Storage Encryption/USB Flashcards
Define storage encryption?
storage encryption, a security approach that provides a vital layer of defense by transforming
data into unreadable ciphertext accessible only with the correct decryption key.
What is file-level encryption?
An approach that is not as
encompassing as a full drive encryption, but instead focuses on a file-level basis. Retaining the focus of encryption at the file level gives granular control. It might not present the same level
of security as a full drive encryption, however, this level of protection may not always be required and can slow down processes. File-level encryption can co-exist with other security measures such as access controls and data loss prevention policies.
This would be an example of defense-in-depth as you present many obstacles to a would-be hacker.
What is aysymmetic encryption?
It also known as public key cryptography is the practice of using two keys. The two keys involved are called the public key and the private key. The encryption is written so that it is possible to have a known public key, which can be distributed and known by all. The private key, however, is kept secret and used for decryption.
What is symmetric encryption?
It employs a single key for both encryption and decryption processes. As the same key is used for encrypting and decrypting, this key must be kept confidential and only shared with the trusted parties involved in the exchange.
While symmetric encryption is typically faster and more efficient than asymmetric encryption,
securely sharing the key presents a challenge, especially in large-scale deployments.
What does encryption include?
It can be achieved by converting data into a code only authorized people can read. This concept is called encrypting the data (DID). Full-disk encryption or FDE is the data protection mechanism that encrypts
all contents on a storage device at the sector level. When one is employing an FDE approach,
then the encryption will encompass the operating system, installed applications, and all user-generated data. The state-of-the-art in this regard is the Advanced Encryption Standard or AES, which requires a decryption key to access any portion of the encrypted disk.
This renders the data unreadable without the correct key, providing strong protection against
unauthorized access in the event of device loss or theft. FDE often integrates with the system’s boot process requiring key-based authentication before the operating system loads.
What is BitLocker?
It is a powerful encryption tool available in Windows operating systems designed to
secure data stored on drives effectively. With BitLocker, users can encrypt all parts of their drive, including the operating system, applications, and user-generated data.
This robust encryption mechanism ensures that data remains protected against unauthorized access even if the drive is lost or stolen. In addition to encrypting data, BitLocker offers features for securely managing encryption keys.
What are additional ways to store encryption keys?
Users can store encryption keys locally on the system, on a USB drive, or in Active Directory for centralized management. This flexibility enables organizations to implement secure key management practices tailored to their needs. Implementing and managing storage encryption
effectively requires following best practices. This includes regularly updating encryption algorithms to ensure they remain secure against evolving threats.
How can USB be a threat?
USB devices have become integral to our daily lives, allowing easy data transfer and connectivity. They enable a direct means of downloading and transferring data. However, they can also act as a vector to inject malicious code into our working environment. Being portable, lightweight, and physically connected to a work machine, they offer a potential alternative avenue for hackers.
What are (2) examples of malware via USB?
-Soyu: contained three
files, which were loaded
on insertion: a legitimate
executable, an encrypted
payload, and a malicious
dynamic link library (DLL)
loader. A DLL is a small
piece of executable code
that works on Windows
machines. The DLL loader
known as “Korplug”
creates a backdoor entry
into the file system when
executed. This door was
used to gather
information and maintain
a presence on the drive
for later access. It
supported a range of
actions including file
transfer, remote desktop,
screenshot capture,
reverse shell, and
keylogging.
-SnowyDrive: executable
was clicked, it would
trigger a DLL loader,
which gave external
actors access to the
infected drive. Examples
of some of the actions
include a shellcode-based
backdoor equipped with
a comprehensive
command set, including
functionalities to create,
write, or delete files,
initiate file uploads,
establish reverse shells,
list drives, and execute
file/directory searches.
What are (3) ways to reduce USB malware threats?
-Reg scan 4 malware: inc
Windows Defender
-Restrict access
-Enpoint protection
-Safeguarding date
-Organizational
policies/user awareness
