menu. 2.You will be asked to confirm, since the operation cannot be undone. 3.Click OK and your data will be overwritten with random data before being permanently deleted.
Additional AxCrypt Options 1.Encrypt a Copy: This option keeps the original file unencrypted and will create a second copy that is encrypted. 2.Encrypt a Copy to.exe: Allows you to encrypt and send a document to another as an executable without them needing to install the full AxCrypt program on their pc. (Not recommended) 3.Using AxDecrypt Viewer (on web): Can view a.axx doc without having AxCrypt program. 4.Clear Passphrase Memory: If you used the option to Remember this for Decryption, subsequently selecting the Clear Passphrase Memory would remove that password from the memory of the PC. Thus requiring you to enter it for future access to the file.
AxCrypt Summary Remember that when using encryption and key files that you keep a copy of the credentials in a safe spot. (i.e. sealed envelope in department safe and that others in the department know the secure offsite location where the passphrase is stored). Be considerate of encrypting documents that you commonly share with other co-workers. Using a Key File is not required! Using a Key File is not required! Using a Key File is not required! When using key files, a password/passphrase still needs to be used
AxCrypt Summary Passwords/passphrases used for encryption should not in any way resemble passwords used to login to your PC When encrypting files and sending them to another person: you must relay the password/passphrase in a secure manner. Sending the other user an encrypted document via e-mail and then e-mailing the passphrase is NOT a secure method. Some examples of secure methods/procedures for sending passphrase : 1.E-mail encrypted document, fax the passphrase 2. E-mail encrypted document, call person on phone and relay passphrase 3.Send the encrypted files on a cd in the mail, e-mail the passphrase to the person 4. E-mail encrypted document, text message on cell phone the passphrase
Introduction The KeePass program stores your passwords in a secure database. This database consists of only one file so it can be transferred from one computer to another easily. This database is locked with a master password. This means that all your other passwords are accessible only by entering the master password correctly. If you lose this master password, all your other passwords in the database are lost also. The database is encrypted based on mathematics and there isnt any backdoor or a key which can open all databases. http://keepass.info/download.html
Starting the Program Double click the KeePass icon on your desktop to start the program This is the first screen visible to the user on startup of KeePass.
Creating a new database: Select: File > New Database Next you are prompted to select a master key
Creating a new database contd Once entered, you will then be asked to retype the password. If the password has been entered correctly a new empty database is created.
Creating a new database contd As soon as you have created the master key and entered the database, you should save it to the computers hard drive: Press: on the Main Screen. The program will ask you where you desire to have the database file stored. Choose a location. Example: My Documents or Desktop
Creating a new database entry Click: Internet option To create the password record Select: Edit > Add Entry.
Adding a New Entry User Scenario I would like for the KeePass program to help me remember my Hotmail user name and password The Title can be set to anything desired, normally a symbolic representation of the meaning of the password. Ex: Hotmail The Username is whatever username the password is associated with. Ex: firstname.lastname@example.org The URL in this case is the Internet address. Ex: www.hotmail.comwww.hotmail.com The Password is automatically generated. This can be changed either by typing a new password manually; Ex: one4allandall4one The Quality refers to the length of the password. The longer the password, the greater the security. The Notes text box can be used for a verbose description of the use of the password. The Notes text box can be used for a general description of your password. Ex: getting into my Hotmail account
Using the Username To use the user name click on the username entry you wish to use Select: Edit > Copy User Name to Clipboard For extra security the username only remains on the clipboard for ten seconds. In this time the username must be pasted where it is required. In general this can either be done by holding Ctrl and pressing V on the keyboard, or by right-clicking on the username field and selecting the paste option. So, you can copy the username from the KeePass program, open the window where it is needed (example: www.hotmail.com) and paste it into the username box.
Using the Password To use the password click on the password entry you wish to use Select: Edit > Copy Password to Clipboard For extra security the password only remains on the clipboard for ten seconds. In this time the password must be pasted where it is required. In general this can either be done by holding Ctrl and pressing V on the keyboard, or by right-clicking on the password field and selecting the paste option. So, you can copy the password from the KeePass program, open the window where it is needed (example: www.hotmail.com) and paste it into the password box.
Searching for Passwords Often a password is needed but the location of it may not be known. To find a password in the database, the Find function can be used. Select: Edit > Find in Database Next, the Find Screen is shown. Different parts of the passwords record can be selected for use in the search. The search string (word to be searched for) is typed in the text box. The results of the search are then displayed.
Creating Random Passwords I am tired of creating new passwords all the time. If this program remembers all my passwords, then I would like it to create them for me automatically. KeePass uses a number of algorithms and random data collection to generate passwords. This section deals with how to create them. This is a good method of creating a password that is not easily cracked. This option can be selected when creating the database, creating a new entry in the database, as shown below. and at any time from the main screen:
Selecting Password Options contd There are different check boxes that can be marked to include character types wanted in the password. The greater the range of characters, the greater the security of the password. However some systems may not allow certain characters in passwords. The next option allows you to set a range of characters that the password can be generated from. Checking the box labeled Collect entropy will collect random events to use in the password generation. This happens when you press button. Press:
Opening Your Database Now you have created your database, input different passwords into it, and saved it. At anytime you can run the program by launching it from your Desktop Press: Then select the file and the location of the database you saved originally.
Summary KeePass is a powerful user-friendly password application with many good features. It allows you to store passwords in a logical and familiar way. The database is also stored using complex encryption, so it is safe from intrusion. It is very important to have a good master password with which to lock the database. When the program is running the passwords remain encrypted in the process file. Use this program if you have many different passwords for your email, bank account, website subscriptions, etc. It is a small program and can easily fit on a floppy disk or on a USB flash drive. This way you can carry it around with you everywhere.
TrueCrypt A software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, etc).
Copying Files Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag- and-drop operations). Files are automatically being decrypted on-the-fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Files that are being written or copied to the TrueCrypt volume are automatically being encrypted on-the-fly (right before they are written to the disk) in RAM. Note: This does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt.
Saving Data TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfiles).
TrueCrypt Installation Download TrueCrypt from: http://www.truecrypt.org/downloads.php http://www.truecrypt.org/downloads.php (The overall installation process is similar in newer versions) Double click on the filename that you downloaded and accept the default values for the install Once the install is complete the dialog box will pop-up. Select OK. Then select Exit. The installation is complete
Creating a TrueCrypt Volume Click Create Volume
In this step you need to choose where you wish the TrueCrypt volume to be created. Click Next Creating a TrueCrypt Volume
In this step you need to choose whether to create a standard or hidden TrueCrypt volume. As the option is selected by default, you can just click Next. Click Select File. Creating a TrueCrypt Volume
Select the desired path (where you wish the container to be created) in the file selector. Type the desired container filename in the File name box. Click Save. IMPORTANT: Note that TrueCrypt will not encrypt any existing files. If you select an existing file, it will be overwritten and replaced by the newly created volume (so the overwritten file will be lost, not encrypted). You will be able to encrypt existing files (later on) by moving them to the TrueCrypt volume that we are creating now.* Creating a TrueCrypt Volume
In the Volume Creation Wizard window, click Next. Here you can choose an encryption algorithm and a hash algorithm for the volume. Click Next. Creating a TrueCrypt Volume
After you type the desired size in the input field, click Next. After you choose a good password, type it in the first input field. Then re-type it in the input field below the first one and click Next. Creating a TrueCrypt Volume
Click Format Click OK to close the dialog box In the TrueCrypt Volume Creation Wizard window, click Exit Creating a TrueCrypt Volume
Select a drive letter from the list. Mounting a TrueCrypt Volume
Select the volume from the list of mounted volumes in the main TrueCrypt window and then click Dismount. To make files stored on the volume accessible again, you will have to mount the volume. Dismounting a TrueCrypt Volume
Summary Use TrueCrypt when encrypting multiple files Use a strong password/phrase at least 20 characters Be sure to dismount your volume after you are finished adding of saving data to it, because clicking close or the exit button does not automatically dismount it for you. (Your information can still be accessed.)