Transcript Cyber-security and Encryption

Cyber-security and Encryption
©
Sergeant Paul Johnstone LLB MLitt
Garda Bureau of Fraud Investigation
What is Encryption?
Encryption is an electronic method used to protect the integrity
of devices, data and communications by scrambling the
contents preventing its use by persons who don't have the
decryption code needed to unscramble it again.
Conversion of electronic data into another form (ciphertext)
which is not readable without an appropriate key.
Development of encryption

Ancient encryption
replaced letters by
known numbers

Enigma Machine used a
group of selected rotors
used to replace selected
letters. The rotors are
replaced periodically


Modern Encryption using
ASymmetric method –
public to lock and private
key to unlock data
Later Encryption used
Symmetric method –
same key
(algorithm/cipher) to lock
and unlock
Why is it important?






Secure data and information exchange – authorised use
Prevents data loss or manipulation – internal and external*
Enables secure browsing - WiFi
Enables secure access to emails and content
Legal and ethical obligation to protect sensitive data
Protects client and YOU
Censure from Professional Bodies
Censure from Political or Governmental Bodies – DPC etc
Prevents Civil claim by clients
Prevents reputational damage
•
Its available and relatively easy to use
Problems with Encryption
1)
2)
3)
4)
5)
6)
7)
some
Slows down browsing and file exchange as the file is
transferred encrypted and then decrypted at the other
end.
If you forget the decryption key the data is lost. If you
lose the device, the data is lost
Which one to use – large number of suppliers
Not secure from attack – SQL injection or Java Exploit
Human Error – is it totally secure?*
Applications with access to encrypted data can be
infected with sniffing malware etc
The can be cracked by reverse engineering or...Truecrypt
Types of Encryption
1. Whole Disk encryption
2. Partition Encryption
3. Volume Encryption
4. Folder Encryption
5. File Encryption
7. E-mail Encryption
6. Mobile Data Encryption
8 Application Encryption
Security of Devices

Offline devices – not on internal network
Security of Devices
Online networks
Wired
Wireless
Home
Encryption Examples
PGP – Communications/files/email
 FileVault II – MAC Devices
 BitLocker – Windows Devices
 VeraCrypt – Disks/volumes/files/systems
 GPG (GNU Privacy Guard)- files/folders
 BestCrypt – Files/Folders
 TrueCrypt - now compromised

Encryption to 256bit. ‘Unbreakable’. Can upgrade to 512 Military.
When needed?
Devices Stolen
 Network compromised or hacked
 Insecure networks – open wifi etc
 Media lost
 BYOD
 Email intrusion – malware
 Data sent to wrong recipient

Level Needed

No correct answer - Depends on
a. The data
b. Your needs
c. The risks – real or perceived
Policies on Encryption
i.
ii.
iii.
iv.
v.
vi.
vii.
viii.
Law Society – Ireland & UK
HSE – Ireland
Bar Council UK
NUI Galway
An Garda Síochána – secure access and mobile devices
Government Departments – mobile device data
Etc......
Your policy should be your policy
Security of Communications








SMS and emails messages are susceptible to intercept
Open WiFi in cafe or hotel etc – phone seeks and connects
Hacker uses laptop with WAP running and stronger signal that
WiFi in premises.
My device will automatically seek the stronger signal and
connect
I send message over internet using phone and WiFi
Hacker sets his network to reject MMS (secure messaging)
My network reverts to SMS plain text messaging
Hacker has my messages and attachments and if he
connects malware to phone – he has access to my account
etc...
Home Networks






Connected to home WiFi network - secure
Previously connected to open WiFi
Car outside war-driving with strong open WiFi
Device connects to stronger open signal
Access to computer, malware injection,
contents etc
Disable WiFi scanning when at home and
encrypt
People
One of the most significant risks of data loss
User Mistakes
Simple Passwords
Password Sharing
Password abuse/theft
Same password used for
everything
Network/Data Intrusions
Memory stick manipulation
 Stick dropped outside
 Connected to network
 Second pin removed
 Windows machines = keyboard
 Malware = full access
 BYOD – not good policy

Online security



Accessing from public WiFi – credentials captured and email accessed
Opening insecure attachments
Browser History – site running awstats: captures visits, IP logs and activity
on site*.
Social Media
Apart from recognised risks – spamming,
cyberbullying, personation, trolling etc....
 Know your friends
 Beware of profiles that stay logged in*

Online Passwords

Search on Pastebin.com for ‘barrister’
Passwords contd...
Identifying threats
Know your system
 Know your users
 Know your devices
 Use encryption
 Use secure email
 Vary and change passwords
 Unknown source – DELETE
 Disable WiFi scanning after connection

Security
Security is your concern – its your data
 Its as secure as you make it
 Antivirus, malware protection, passwords
 System intrusion testing and updates
 Intrusion detection software
 If in doubt consult IT specialists
Grant Thornton – Ritz - Critical Data – Mazars - Mandiant – RMS –

Espion – Ward Solutions – eSentire – Digicore - etc
Homework
•
If you have a website run the following Google tests against it at
home
‘filetype:docs site:pauljohnstone.ie’
‘info:pauljohnstone.ie’
•
•
•
Is there access to a private members area on a publically accessible
system? – subject to interception.
Is your internal network and internet access through same
machine? – subject to interception
Is your WiFi open – www.wigle.net maps open wireless networks
Sgt Paul Johnstone
Computer Crime Investigation Unit
An Garda Síochána
Harcourt Street
Dublin 2
D02 PT89
Tel: +353 1 6663796
Mob: +363 86 8281889
Email: [email protected]