Disk encryption, basic information
What is endpoint encryption software?
- Endpoint encryption software is special software that makes all data on the system inaccessible without a key. It ensures that if your computer or device is stolen, all data on its disk will be unavailable to the thief. Basically, should your computer be lost or stolen, full-disk encryption will protect and secure any sensitive data, and keep any unauthorized persons from gaining access to it.
What is File Encryption?
- File Encryption means providing security for files that reside on media, in a stored state, such as a hard drives, usb drive, SD Card, or any other type of digital storage medium. Encrypted files are usally stored locally and are encrypted and temporarily decrypted while being used and than encrypted again after the user is finished using them. Encrypting stored files prevents others from reading, copying, or deleting encrypted files. Most often, those encrypted files can be seen in a file listing (such as in file explorer), but they can not be accessed for reading by unauthorized persons.
Why should I encrypt?
- ASU policy.
In order to be compliant with ASU policy, faculty and staff are required by the university to implement encryption and other standard security measures on all devices accessing the ASU network. Many ASU personnel routinely handle sensitive information including Personally Identifiable Information (PII), student records, health records, financial records, and research data. Federal laws, state statutes, and industry standards apply civil penalties for failure to protect sensitive information adequately. Encryption plays a key role in keeping information safe by ensuring that it can't be obtained through theft or eavesdropping.
Additionally, encryption is one of the 'Top 5 Critical Security Initiatives' at Arizona State University. To learn more, visit ASU's Get Protected website: https://getprotected.asu.edu.
- Full-disk encryption and file encryption can help protect files and information that are stored at-rest on your system. You may not realize that certain files or data may have made it to the system's storage - endpoint encryption and file encryption can help protect that data. Identity thieves could use information obtained from unencrypted systems and files to commit fraud or steal information from your system , so it's important to protect your data.
What endpoint encryption software does ASU recommend?
- BitLocker is a built-in feature on certain versions of Windows (Vista/7 Ultimate/Enterprise, 8.1 Pro/Enterprise, & Server 2008 R2).
- VeraCrypt is free full-disk-encryption software that can be used for full-disk encryption on most modern Windows versions.
- FileVault 2 is built-in to Mac systems running OSX Lion or later.
- dm-crypt/LUKS is free full-disk encryption software that is compatible with most Linux distros.
- Mobile devices running iOS or Android have built-in encryption software.
What file encryption software does ASU recommend?
- There are a lot of options for file encryption. Fortunately, most document programs provide the ability to encrypt files. Below we have provided information for the most common document programs.
Does endpoint encryption or file encryption cost me any money to use?
- No, all of the solutions recommended above are completely free to use, although some do have specific hardware or software requirements.
How do I enable endpoint encryption on my system?
- For ASU-owned devices, please see https://getprotected.asu.edu/diskencryption-technical or contact your local/departmental Deskside Support personnel.
Microsoft's step-by-step guide: http://windows.microsoft.com/en-us/windows-8/bitlocker-drive-encryption
Follow VeraCrypt's beginner's tutorial, but choose "Encrypt the system partition or entire system drive" in STEP 3: https://veracrypt.codeplex.com/wikipage?title=Beginner%27s%20Tutorial
- FileVault 2
Apple Support instructions: https://support.apple.com/en-us/HT204837
Consult your specific distro documentation for the "cryptsetup" package
- iOS instructions:
Mobile devices running iOS are automatically encrypted simply by enabling an unlock passcode (Settings > General > Passcode).
- Android instructions:
- Make sure you have at least a pattern lock set (Settings > Security > Screen Lock) - PIN code or password are better
- Charge the device to at least 80%, and connect it to a power source
- Start the encryption process from Settings > Security > Encryption
Is endpoint encryption and file encryption all I need to protect my system?
- You should ensure you have proper antivirus software installed to protect against viruses, trojans, and other malware.
- Endpoint encryption only protects data at rest. Data in transit is still at risk, so be sure to use additional protections like encrypted wireless networks and VPN.
- File encryption only protects individual files or folders at rest. So ensure that you use additional protections such as antivirus software.
- Disk encryption does not provide protection from hardware failures. Disks can and do crash; hence, regular backups are still recommended.
- To learn more, visit ASU's Get Protected website: https://getprotected.asu.edu.
Where can I find additional Help?
- If you are ASU Faculty or staff, please contact your local/departmental Deskside Support personnel.
- The ASU Tech Studios provide assistance with any technical issues, including encryption, at no-charge for ASU students.