In some versions of Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2, there is a powerful disk encryption tool called BitLocker. By default, this tool uses AES (Advanced Encryption Standard) encoder operating under CBC (Cipher-Block Chaining) mode.
In addition, we can use many other third-party disk encryption tools to encrypt the entire drive. When encrypting the entire drive, users will not be able to access the data in it. Data will be encrypted automatically when written to this drive, and will be automatically decrypted before being loaded into memory. Some tools can create invisible storage areas inside a partition, then act as hidden drives inside a drive. Other users can only see data in the external drive.
These disk encryption tools can be used to encrypt removable drives. Some allow you to create a master password with lower-level extra passwords for other users, such as Whole Disk Encryption, Drive Crypt, etc.
Take advantage of Public Key Infrastructure
A Public Key Infrastructure (PKI) is a system that manages Private Key and Public Key folders, and digital licenses. Because the Key and license are issued by a trusted third-party tool, the license platform is secure, which the system provides is quite strong.
We can secure the data we want to share with others by encrypting this data with a Public Key and a shared person. All users in the network will see this data, but only users with Private Key corresponding to Public Key can decrypt.
Hide data with Steganography encoding
Steganography is a type of encryption that creates hidden email in which only senders and recipients know the existence of this email.
We can use a Steganography application to hide data inside other data. For example, we can hide a text email in a .JPG image file or an MP3 music file, etc.
Steganography does not perform email encryption, so it is often used with encryption software. First the data will be encrypted, then hide it inside another file with a Steganography software.
Some Steganography-style encryption tools require the exchange of a secret Key, while others use Private and Public cryptographic keys. A good example of Steganography software is StegoMagic. This is a free software that encrypts email and hides them in .TXT, .WAV, or .BMP files.
Protect data sent by securing IP
Our data can be stolen by hackers while transmitting over the network with a Sniffer software. To protect data while it is being transmitted over the network, we can use Internet Protocol Security (IPSec), however both the sending system and the receiving system must support IPSec. Since Windows 2000, Windows has built-in support for IPSec. Applications do not have to recognize IPSec because it operates at a low-level network model.
Encapsulating Security Payload (ESP) is the protocol IPSec uses to encrypt data. IPSec can operate under tunnel mode to provide protection at the gateway, or in transmission mode to provide protection when data is being transmitted. To use IPSec in Windows, we must create an IPSec policy, select the authentication method and the IP filters to use. To configure IPSec settings, open the Properties properties window of TCP / IP on the Options tab of Advanced TCP / IP Settings .
Secure data transmitted via Wifi network
The data that we send over Wifi networks is more vulnerable than when sending via an Ethernet network. Hackers do not need to physically access the network or devices on it, any laptop user who has Wi-Fi enabled and a powerful transceiver antenna can steal data or break into the network. and access to data stored on that network if the WiFi access point is not configured securely.
We should only send and store data for encrypted Wi-Fi networks. To encrypt the Wifi network, it's best to use WPA / WPA2 in conjunction with AES instead of Wired Equivalent Protocol (WEP).
Use Rights Management to maintain control
If you need to send data to other users but we are worried about protecting this data when it is no longer on our system, we can use Windows Rights Management Services (RMS) to check it. Control the behavior of the recipient for the data they receive. For example, we can assign permissions so that the recipient can read the received Word document but cannot edit, copy or save this document. In addition, we can block the recipient from forwarding the email we send, or set the expiry date for the email or the document so that the recipient cannot access it after that time.
To use RMS, we need to configure Windows Server 2003 as an RMS server. Users need to use Internet Explorer or install client software to access RMS-protected documents. Authorized users need to download a license from the RMS server.
Hopefully some of the above solutions can make your computer and data safer in this age of cyber security.