We have entered a technological age where companies and individuals are at a greater risk of getting hacked just because of the conveniences of widespread connectivity including the cloud. When company confidential data finds itself in the wrong hands, the repercussions can be very devastating.
Over the past few years, there have been several cases of data breach and ransomware attacks on high profile organizations. One major attack was the Yahoo data breach of 2013. For this reason, organizations and individuals need to be always on red alert for the perfect methods to keep safe their data and networks, now and in the future (Thilakanathan, 2014).
Symmetric encryption
In order to ensure data in transit and on storage is always protected, the company needs to implement the best encryption methods to secure data. Symmetric encryption is the type of encryption that the company needs to implement. This encryption method provides for the securing of data using public and private keys. Doing this will ensure a top level of data security (Bellare, 2014).
Email and IP security
For any online transaction, the company makes especially money related transactions, the firm needs to have a secure socket layer to provide for the authentication of all transactions and that no third party or black hat hacker is able to access the data and money in transit. Passwords used by all employees need to be strong to ensure that no party is able to guess. IP security is furthermore very key to making sure that all data in and out of the network is appropriately secured from interference by other third party individuals. Having encrypted email servers also is a prerequisite for ensuring Email security within and without the company.
The Secure Socket Layer, block and stream ciphers.
Secure file transfer protocols must be implemented during the transfer of files over the internet. These protocols include SSL, SFTP, HTTPS, FTPS and WebDAV’s, they are important for companies since they encrypt data through symmetric key cyphers. The Secure Socket Layer is utilized to establish secure links between a web server and a web browser in any online transaction. Symmetric key ciphers have been divided into two algorithm types. The Block ciphers and the Stream ciphers. Block cipher encryption algorithm is designed to encrypt a fixed size of n-bits of data mostly known as a block at one time. On the other hand, the stream cipher is designed to encrypt one bit of plain text at a time. It implements a stream of pseudorandom bits as the key. For this encryption algorithm to be perfectly secure, its pseudorandom key generator should never be predictable.
The Public key algorithm and key pairs.
The public key algorithm must also be implemented since it is complex enough to prohibit any attacker from making the difference between the plain text and cipher text. The three most commonly used public key algorithms are compatible with Open SSL. Most often, public key cryptography is used together with other cryptographic algorithms like message digests and even symmetric ciphers. In each SSH/SFTP connection, there are two key pairs utilized. This is the reason for naming the cryptography as asymmetric cryptography. One of the two required keys is private and the other is public. The public key cryptography is used in both directions (Client to server and server to client).Without all these a company is deemed to be vulnerable to attacks (Kuppuswamy, 2014).
Passwords, hash, salt, and rainbow tables
When a hacker has got access to a server or workstation and has been successful to copy the entire security database containing usernames and passwords, they can’t read the usernames and passwords since they are encrypted. However, an experienced hacker will easily use rainbow tables to go around this security feature. For this reason, any organization or company needs to understand the pros of implementing a public salt algorithm. Salt will make it more time consuming to crack a large list of passwords and makes it very infeasible for a hacker to utilize rainbow tables. In so doing, this will provide for the integrity of company data even when the hackers have made away with confidential information.
From this assessment, it has been evident that any company needs to implement different technologies in order to ensure the good security of its data. Many encryption methods and algorithms need to work in harmony so as to make the success of a hacker harder and harder.
References:
Bellare, M., Paterson, K. G., & Rogaway, P. (2014, August). Security of symmetric encryption against mass surveillance. In International Cryptology Conference (pp. 1-19). Springer Berlin Heidelberg.
Kuppuswamy, P., & Al-Khalidi, S. Q. (2014). Hybrid encryption/decryption technique using new public key and symmetric key algorithm. International Journal of Information and Computer Security, 6(4), 372-382.
Thilakanathan, D., Chen, S., Nepal, S., & Calvo, R. A. (2014). Secure data sharing in the Cloud. In Security, Privacy and Trust in Cloud Systems (pp. 45-72). Springer Berlin Heidelberg.
