Disk Encryption, Data Security & RAM

It’s no secret that computer scientists have discovered ways to bypass many of the popular forms of encryption used to secure the local hard disk in your desktop or laptop computer. Of course, fully realizing this is a little concerning, especially when you are in the IT field, and needing to protect and secure PHI.


Understanding the way disk encryption works will help you to understand some of the vulnerabilities. Without getting into the finer details encryption, keeping the technical jargon on the sideline, let’s just say successful encryption is based on a pair of keys, if the keys match the data is unlocked, it is really that simple. Not much different than how a lock in a door works. What if someone stole or copied your key? Well if it were your house key it would mean someone has access to your house and its contents and if it were your computer the reality isn’t much different.

Computers systems encryption technologies store the secret encryption key in memory (RAM) once the disk has been authenticated (unencrypted). The fact is that while the data (Secret key) is loaded into RAM, it is venerable. Unfortunately, there are no technologies that protect keys that are already in memory. This is a pretty serious issue if you use a laptop that contains sensitive information (PHI or HIPAA related protected information) and you travel with it in sleep mode because the RAM (random access memory) still contains the secret key. If your laptop were stolen by someone with the knowhow and bad intentions your data is not safe. However, if the computer is shut off while in transit, the random access memory is cleared within a few minutes under normal operating temps, and your data would be secure. This scenario applies to office computers that are encrypted but utilize the sleep feature rather than be shut down at night. Various methods, all including physical access to the encrypted PC (Firewire, USB, Serial Port access) have been used to discover secret encryption keys. Since these issues require physical access (unless otherwise infected with something that allows a remote attacker) the computer laptops are the greatest concern.

August 19th, 2011 | Category: PHI Encryption, PHI Secuity | Leave a comment

HIPAA Compliant File Encryption Security Software

The most effictive File Encryption Security Server Software solutions provide the following features:

Data Protection and Encryption that protects your intellectual property and all files transferred over the Internet using secure protocols including FTPS (SSL/TLS), SFTP (SSH2), and HTTP/S (SSL).

Delivery and Data Integrity features extending the standard FTP protocol with strong reliability features, including post transmission integrity verification, mid-file recovery, and automatic restart.

Tracking and Auditing features including industry standard logging (W3C, NCSA, Microsoft IIS Extended), e-mail notification of completed transactions, and digital certificates for proof of identity.

User Account life cycle management services that help you quickly and efficiently manage users, temporary accounts, and expired or compromised public-keys or certificates.

Full support for password, public-key, or one-time-password authentication. User profiles can be managed internally or externally through NTLM, Active Directory (AD), or ODBC data sources.

Look for strong user and group management features including system resources bandwidth monitoring, folder access, file types, and more using granular or Site-wide controls provided for user and group management. Real-time monitoring and on-the-spot disconnection of users. Specify SSL ciphers and version levels providing administrators the ability to specify symmetric key cipher(s) and the ordering of those ciphers for establishing SSL sessions. Validate inbound SSL sessions and allows or denies connections based on specified or approved ciphers.

June 23rd, 2011 | Category: PHI Encryption | Leave a comment
« Newer Entries  
  Older Entries »