Question

Case: Northridge Security Consultants, a security consulting company that specializes in network security for businesses, has been using you as an outside contractor to provide research and customer service for their clients.

A landscaping business, Sunset Landscapers, has contracted with NSC to help them implement cryptography to protect all documents and transmissions throughout their network. They have over twenty locations nationwide. NSC has found that even though the company would like this technology, the IT Director is resistant to any significant changes. Create a document that can be presented to the company directors explaining cryptography, including hashing, symmetric and asymmetric cryptography, digital signatures, digital certificates, and PKI.

After meeting with you and reading your report, the IT Director at Sunset Landscapers indicates that he is considering using Microsoft BitLocker software but is unsure if it will provide sufficient security. Northridge has asked you to create a document that outlines the advantage and disadvantages of Microsoft BitLocker. How it is implemented and what the alternatives are in providing security?

Answer 1

explaining cryptography, including hashing, symmetric and asymmetric cryptography, digital signatures, digital certificates, and PKI.

Cryptography is mechanism of converting plain information in form of texts, data, image etc. into ciphered form using set of algorithms and mathematical functions.

1.            Symmetric encryption: In this type of cryptography both the sender and the

recipient use the same key. So same key is used for the encryption

function and the decryption function to transport into plain text into the

ciphertext and then ciphertext back into the plain text again.

2. Asymmetric/ Public Key Cryptography:

In this type of encryption, different keys are used. Here both the sender and the recipient have different keys that are used for the encryption and the decryption function. The sender is the only one who

knows the encryption key, and the recipient is the only person who knows the decryption key. This mechanism is faster and more suitable for large organization with large head count.

3. Digital Signatures:

Digital signatures are the public-key primitives of message authentication. It is a technique in which a person/entity binds to the digital data. This binding can be independently verified by receiver as well as any third-party source.

It is a cryptographic value that is calculated from the data and a secret key known only to the signer.

4. Digital certificates:

A digital certificate is a digital credential that provides information about the identity of an entity. A digital certificate is issued by an authority, referred to as a certification authority (CA). Because a digital certificate is issued by a certification authority, that authority guarantees the validity of the information in the certificate. Also, a certificate is valid for only limited period of time.

DC provide support for public key cryptography because digital certificates contain the public key of the entity identified in the certificate. Because the certificate matches a public key to a particular individual, and that certificate's authenticity is guaranteed by the issuer, the digital certificate provides a solution to the problem of how to find a user's public key and know it’s validity.

About Bitlocker:

Bit locker is full system encryption mechanism implemented at physical layer of the machine-like boot, drives and partitions.

BitLocker provides protection when used with a Trusted Platform Module (TPM) version 1.2. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect data and ensures that a computer has not been altered while the system was online/offline.

On computers that do not have a TPM version 1.2, we can still use BitLocker to encrypt the Windows operating system drive. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation, and will not provide the pre-startup system integrity verification offered by BitLocker with a TPM.

Advantage and disadvantage of Bit Locker:

Advantage:

1. Provides full/partial disk encryption at physical level.
2. Minimize the chance that useful data can be recovered from lost storage devices by a third party as the drives are locked at physical layer.
3. We can configure group policy to limit computers running Windows so that they can only write data to BitLocker encrypted USB devices.
4. Easily integrates with Active Directory for the purposes of data recovery.
5. Pin is applicable at the booting of device, hence protects the integrity of the boot process.

Disadvantages:

1. In rare cases, recovery keys are not properly archived. Without that key, our data might be lost in the event of a failure.
2. We need to have a windows machine to support bitlocker.
3. There’s no link between your Windows credentials and Bitlocker Credentials they are independent and over the time it might be harder to manage all different credentials for same set of entities.
4. Bitlocker only supports USB STORAGE devices and PINs – no integration with any third party service for security purposes.

Alternatives to Bitlocker:

1. Veracrypt: It is an on-the-fly encryption tool i.e. decrypts files only when they are needed and that the files are otherwise kept encrypted the rest of the time.
2. GNU Privacy Guard: works on OS X, Linux, and Windows.
3. Disk Utility: offers the best integration, ease of use and support with Mac OS.
4. CipherShed: Completely open source and cross-platform support.