Securing Your Passwords - Encryption Techniques 2018 Ultimate guide
Encryption provides a robust set of techniques to ensure secure transactional sensitive data flows online, thus preventing hackers and cybercriminals from accessing sensitive content, even if they succeed in capturing the transmitted encrypted data. The mathematical formulas involved in today’s cryptographic standards are enough to prevent most attackers from decrypting stolen data. In this section, we will present some tools and advice that helps you to keep your confidential data private by encrypting it.
Make sure to secure your online accounts using strong, complex passwords. It is also highly recommended to change your password every three months. There are many free tools to aid you in the password generation process. Such tools will produce highly secure passwords that contain a combination of letters, numbers, and symbols. Here is a list of some of these tools:
Free Password Generator
PWGen
Many websites offer online password generation services. However, we prefer not to use such services because your password can be intercepted while traveling to your PC. To store your passwords, you should use a security program to keep them safe; using a password manager program is essential to keep all your passwords in a safe location. A password manager encrypts the database that contains your credentials and protects it with a master password. This is the only password you must remember.
KeePass Password Safe
Master Password
Password Safe
Encrypting Your Hard Drive/USB Sticks
Encrypting data becomes essential in today’s digital age as it considered the last line of defense if an attacker successfully gains access to your confidential data. In other words, encryption will be your last hope to prevent the compromise, use, or disclosure of your sensitive information to the public or to your enemies. Keeping stored information on a hard drive secure is easy when using encryption software. For instance, Windows provides a built-in encryption utility that is available for most of its versions (Windows 7 and beyond) called BitLocker. Using this utility is easy; all you need to do is to right-click the drive you want to encrypt and select Turn on BitLocker. A wizard will appear that walks you through all the steps to configure your drive encryption (setting a password and storing a recovery key).
There are many reputable disk encryption software applications that provide disk and even OS partition encryption. VeraCrypt is supported on all major OSs. It can encrypt hard drives including OS partitions and USB stick drives. VeraCrypt also creates encrypted vaults that can be used to store data and then transfer it into a USB stick or send it over the Internet securely. You can check the documentation section for how to use this tool in different scenarios.
DiskCryptor offers encryption of all disk partitions, including the system partition. It is supported only on Windows OS.
Cloud Storage Security
Most people are using cloud storage to back up and store their sensitive data (such as documents, personal pictures, contact lists, address books, and the like). The many security incidents that have taken place lately with major cloud service providers shows that their security measures alone may not be enough to stop such compromises. To counter such risks, don’t rely on the cloud service provider to secure your data. Always encrypt your data before uploading it to the cloud and make sure to have a backup copy stored somewhere else when dealing with sensitive data. Here are two programs that can be used to secure your data before uploading it to the cloud:
Duplicati uses AES-256 or GPG to encrypt your data before sending it to the cloud.
Cryptomator uses AES-256 to encrypt your data and uses SCRYPT to protect against brute-force attacks. It works by creating an encrypted vault (a virtual hard drive on your local machine that encrypts everything inside it before uploading it to the cloud provider). Please note that compression programs like 7-Zip and PeaZip also offer encryption features, so you can compress and protect your files with a password before uploading it to the cloud.
Secure E-mail Communications
Whenever an e-mail is sent, it should be encrypted to assure the integrity and confidentiality of its contents. In today’s digital age, e-mail becomes the main means of communications for both individuals and public/private organizations, and breaching this communication medium would have a serious consequence. E-mail data breaches occur daily to assure that the contents of your emails are secure, so you should use encryption software. Detailing how to incorporate encryption in your e-mails is beyond this book’s scope. However, in this context, you should understand that when sharing information with colleagues (e.g., as part of your OSINT investigation) through e-mails, you should take care to encrypt it first. In this section, we will give you resources and tools to learn how to do this. However, if you want to understand the ins and outs of e-mail encryption, you should check out our book Digital Privacy and Security Using Windows: A Practical Guide (Apress, 2017).
Gpg4win (GNU Privacy Guard for Windows) allows you to create cryptographic keys (public and private keys), encrypt files and folders, and sign your e-mails before sending (digital signature). Gpg4win is the official GnuPG distribution for Windows. Another implementation of the GnuPG project to be used on other platforms.
Mozilla Thunderbird can be configured to use GnuPG on all major platforms through installing the Enigma add-on, which adds OpenPGP message encryption and authentication to the Thunderbird e-mail client. It features automatic encryption, decryption, and integrated key management functionality.
You can direct your Thunderbird e-mails through the Tor Network by using an extension for Mozilla Thunderbird called TorBirdy. According to its creators (it belongs to the Tor project), TorBirdy is still in beta release and should not be used to secure communications in extremely hostile environments. You can find information on how to install and use this extension.
A browser extension is available for both Firefox and Google Chrome called Mailvelope that can be used with most web e-mail services. It allows its users to exchange encrypted e-mails using the OpenPGP encryption schema. You can either generate your key pair or import existing one (for example, from Kleopatra). You can use this extension without installing any tools except the extension on your browser. It is open source and available here. However, we do not recommend encrypting messages within web browsers because this will make them more vulnerable to cyberattacks that regularly hit browsers.
Secure E-mail Providers
If you prefer to use a webmail for some of your tasks, it is advisable to use a secure endto-end e-mail provider that offers extended security features for your e-mail account. For instance, ProtonMail is different from other regular e-mail providers in many ways. It is based in Switzerland and follows its jurisdiction, which is considered the best one in the world in terms of protecting user privacy. ProtonMail uses two passwords to protect your e-mail account. The first one authenticates your account credentials on the server, and the second decrypts your inbox within your web browser or app, meaning that it never goes online to the ProtonMail server. If you are exchan e-mails with another ProtonMail user, you can safely set your emails to destroy itself within a time limit in addition to sending encrypted e-mails to other ProtonMail users. It is especially useful to destroy sensitive e-mails automatically on both sides of the communications. Finally, if you want to use an e-mail for only one time (for example, to activate some services anonymously), you can go with any of the following two services:
Hidester
Guerillamail
Secure IM and Online Calling Services
IM conversations are another form of communications that you may need to protect. No one can guarantee that giant IT providers that offer free IM, voiceover IP, and video conference services do not log your chat—or at least the metadata of the conversation such as date/time and login IP address—for some period. We cannot discuss the security features of each available application in this book. However, we will focus on the security feature that makes one application more secure than the rest. For instance, most VoIP and chatting applications work the same way. They encrypt the messages exchanged between the people involved in the conversation, but they do not encrypt the message metadata. The best secure VoIP/IM application is one that has the following technical characteristics: it should be open source so its code can be audited by independent security experts, it should not offer/show ads or any type of commercial advertisements, the provider and hence the app should not store the decryption key on its server so no one can request the key to decrypt user data, it should not store any metadata about the user connection, and the user contact list should not be stored on the app server and if necessary it should be saved encrypted. It should offer clear options to choose what you want to backup before sending it to the cloud provider. The following are some popular secure and well-supported messaging apps:
- Tor Messenger Although it still in beta version, this is considered the best secure IM chat. Traffic is directed through the Tor Network for maximum anonymity.
- Cryptocat is an open source secure messaging application, it encrypt all communication by default and allows for secure sharing of files online.
- Signal: This is a secure messaging and VoIP app; it is easy to use and offers similar functions as WhatsApp and Viber Apps. This app runs on Android and iPhone devices only.
- Ghost Call: This is an end-to-end encrypted calling service.
- ChatSecure: This IM program works only on iOS when it is configured to use OTR over XMPP.
Thanks for reading now let me recommend you some other practical guides about penetration testing of Remote Access Protocols, Remote Desktop Protocol, SSH Network Protocol, Network Routers, Wordpress website using WPSeku from My Hack Stuff.
COMMENTS