Provide (2) 150 words substantive response with a minimum of 1 APA references for RESPONSES 1 AND 2 below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.
Summarize the different situations in which people use file encryption software.
According to text, one way in which people use file encryption software would be sending a file to another person. In a work situation, putting an encryption on an email sent, the receiving user would need to have the access to this particular encryption to read the file, message, etc. This type of encryption is a good practice, the issue is that users only do this part of the time. For example, military are encouraged to use this particular feature when sending and digitally signing their emails, but the extra couple of clicks seem to be too much for some. Another example the text gave was transferring files via USB, but where I have worked while in the military and now as a contractor, USB anything is not allowed into the building and/or workspace. This is to include anything that also Bluetooth transmittable (ie: phones, fitbits, headphones w/ voice access, etc.) to prevent adversaries from indirectly accessing data not meant for public use.
An issue with USB transfer brings to mind the recent presidential election and the debated results. While one side claims that this election was the most secured in history, the other side have testimonial and sometimes video proof of persons either leaving unattended USB drives in voting machines, workers uploading the files from the USB drives multiple times, or conveniently lost USB drives.
Again, according to text, another way in which people use file encryption software is to keep files on hard drives safe. Any files on a computer, no matter the security measures, still leave these types of files open to malicious attacks. The examples the text gives are these files can be accessed by Trojan horse, separately booted operating system and/or low-level data written to the hard drive. When a person deletes a file, where does that file go? Just because the user is unable to find the file in a generalized search does not mean that the file is actually gone. Due to this conundrum, if an adversary penetrates the system, though the file is supposed to be deleted forever, he or she may still find files embedded on the user’s hard drive. Windows offers built-in encryption, but whether it be Windows or another operating system, there is not a cure-all to anyone’s information if someone is determined to get information. Separately booting an operating system may give an adversary accesses to plain text files though they have been encrypted.
Makes one wonder exactly the nature of intent when an adversary attacks someone’s system.
Smith, R. E. (2015). Elementary Information Security. [VitalSource Bookshelf]. Retrieved from https://online.vitalsource.com/#/books/9781284093070/
1.Describe the five basic attacks on authentications systems.
Clone or borrow, sniff, Denial of service (DOS), trial and error, and retrieve from offline are five of the basic attacks on authentication system. Clone or borrow the credentials can be performed by memorizing someone’s password or using common access card (CAC) that doesn’t belong to you to gain access without permission. Sniff is a method this that acquire credentials or any log on information when a user uses his or her credentials to log on to an information system. Denial of service is self-explanatory, and it is as simple as blocking a user or damaging the information system to prevent the user from using it. Trial and error are in some way similar to brute force attack, where the perpetrator will be trying to guess someone’s password by using patterns left on a screen until he gains access to the system. Lastly retrieve from offline is retrieving information form any kind of external storage device to access the system.
2.Outline the symmetric encryption process and explain the components involved in the process
The symmetric encryption is a methodology of using encryption keys to encode and decode data. The process is simple, we use an algorithm that converts plain text into unreadable format. Then the system will perform several changes called permutations on the plain text to convert it into ciphertext. Once it is converted into the ciphertext the other user will need the encryption key it was use by the originator to be able to read the text or convert it back to plain text.
3.Summarize the different situations in which people use file encryption software.
People use encryption in order to protect information from unwanted users or the people that doesn’t have the need to know. It could be used as well to protect Personal identifiable information (PII). In the military is used
to protect mission critical information that could affect the operations if it was known by other people.
4.Describe the different categories of asymmetric encryption algorithms and how they are used in practice.
– Diffie-Hellman – This encryption algorithm requires both users to have a public and private key in order to send and read encrypted messages between the two.
– Elliptic Curve – Similar encryption as Diffie-Hellman but using different mathematical calculation both parties still need secret keys commonly used in military operations and government agencies.
– Rivest-Shamir-Adleman – RSA encryption uses a public and a private key and each pair contains tow modules, public exponent, and modular inverse.
Smith, R. E. (2016). Elementary Information Security (2nd ed.). Burlington, MA: Jones & Bartlett Publisher.