Introduction to Computer Security USC School of Medicine Office of Information Technology

Introduction to Computer Security

USC School of Medicine Office of Information Technology

Overview•AxCrypt

•What is AxCrypt?•HIPAA info•AxCrypt Installation•Encrypting a File•What is a Key File•Making a Key File•How to Decrypt a File•Shred and Delete•Additional AxCrypt Options•Additional AxCrypt Resources

•KeePass•What is KeePass

•Starting the Program

•Creating a new database

•Adding a New Entry

•Using the Password

•Using the User Name

•Searching for Passwords

•Creating Random Passwords

•Selecting Password Options

•Opening Your Database

•Summary

•TrueCrypt•What is TrueCrypt?

•Copying Files to and from a TrueCrypt Volume

•Saving Data

•TrueCrypt Installation

•Creating a TrueCrypt Volume

•Mounting a TrueCrypt Volume

•Dismounting a TrueCrypt Volume

What is AxCrypt?• AxCrypt is a free, and easy to use, open source strong

file encryption tool.• Can be used on Windows 95/98/ME/NT/2K/XP/Vista,

integrated with Windows Explorer. • With AxCrypt we can encrypt, compress, decrypt,

wipe, view and edit with a few mouse clicks.• AxCrypt uses AES encryption.• Axantum Software AB is a Microsoft Certified Partner.

Is AxCrypt HIPAA compliant encryption?

• Only organizations and procedures can be HIPAA compliant.

• Technical Safeguards are governed by the HIPAA Security Standards, 45 CFR 160, 162 and 164.

• No recommendations or requirements concerning specific encryption technologies are made.

• Every organization must evaluate it's position and risks, and then implement specifications commensurate with that level.

How to Install• Download software: http://axcrypt.sourceforge.net• During installation process, verify the Certificate Publisher is:

Axantum Software.

How to Install• Select the language that fits your needs.

• Approve the license agreement

How to Install• Request Update Notifications

How to Install• Select Install Location

•

Start Menu Folder

Encrypting a file • Once Axcrypt is installed, you can

start using it immediately.1. Using Windows Explorer, select a

file (multiple) and right click on them.

2. Expand the AxCrypt menu and left click on Encrypt

3. Enter a passphrase or password. You will be required to enter it two times.

What is a Key File?• A key file is any file, where the content is used as an additional part of the passphrase provided.

Key File Background• The created passphrase in the key file will be different each

time you go through with the procedure.• You can never do one again if you lose it.• The passphrase is extremely difficult to crack• Using the key file passphrase makes encrypting your file even

more secure than using the initial password.

Example:

Y9Iv vDw7 jR7b KIqP CB0W Tm0y H933 4lGg XVJj vBBW mfI=

Suggested Key File Media• Make at least one copy of your key file as a backup• A good idea is to print out a copy of the contents of

your key file passphrase• Depending on the likelihood of the media to become

corrupted, you may want to make multiple backups (i.e. if you are using a floppy disk which could easily become broken or a CD that could become scratched).

Making a Key File• Using Windows

Explorer, right-click on any file and then mouse over AxCrypt and select Make Key File. You will get the following message pop-up.

1. Print a hardcopy of your key-file phrase.

2. Store Key-File on removable media (jump drive, ½ floppy, or CD-R/RW drive.

How to Decrypt the file• Using Windows Explorer, select an encrypted file,

right click, move your cursor over AxCrypt and then left click Decrypt.

How to Decrypt the fileHere is what you will see after selecting Decrypt.

•If you used a key file. Insert your key file floppy, CD, or jumpdrive prior to decrypting the file. •Then left click on the Key File button to browse to your Key File location.

Shred and Delete FeatureDocuments that you delete can be very easily recovered by any number of

ways.

With AxCrypt you can elect to delete files and documents in a more permanent way.

1. Select the files you want to shred and select Shred option on the right click menu.

2. You will be asked to confirm, since the operation cannot be undone.

3. Click “OK” and your data will be overwritten with random data before being permanently deleted.

Additional AxCrypt Options1. Encrypt a Copy: This option keeps the original file

unencrypted and will create a second copy that is encrypted.

2. Encrypt a Copy to .exe: Allows you to encrypt and send a document to another as an executable without them needing to install the full AxCrypt program on their pc. (Not recommended)

3. Using AxDecrypt Viewer (on web): Can view a .axx doc without having AxCrypt program.

4. Clear Passphrase Memory: If you used the option to “Remember this for Decryption”, subsequently selecting the Clear Passphrase Memory would remove that password from the memory of the PC. Thus requiring you to enter it for future access to the file.

AxCrypt Summary• Remember that when using encryption and key files

that you keep a copy of the credentials in a safe spot. (i.e. sealed envelope in department safe and that others in the department know the secure offsite location where the passphrase is stored).

• Be considerate of encrypting documents that you commonly share with other co-workers.

• Using a Key File is not required! Using a Key File is not required! Using a Key File is not required!

• When using key files, a password/passphrase still needs to be used

AxCrypt Summary• Passwords/passphrases used for encryption should not in any way

resemble passwords used to login to your PC• When encrypting files and sending them to another person: you must relay

the password/passphrase in a secure manner. Sending the other user an encrypted document via e-mail and then e-mailing the passphrase is NOT a secure method.

• Some examples of secure methods/procedures for sending passphrase :

1. E-mail encrypted document, fax the passphrase

2. E-mail encrypted document, call person on phone and relay passphrase

3. Send the encrypted files on a cd in the mail, e-mail the passphrase to the person

4. E-mail encrypted document, text message on cell phone the passphrase

Questions or Comments

IntroductionThe KeePass program stores your passwords in a secure database. This database consists of only one file so it can be transferred from one computer to another easily. This database is locked with a master password. This means that all your other passwords are accessible only by entering the master password correctly. If you lose this master password, all your other passwords in the database are lost also. The database is encrypted based on mathematics and there isn’t any backdoor or a key which can open all databases.

•http://keepass.info/download.html

Starting the Program•Double click the KeePass icon on your desktop to start the program

•This is the first screen visible to the user on startup of KeePass.

Creating a new database:•Select: File > New Database

•Next you are prompted to select a master key

Creating a new database cont’d•Once entered, you will then be asked to retype the password. If the password has been entered correctly a new empty database is created.

Creating a new database cont’d•As soon as you have created the master key and entered the database, you should save it to the computer’s hard drive:

•Press: on the Main Screen.

•The program will ask you where you desire to have the database file stored. Choose a location.•Example: My Documents

or Desktop

Creating a new database entry•Click: ‘Internet’ option

•To create the password record

•Select: Edit > Add Entry.

Adding a New Entry

User Scenario ‘’I would like for the KeePass program to help me remember my Hotmail user name and password’’

• The ‘Title’ can be set to anything desired, normally a symbolic representation of the meaning of the password.

Ex: Hotmail• The ‘Username’ is whatever username the password is associated with.

Ex: [email protected]• The ‘URL’ in this case is the Internet address.

Ex: www.hotmail.com

•The ‘Password’ is automatically generated. This can be changed either by typing a new password manually;•Ex: one4allandall4one•The ‘Quality’ refers to the length of the password. The longer the password, the greater the security.• The Notes text box can be used for a verbose description of the use of the password.• The ‘Notes’ text box can be used for a general description of your password.•Ex: getting into my Hotmail account

Using the Username•To use the user name click on the username entry you wish to use

•Select: Edit > Copy User Name to Clipboard

•For extra security the username only remains on the clipboard for ten seconds. In this time the username must be pasted where it is required. In general this can either be done by holding Ctrl and pressing V on the keyboard, or by right-clicking on the username field and selecting the paste option. So, you can copy the username from the KeePass program, open the window where it is needed (example: www.hotmail.com) and paste it into the username box.

Using the Password•To use the password click on the password entry you wish to use

•Select: Edit > Copy Password to Clipboard

•For extra security the password only remains on the clipboard for ten seconds. In this time the password must be pasted where it is required. In general this can either be done by holding Ctrl and pressing V on the keyboard, or by right-clicking on the password field and selecting the paste option. So, you can copy the password from the KeePass program, open the window where it is needed (example: www.hotmail.com) and paste it into the password box.

Searching for Passwords•Often a password is needed but the location of it may not be known. To find a password in the database, the Find function can be used.

•Select: Edit > Find in Database

•Next, the ‘Find’ Screen is shown. Different parts of the passwords’ record can be selected for use in the search. The search string (word to be searched for) is typed in the text box.

•The results of the search are then displayed.

Creating Random Passwords

“I am tired of creating new passwords all the time. If this program remembers all my passwords, then I would like it to create them for me automatically.’’

•KeePass uses a number of algorithms and random data collection to generate passwords. This section deals with how to create them.

•This is a good method of creating a password that is not easily cracked. This option can be selected when creating the database, creating a new entry in the database, as shown below. and at any time from the main screen:

Selecting Password Options

Selecting Password Options cont’d

•There are different check boxes that can be marked to include character types wanted in the password. The greater the range of characters, the greater the security of the password. However some systems may not allow certain characters in passwords.

•The next option allows you to set a range of characters that the password can be generated from.

•Checking the box labeled ‘Collect entropy’ will collect random events to use in the password generation.

•This happens when you press

button.

•Press:

Opening Your Database

•Now you have created your database, input different passwords into it, and saved it. At anytime you can run the program by launching it from your Desktop

•Press:

•Then select the file and the location of the database you saved originally.

SummaryKeePass is a powerful user-friendly password application with many good features. It allows you to store passwords in a logical and familiar way. The database is also stored using complex encryption, so it is safe from intrusion. It is very important to have a good master password with which to lock the database. When the program is running the passwords remain encrypted in the process file. Use this program if you have many different passwords for your email, bank account, website subscriptions, etc. It is a small program and can easily fit on a floppy disk or on a USB flash drive. This way you can carry it around with you everywhere.


TrueCrypt

•A software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device).

•No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys.

•Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, etc).

Copying Files•Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations).

•Files are automatically being decrypted on-the-fly (in memory/RAM)

while they are being read or copied from an encrypted TrueCrypt volume.

•Files that are being written or copied to the TrueCrypt volume are automatically being encrypted on-the-fly (right before they are written to the disk) in RAM.

•Note: This does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM)

requirements for TrueCrypt.

Saving Data

•TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory).

•When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted).

•To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfiles).

TrueCrypt Installation•Download TrueCrypt from: http://www.truecrypt.org/downloads.php

(The overall installation process is similar in newer versions)

•Double click on the filename that you downloaded and accept the default values for the install

•Once the install is complete the dialog box will pop-up. Select OK. Then select Exit. The installation is complete

Creating a TrueCrypt Volume

•Click Create Volume

•In this step you need to choose where you wish the TrueCrypt volume to be created. Click Next


•In this step you need to choose whether to create a standard or hidden TrueCrypt volume. As the option is selected by default, you can just click Next.

•Click Select File.


•Select the desired path (where you wish the container to be created) in the file selector. Type the desired container filename in the File name box. Click Save.

•IMPORTANT: Note that TrueCrypt will not encrypt any existing files. If you select an existing file, it will be overwritten and replaced by the newly created volume (so the overwritten file will be lost, not encrypted).•You will be able to encrypt existing files (later on) by moving them to the TrueCrypt volume that we are creating now.*


•In the Volume Creation Wizard window, click Next.

•Here you can choose an encryption algorithm and a hash algorithm for the volume. Click Next.


•After you type the desired size in the input field, click Next.

•After you choose a good password, type it in the first input field. Then re-type it in the input field below the first one

and click Next.


•Click Format

•Click OK to close the dialog box

•In the TrueCrypt Volume Creation Wizard window, click Exit


•Select a drive letter from the list.

Mounting a TrueCrypt Volume

•Click Select File


•In the file selector, browse to the container file and select it. Click Open.


•In the main TrueCrypt window, click Mount.


•Type the password in the password input field.


•Click OK in the password prompt window.


Dismounting a TrueCrypt Volume

•Select the volume from the list of mounted volumes in the main TrueCrypt window and then click Dismount. To make files stored on the volume accessible again, you will have to mount the volume.

Dismounting a TrueCrypt Volume

Summary

•Use TrueCrypt when encrypting multiple files

•Use a strong password/phrase at least 20 characters

•Be sure to dismount your volume after you are finished adding of saving data to it, because clicking close or the exit button does not automatically dismount it for you. (Your information can still be accessed.)
