Center for Strategic Assessment and forecasts

Autonomous non-profit organization

Home / Defence and security / / Other
The basics of information security in 2017
Material posted: Publication date: 13-12-2017
In today's world it is difficult to keep any information secret. Especially if it is of value to someone and you need to convey. No matter what your reasons for concealing certain information, this article will cover the basic methods and software tools to keep the information confidential.

I will try to explain a complex and confusing technology simple and accessible language that was understandable to the beginner.

Important! All programs presented in the paper free. Download them can and should be only from the official websites of developers.

Disclaimer: I, that is, the author is a layman in information security and operating data from public sources. I am against using the following methods to conceal illegal actions.

The basics

First, disassemble the basic concepts.

Encryption

To begin with the definition:

Encryption — the reversible transformation of information in order to hide from unauthorized persons, providing, at the same time, authorized users access it. Mainly, the encryption is the problem of confidentiality of the transmitted information. An important feature of any encryption algorithm is to use the key that approves the selection of a specific transformation from the set of possible for this algorithm.

Without going into technical details, we can say that encryption is the transformation of data to conceal the information.

There are various encryption algorithms, we are superficially acquainted with the main relevant encryption algorithms.

Encryption algorithms are divided into symmetric algorithms and asymmetric algorithms:

  • Symmetric encryption uses the same key to encrypt and to decrypt.
  • Asymmetric encryption uses two different keys: one to encrypt (which is also called open), one for decryption (called closed).


Examples of symmetric algorithms:

DES algorithm for symmetric encryption, developed by IBM and adopted by U.S. government in 1977 as an official standard.

Direct the development of the DES is currently the Triple DES algorithm (3DES). In 3DES encryption/decryption are performed by three execution of DES algorithm.

AES also known as Rijndael (pronounced [rɛindaːl] (Randall)) is a symmetric block encryption algorithm (block size 128 bits, key 128/192/256 bit), adopted as an encryption standard by the U.S. government on the results of the AES competition. This algorithm is well analyzed and is now widely used, as was the case with its predecessor DES.

Blowfish (pronounced [Blowfish]) is a cryptographic algorithm that implements a symmetric block encryption with variable key length. Developed by Bruce Schneier in 1993.

GOST 28147-89 (Magma) — the Russian standard of symmetric block cipher, adopted in 1989. Is an example of a DES-like cryptosystems.

In 2015, along with a new algorithm "Grasshopper" one embodiment of algorithm of GOST-89 was published under the title "Magma" as part of the standard GOST R 34.12-2015.

Block cipher "Grasshopper" — a symmetric block encryption algorithm with a block size of 128 bits and a key length of 256 bits.

Examples of asymmetric algorithms:
RSA (an acronym of the names of Rivest, Shamir and Adleman), a cryptographic public key algorithm based on the computational complexity of the problem of factorization of large integers.

The RSA cryptosystem was the first system suitable for both encryption and digital signatures. The algorithm is used in a large number of cryptographic applications, including PGP, S/MIME, TLS/SSL, IPSEC/IKE, and others.

GOST R 34.10-2012 — Russian standard describing algorithms for generating and verifying electronic digital signature.

SSL encryption

SSL (eng. Secure Sockets Layer secure sockets layer) — cryptographic Protocol that provides more secure communication. In fact, it is a method of transmitting information on the Internet, which includes transparent data encryption. The Protocol widely used for instant messaging and voice over IP (eng. Voice over IP — VoIP) to applications such as e-mail, Internet Fax, etc.
Subsequently, based on the SSL 3.0 Protocol was developed and adopted by the RFC, named TLS.

TLS (eng. Transport Layer Security Protocol transport layer security) and its predecessor SSL are cryptographic protocols that provide secure data transfer between nodes in the Internet.

SSL and TLS are used for example to encrypt the traffic to the site. When data is transmitted over HTTPS, the traffic (data which are transmitted and received) is encrypted with a certificate that uses a particular resource.

The SSL certificate contains information about its owner and the public key used to create a secure communication channel. Organizations and individuals receive to confirm that the site or that the resources provided by them and it's not a fake resource. Certificates get buy from authorized or trusted certification authorities.

All this is done to the person who interpose in the communication channel in the middle, between you and the recipient couldn't read the information or change it.

Hashing

Hashing or receiving the checksum consists of the conversion data (be it text or data file) of an arbitrary length to (output) string of fixed length made by a particular algorithm.

The peculiarity is that if the input data changed at least for bits of information, the final (output) row will be another. Thus, it is possible to verify that the file or data has not changed.

Before you install the software, even downloaded from the official websites, compare the checksum of the file that you downloaded to the checksum given on the website. Attacking people can monitor your network and when downloading of the file as you think with an official website may podsovyvaya modified installation file, vulnerabilities or even malicious code.

The basic principles of creating a strong password

To ensure the security of the information it should block a good password. There are basic principles of creating a strong password:

  • The password must be at least 15 characters long, and the best option 20. The more the better, but to overdo it is not worth it.
  • The absence of words, of popular patterns (qwerty and so on), dates, and various information related to you as password.
  • The password must contain lowercase and uppercase letters, numbers, special characters (#%^&*@!).

Two-factor authentication

Two-factor authentication is the authentication (identity verification) which implies the use of two methods of confirmation of identity.

For example, if you login on any website, you first enter your password and then a code sent by SMS to the trusted phone number.

There are many different ways of authentication:

  • Password
  • PIN code
  • The SMS code
  • Fingerprint
  • Flash token (USB flash drive with the recorded unique key)
  • Push notifications in the app on your smartphone


Where possible, use two-factor authentication. Even if your password learn or pick up, then the violator will not be able to pass the second authentication method.

Two-factor authentication can be enabled in many popular services:

  • Google
  • WhatsApp
  • Telegram
  • Vkontakte
  • Facebook
  • Mail.ru
  • Yandex
  • DropBox

Data storage

Password Manager KeePassX

If you use everywhere-resistant, but the same password it jeopardizes all your data at once. After all, if an attacker can spy on or to know your password in any other way, they automatically get access to all the used services.

It is recommended to use different services for different passwords, it is best to generate. But then the question arises about remembering all the passwords.

And then we have to use a password Manager. There are different services that provide the conservation and management of passwords. I personally and various security experts suggest the use of KeePassX.


The fact that this project has a long history. All this time he has exposed the source and the developers provide all the data that would have to be sure that no bookmarks.

This program is completely free, it open source and runs on all major platforms (Windows, macOS, Linux).

Passwords are stored in special databases that use AES and TwoFish. The database itself (stored in a single file) it is better to store in a safe place, such as a USB drive.

The program includes a generator of strong passwords.

To use the Internet services for password storage more convenient and more mobile, but much less safer. Your passwords can request special services, or may be a patch in the software that is used on the servers of the service of password Manager. Passwords can be intercepted by using vulnerabilities in the browser.

The website www.keepassx.org

Data encryption VeraCrypt

Also should take care about the reliable storage of files on the media. In order to exclude the possibility that if the device on which you store important data fall into the wrong hands, the data will be open and available to the attacker.

A fairly reliable method is data encryption. There are many different programs that allow you to encrypt the data. There are free and paid. There are even solutions built into the operating system. For example, Windows BitLocker and macOS FireVault.
Unfortunately, in the software of this class often implement bookmarks for easy hacking. And to the developers of this software always the maximum requirements for the safety and security of their product.

Previously, the undisputed leader was the program TrueCrypt. Unfortunately, the developers stopped the development of this program. Theme with TrueCrypt at all possible complicated, many believe that it involved special services and they have been forced to stop development of the program.



But since the source code of TrueCrypt was open for further elaboration and support come from the other team. They fixed some vulnerabilities and released a new version called VeraCrypt.

This program is regularly inspected and passes safety audits.

The meaning of a program you create encrypted containers (on disk are arranged in the form of a file), encrypt removable media, or complete encryption of the hard drive including the local disk where the operating system is installed.

In the case of creating an encrypted container file is created on disk. You specify its name and size. Next, choose the encryption method (it is worth noting that the choice is quite large, and there is also the possibility of encryption algorithms 3 in a row), password, and other parameters.

Then you connect (mount) your container to any available drive. And you can write any data into it. When you stop working, you will unmount it. All the files that are located in the container will be securely stored in it. Such a file can be transmitted over less secure channels, but all the same leave it in open access is not necessary.
There is the possibility of creating a hidden container in the container. This is done to ensure that if you were captured and forced to lead a password to the container with the data, there is dummy data and the key data that you intended to hide will be located in a hidden container inside this container.

You can encrypt a flash drive and then its content will also be available to you via the password.

The website www.veracrypt.fr

Communication

Postal service ProtonMail

For communication at a distance you can use and mail. For example, how did Edward Snowden, who told the world about total surveillance of the special services of the USA.

There are services that provide encrypted Inbox. The most proven and convenient option at this time ProtonMail. He ProtonMail was created under the influence of the events that happened with Snowden. This is a free service that provides users to register for a free encrypted Inbox.



For additional features and expansion of memory storage you will have to pay, but for the average transmission of the text information and small files enough for the free account.
There is a web version, clients under Android and iOS. The service is translated into many languages including Russian.

The website protonmail.com

Secure messenger Signal

Sometimes communication via email is not suitable. Information is needed here and now. Then you can use the format familiar to us all messengers. And here comes to help application Signal. Again, there are plenty of apps that also claim full security and anonymity, but it is to Signal less questions and suspicions. He was so well used by Edward Snowden. It still uses Matt green, who is quite well-known among specialists in encryption and security.


The application has passed the audit and is constantly checked.

The app looks like a normal messenger. It is possible to send text, emoticons, pictures, audio, files. There are even voice and video communications. Information is sent pretty quickly. The interface is not overloaded and convenient to all those who have ever texted on a smartphone.

But you have to be careful with the application. The app itself is secure, there's even protection against screenshots. But your smartphone is probably not so safe and protected. So pass the information first, putting it on the phone memory not very safe. But to send a text and make audio and video calls are quite safe.
There are clients for Android, iOS, Windows, macOS, Linux.

The website signal.org

Safe access to the Internet

Secure browser Tor Browser

For safe websites is to use the Tor Browser. You've probably heard about it. Tor Browser works on the basis of onion networks. The meaning of such a network is that the connection from your device to the destination server goes through a certain number of layers in the network. Each layer of the network or the connection is encrypted separately. And it turns out that you passed the traffic is encrypted several times. This affects the connection speed, but very effective in terms of security.



Tor Browser itself is not only the features of the onion network, but of supplements that turns off all tracks button and the scripts and direct all traffic through HTTPS.

The website www.torproject.org

A virtual private network ProtonVPN

If you need to hide and encrypt all traffic on your device, you can use VPN. VPN stands for virtual personal network. When you connect to a VPN completely, all connections your device pass through a selected server.
This allows not only to hide the original source of the request, and to encrypt data.
This can also be used to access blocked sites in your network. Because traffic is, for example, in the Netherlands, where it can be blocked the Russian local information resource you will be able to access it.

I use software ProtonVPN, from the creators of ProtonMail. Their email service has proved very successful, and seeing the availability of VPN client from this team immediately decided to install and use.



The app is free but does not have Russian interface. But to understand his work is very simple.

If you choose a paid tariff plan, you will have a larger selection of countries to connect. Pay servers less loaded, so the speed will be higher. And will also be able to use the P2P traffic and the TOR network.

The website protonvpn.com

Anonymous operating system Tails

Tails is the ultimate option. Is an operating system based on Linux kernel.



Usually it is recorded on a flash drive or DVD disc and load them. While the creators recommend to first write the operating system onto a flash drive, then boot from it. And since this media using special software to write the operating system to another flash drive or DVD.

In this operating system you can surf the Internet, work with mail and the most important data on the computer.

It uses the most advanced encryption technology. Maximum protection of all data. This OS is constantly checked and examined.

The website tails.boum.org

Conclusion

Thanks for reading article to the end. I hope I have described things became clear. For further details you can always turn to the Internet.

Source: https://habrahabr.ru/post/344294/


RELATED MATERIALS: Defence and security
Возрастное ограничение