Sunday, November 10, 2013

How To Protect Your Data Of Zero-Day

ZERO-DAY A FUTURE THREAT, AND HOW TO PROTECT YOUR DATA.

ABSTRACT

It is known that practically all software has security flaws (programming problems that give individuals opportunities to explore previously nonexistent), many of these vulnerabilities not yet discovered, and hundreds are corrected every month through the packages available organizations affected, sometimes new versions and updates.
The term " zero day " (zero hour or 0day ) refers to the unknown nature of security breaches for companies , this attack tries to exploit computer application vulnerabilities that are unknown yet even by software manufacturers . Explaining in a simple and generally, there are two types of "exploit", or flaws / vulnerabilities that can be used in attacks. Those found by security companies and found by hackers whose purpose is exploration.
The issue is that some hackers choose to disclose newly discovered failures to apply the necessary corrections are sometimes rewarded for it with prizes. The “black hats” usually prefer to save for their own benefit a future attack or to share with attackers before the developer of software knows about the vulnerability.


HISTORY ALGORITHM AES

Regarding PRIVACY is important to know how to control the availability and exposure of your data , the AES algorithm was proposed to replace DES, NIST ("National Institute of Standards and Technology U.S.") held a competition (The selection process began in 1997 and ended in 2000 with the victory of the Rijndael algorithm written by Joan Daemen and Vincent Rijmen) for it to be made an algorithm that would be called "Advanced Encryption Standard " that meets the following specifications: algorithm publicly defined;
Being a symmetric cipher block; Designed for the key size can be increased; Deployable in both hardware and software; Powered freely, this algorithm Encrypt and Decrypt using an encrypted key and blocks, both sizes of 128,192 or 256 bits.

I will cite and explain how an open source tool very important: TrueCrypt (encryption on-the-fly OTFE) to confidential files , folders and entire drives on your PC , encryption, it can create a virtual encrypted disk or encrypt a partition , individual algorithms supported by TrueCrypt are AES, Serpent and Twofish, additionally , five different combinations of cascaded algorithms are available : AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES and Twofish-Serpent. Uses RIPEMD-160, SHA-512 and Whirlpool as hashing functions.

SOLUTION

Due to the increasing amount of 0day discovered, I will present one of the safest techniques to protect the security of your data, first we store our data in a nonvolatile memory device (eg USB stick or external HD, is the storage, where once recorded, the data are not lost when you remove the power source), we will also create a volume HIDDEN, at worst it can happen that you are forced by somebody to reveal the password to an encrypted volume . There are situations where you cannot refuse to reveal the password, for example, due to extortion. The method is to use a volume "HIDDEN" that allows you to solve such situations without revealing the password to your volume true, we actually create two passwords, a password can be used for volume "False" and one for the volume "True".


In case of any extortion can provide the password "Fake" where the attacker will have access, and the information contained in this folder will be irrelevant.

STEP BY STEP


This article shows a technique for case one day you will be forced to disclose information, learn how to get out of this trap.
It's also a great way to protect your company's data and a security strategy that should apply to stay quiet with your important data.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.