Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Encryption Blog

Showing posts in English
Tim_Matthews | 09 Dec 2010 | 13 comments

A U.S. Army intelligence specialist? Walking out with confidential documents on a CD? Impossible.

When I first heard about the exposure of hundreds of diplomatic memos, I was anticipating a sophisticated cloak and dagger tale. But Pfc. Manning walked out the door with a bogus Lady Gaga CD-RW filled with government secrets. While my initial reaction was that this never should have happened, I can see where the dual priorities of a worker-friendly environment and the mission-critical imperative to share information quickly could have led to this situation. The good news is that there is a straightforward regimen to help stop these kinds of risks.

1) Install Device Control

Device control, as its name suggests, controls what devices can be used on a given computer. So if you want to disallow CD burning by a government security analyst with access to secret documents...

Kelvin_Kwan | 17 Sep 2013 | 13 comments

Symantec Encryption Releases 3.3.1/10.3.1
In this release, we support Windows 8, increase our Linux platform support, and as always improve security whenever appropriate.  Here’s a summary of what’s new:

  • Support Windows 8 Pro and Enterprise editions 32- and 64-bit versions, for Symantec Drive Encryption both BIOS and UEFI systems (only 64-bit for UEFI), Desktop Email Encryption, File Share Encryption, and Encryption Desktop utilities (PGP Virtual Disk, ZIP, and Shredder)
  • Desktop Email Encryption compatibility with Microsoft Outlook 2013, both 32- and 64-bit versions
  • Desktop Email Encryption compatibility with Microsoft Office 365 Cloud Server when using a supported email client
  • Mac OS X 10.8.3 and 10.8.4 support for Symantec Drive Encryption and Symantec Desktop Email Encryption
  • Symantec Drive Encryption support for Linux.  This now includes Red Hat Enterprise 5.9, 6.3, and 6.4 (32- and...
Kelvin_Kwan | 10 Jun 2013 | 1 comment

 

You Have Choices
On July 1, 2013, Symantec will officially announce that all customers with active maintenance for Symantec Endpoint Encryption Full Disk Edition (SEE FDE) will automatically have their licenses migrated to our new FlexChoice Disk Encryption license.

Essentially, we are replacing the current SKU for SEE FDE with a new SKU.  This new SKU entitles customers with the ability to choose which disk encryption product you wish to use. You can simply continue to use your SEE FDE product, or you can use the Symantec Drive Encryption, Powered by PGP Technology (SDE) product.  Or, you can use a combination of the two.  

Superseded
We are NOT discontinuing/end-of-life’ing SEE FDE. I cannot emphasize this enough.  The SEE FDE product will continue to be supported and available for purchase.  We simply are offering more flexibility to our customers to choose whichever product they wish...

Kelvin_Kwan | 28 Jan 2013 | 0 comments

In the past, it was fairly easy to keep corporate data protected by keeping it within an established perimeter—protected by established access controls and passwords.  That model has been blown apart as iPhone, iPad and other smartphones and tablets have taken over. Add to that the accessibility and usability of file sharing services like Dropbox and you can see why this transformation has information security managers concerned. These are not trends that organizations can deal with by saying “no.”  They urgently need solutions to help secure confidential data and limit access.

Today, we’re pleased to announce that Symantec’s new encryption solutions, powered by PGP Technology, are now shipping. With this Symantec Encryption release, Symantec leverages our encryption portfolio to ensure cloud data remains safe while keeping it accessible, and to protect confidential email for mobile.

Here’s a look at what’s new....

Kelvin_Kwan | 20 Dec 2012 | 4 comments

Folks, the holidays are almost once again upon us.  I sit here today trying to clear off my deliverables before I go on vacation.  But you know what? The year simply would not be complete without having to respond to yet another claim of a 3rd party tool being able to decrypt/access a system encrypted by PGP Whole Disk Encryption.

So Here We Go Again…
This morning, I was made aware of a claim made by ElcomSoft that their product could decrypt PGP containers (as well as other Full Disk Encryption competitors).  After reading through their blog and discussing my thoughts with the Symantec Encryption Engineering team, we have come to the conclusion that this claim is false!  There’s truly nothing to see here. 

The Weakness is NOT the Crypto Containers
I would...

phlphrrs | 18 Dec 2012 | 3 comments

There's a growing buzz in the industry about "who" should be responsible for encryption in the cloud from a user perspective.  As usual, the technology to do this is not the hard part – crypto is crypto is crypto, etc.  It's really more of a privacy and legal issue; privacy from the perspective of preventing others from seeing your stuff in the cloud and legal from the perspective of who has control over that data that is secured in the cloud.  
 
I think we all get the idea of privacy of our data in the cloud.  For example, if you put your personal financial data in the cloud to either be stored and/or used by an application, you want to make sure the data is secure.  If it's just storage, then you can personally encrypt the data before you store it in the cloud using encryption solutions like PGP.  If you're lucky enough to have a cloud provider that encrypts it for you, but gives you complete...

kkriese | 31 Oct 2012 | 4 comments

Today it is common for projects to be completed not by an individual, but a team (including to create this blog post).  To allow for improved productivity and collaboration, people use cloud-based storage to share files quickly and easily.  A counterpoint to the desire to share is the need to protect confidential information from being accessed inappropriately and leaking sensitive data.

The need for a secure collaboration solution drove the Symantec Encryption team to develop an enhancement for our Symantec™ File Share Encryption, Powered by PGP Technology software.  The enhancement offers:

  • automatic encryption of files on managed Windows machines that are stored on Dropbox
  • seamless access to encrypted files on Windows machines and iOS devices
  • centralized management for Dropbox Cloud Encryption Policies via Symantec™ Encryption Management Server (SEMS)

Encrypting files before they are uploaded to the...

Joel Boyd | 31 Oct 2012 | 1 comment

Stuck at the DMV?  Reply to some email.  Waiting to get your car washed?  Review an upcoming press release.  Stuck in traffic?  Edit the monthly sales forecast - send it back.  At the airport?  You get the point. 

(Dear California Highway Patrol Officer, I would never text and drive, I swear… honestly, please stop staring at me, okay, okay, I’m putting it down.)

Most people don’t even think twice about doing work wherever they are thanks to the vast array of mobile devices on the market.  What’s scary is how comfortable we are throwing sensitive data around and storing it on unsecure devices without even a thought of whether or not it’s safe to do so.  So… how does an organization enable their workforce to continue the working experience they’ve grown used to but have the peace of mind that they’re not going to end up on some news wire explaining how they lost...

dfinkelstein | 04 Oct 2012 | 1 comment

 

On Trust

 

I first came across Ken Thompson's Turing Award acceptance speech, Reflections on Trusting Trust, when I was in graduate school.  I found it very thought-provoking, and for a moment wondered if there weren't such vulnerabilities hidden away in the systems I used.  At some point, you decide to either give your trust, or withhold it.

 

I worked for 5 years at Xcert International, a startup that developed and sold Certificate Authority and related PKI products.  A PKI is rooted at a single point (the Root CA).  Root CAs are often referred to as "Trusted CAs" but I never thought of them that way, even though certificate vendors like to use the word "Trust" when describing their services.  A certificate provides identity information, certified by a signer -- "This person (the certificate subject) is associated with this public key, and the following associated...

dfinkelstein | 04 Sep 2012 | 1 comment

 

I'm David Finkelstein, and welcome to my Encryption Blog.

 

Here I'll share with you some of my thoughts and observations on security in general, and encryption in particular.  I might discuss in detail the security aspects of Symantec's encryption products, but I'll leave the product announcements and  business related messages to others.  My interest is in cryptography and security, as practiced here at Symantec and elsewhere.

 

I've worked for security related companies for over 15 years.  Here at Symantec, I'm the Director of Engineering responsible for the Encryption group's Core Cryptographic team.  We produce the PGP Software Development Kit, a FIPS validated cryptographic toolkit used throughout Symantec, as well as PGP Command Line, the absolute best OpenPGP compliant application available (though I freely admit my opinion is biased).

 

So welcome to...