GUEST BLOG: Five steps to take when securing your data with multi-factor authentication – Military Embedded Systems

Blog

September 06, 2022

Computer data exists in different states at different times: data in transit (information flowing through a network); data in use (active data that is being accessed and manipulated by a computer program); and data-at-rest, known as DAR, or data that is physically housed in a storage device like a solid-state drive. Many cybersecurity solutions focus on securing data in transit and data in use, but neglect securing DAR.

President Bidens Executive Order on Improving the Nations Cybersecurity, enacted on May 12, 2021, directs all branches of the federal government to improve their resilience to cybersecurity threats. This order directly calls out the need to secure data-at-rest (DAR) with encryption and multi-factor authentication (MFA).

MFA requires a user to provide multiple pieces of evidence that combine to verify a users identity. Depending on the application, MFA may be required at login or perhaps when trying to access an application or even a particular folder or file. MFA combines two or more independent credentials: what the user knows (password, for example), what the user has (an authentication app, for example), and what the user is (biometric palm vein scan, for example). Since most MFA implementations use two factors, its often called two-factor authentication, or 2FA.

There are five important considerations when protecting your data with MFA.

1. Understand the sensitivity of your data:First, note that not all data is subject to the same levels of protection. In the U.S., since all federal departments are part of the executive branch, the data-classification system is governed by executive order rather than by law. As of 2009, information may currently be classified at one of three levels: confidential, secret, and top secret. Subsequent executive orders may change these classifications and the levels of protection associated with each classification.

2. Use self-encrypting drives:Sensitive data needs to be encrypted, executive orders notwithstanding. Self-encrypting drives (SEDs) encrypt data as its written to the drive, which has a self-contained drive encryption key (DEK). The key and encryption process are transparent to users.

SEDs encrypt everything on the drive, which is called full-disk encryption (FDE), including operating system (OS), applications, and data. On-drive encryption is called hardware FDE (HWFDE) and uses an embedded encryption engine (EE), which should provide 256-bit AES encryption.

An SED should adhere to the TCG Opal standard, a secure standard for managing encryption and decryption in the SED. SEDs are often certified to Federal Information Processing Standards (FIPS), developed by the National Institute of Standards and Technology (NIST). For example, a FIPS 140-2 L2 certification assures that the SEDs EE has been properly designed and secured; the L2 ensures that there is visible evidence of any attempt to physically tamper with the drive.

The National Information Assurance Partnership (NIAP) is responsible for the U.S. implementation of the Common Criteria (CC), an international standard (ISO/IEC 15408) for IT product security certification. CC is a framework that forms the basis for a government-driven certification scheme required by federal agencies and critical infrastructure.

3. Employ pre-boot authentication:A designated security officer or administrator will define the user roles and identity management used to authenticate access to the SED. The password security that forms part of an OS is notoriously weak and subject to hacking, so the first level of authorization acquisition (AA) should occur prior to the booting of the OS, in which case it is known as pre-boot authentication (PBA).

Each user should have an individually assigned password, which authorizes the SED to use its cryptographic key to unlock the data. The security officer should have the ability to add new users and revoke access to existing users. When a users access is revoked, that user wont even be able to boot the OS.

A more robust PBA implementation will include MFA.

4. Multi-factor authentication methods:In addition to a username/password, MFA requires another form of authentication. One approach is to use a security dongle, such as a YubiKey, containing a license key or some other cryptographic protection mechanism that the user plugs into a device USB port. The U.S. Department of Defense (DoD), including civilian employees and contractor personnel, uses a smartcard called the common access card (CAC), in which case the computer must be equipped with a physical card reader.

Other MFA methods include applications, often on smartphones, that provide a one-time code synced to the device or system asking for authentication. Also taking advantage of the ubiquity of smartphones is an SMS-based system that will include a one-time code in a text message.

5. Provide the ability to destroy the data:There are various scenarios in which it may be necessary to destroy any data stored on the SED. A benign case is when an organization decides to upgrade its computers and/or drives, transfer computers and/or drives within the organization, or dispose of or recycle the computers and/or drives outside the organization. A worst-case scenario is when an unauthorized entity gains control of the drive with the intent of accessing the data.

Using standard operating system-based delete functions to remove files and folders is not sufficient because experienced hackers can still retrieve some or all the data. SEDs that are used to store confidential data should support special hardware functions to perform secure erase (write zeroes into every area where data is stored on the drive) and crypto erase (wipe any cryptographic keys stored on the drive, thereby rendering any encrypted data stored on the drive unreadable and useless to a bad actor).

To address the worst-case scenario, the organizations designated security officer should have the ability to define erase procedures to be automatically initiated by the drive itself; for example, failing AA a specified number of times should cause the drive to self-erase.

In the case of a SED equipped with appropriate PBA, any data stored on the disk will essentially be invisible until AA has taken place, thereby preventing bad actors from cloning the drive to circumvent the restricted number of permitted attempts at AA.

To sum up

Some organizations mistakenly assume that employing MFA such as fingerprint scans or facial recognition after the OS has booted offers a high level of confidence. However, once the OS has booted, any data on its drives is exposed to sophisticated hackers or potentially nation-state bad actors.

The highest levels of confidence and security are achieved by using MFA as part of a PBA environment implemented using HWFDE realized on a FIPS + CC certified and validated SED. (Figure 1.)

[Figure 1|An example of a secure solid-state drive, part of the Citadel family of secure data storage. Photo courtesy CDSG.]

CDSG directorof marketing Chris Kruell leads the sphere of marketing activities, including corporate branding, corporate and marketing communications, product marketing, marketing programs, and marketing strategy. Chris previously was VPofmarketing at ERP-Link and hardware startup Lightfleet. He was a marketing director at Sun Microsystems andheldseveral marketing positions in the high-tech industry. Chris holds a BSdegree from Cornell University and an MA degree from Hamline University.

CDSG (CRU Data Security Group) https://cdsg.com/

Read more here:
GUEST BLOG: Five steps to take when securing your data with multi-factor authentication - Military Embedded Systems

What Is RCS Messaging and Why Is Google Pushing Apple To Use It? – Popular Mechanics

Constantine JohnnyGetty Images

To say we all text or at least know about texting is an understatement. Most of us use apps such as Apples iMessage for iPhone users or WhatsApp to send our messages. However, that doesnt mean the 1992-born classic SMS (short message service) is dead, even if Google wants it to be.

Dont miss our latest tech news. Learn more with usjoin Pop Mech Pro.

Cue up the RCS vs. SMS debate and Googles shaming of Apple, trying to persuade the digital giant to drop SMS altogether and join Android users in the RCS world. So whats the difference, you may ask. While we may all just see green and blue bubbles, theres more behind the scenes.

That 160-character limit, thats SMS. Debuting in 1992, SMS enabled mobile devices to do more than just talk. It introduced an entirely new world of communication with the text message. The limits of SMS are byproducts of its age, even with the early 2000s introduction of MMS (multimedia messaging service) that introduced the ability to send small files of multimedia (think low-resolution photos or video snippets). After all this time, you can point to many age-induced drawbacks of SMS: a limit on media types supported; no messaging with Wi-Fi since it relies on a cellular connection; and a frustrating mess of additional problems, such as difficulties with group chats, a lack of read receipts, and none of those fancy bouncing dots letting us know somebodys cooking up a new message.

Add the fact that SMS texts arent secure, and the billions of SMS messages sent every day in the U.S. alone causes concern about privacy more than features.

Because of the lack of encryption, hackers can search for weak points anywhere along the virtual path between the sender and receiver, which includes a ton of different network devices and computing systems at many different providersonly one of which needs to be exploited via technical vulnerability, misconfiguration, social engineering or insider attack, says Christopher Howell, CTO of Wickr.

Still, many of us send most of our messages in over the top applications such as WhatsApp, iMessage, WeChat and others, that use internet protocols rather than the cellular networks used by SMS to transmit messages. This adds a stiffer layer of encryption and security, but it also ups the ability to bring in feature-rich add-ons that make the messaging more modern, even if it requires the person youre messaging to be using the same service as you.

Call it a rich communication system. Or, RCS, for short. The GSM Association, a trade group representing mobile networks, spent more than a decade fine-tuning RCS before it made its official debut in 2016. Its an attempt to provide an app-like service for what was the SMS market. And Google has embraced it, saying that Android phones now running RCS can easily text as if they were in these feature-welcoming apps, sending high-resolution photos and videos, emoji reactions, end-to-end encryption (for individual, not group, conversations), read receipts, and more.

Google believes RCS solves the problems associated with SMS.

With its reliance on iMessage, Apple still offers SMS for texting features when you message outside of this app (i.e. when Apple users must resort to a green-bubble conversation with an Android user).

Google wants that to change, saying that Apple refusing to adopt the modern RCS standards is holding back the world of texting. In fact, Google has created an entire public relations campaignGet The Messagesurrounding that effort.

Everyone should be able to pick up their phone and have a secure, modern messaging experience, writes Elmar Weber, a Google engineer, as part of the campaign. Anyone who has a phone number should get that, and thats been lost a little bit because were still finding ourselves using outdated messaging systems.

Of course, Googles big push to persuade everyone else to adopt RCS is self-serving, since it has adopted RCS for its own Messages app. Apple has been either silent or non-committal on dropping SMS for RCS. Detractors of RCS say it may fix some issues, but doesnt solve them all. In fact, RCS comes with its own drawbacks, they say, such as the fact that end-to-end encryption only works in one-on-one conversations, and that RCS has a propensity for opening the doors to spam messages.

Add in Apples blue-bubble domination, and the company has no real incentive to play nicely outside of its own sphereand certainly not if it creates a more seamless transition away from an iPhone and into an Android device.

Of course, Apple isnt the only non-RCS giant out there. WhatsApp, basically the global leader in messaging apps outside of the United States, is non-RCS compliant. Google isnt going after them.

Benedict Evans, an independent technology analyst, wrote on Twitter that when a company that lost (and Google has lost messaging, but mostly to FB [Facebooks parent company Meta owns WhatsApp], not Apple) asks a company that won to adopt a standard that it doesnt look like anyone uses, one should probably be a little cynical.

See the article here:
What Is RCS Messaging and Why Is Google Pushing Apple To Use It? - Popular Mechanics

Current encryption and security will be null and void by 2030 at the latest – TelecomTV

Even if you could afford it, you couldnt go out and buy a quantum computer today because theyre a long way from being commercially available. However, that doesnt mean the machines dont exist they do. It is known that that there are such devices in the laboratories of commercial companies, in university research labs and military installations in various countries including the US and the UK, and the chances are that China, Russia and other countries also have them.

However,despite the intense international race to be the first to develop fully-functioning, full-sized quantum computers, currently, as far as practical applications are concerned, the experimental models are generally too small to outperform traditional electronic super-computers. That said, some have beendeveloped to the point that they can be used to solve some heavy-duty tasks, such as integer factorisation.

In essence, integer factorisation this is the decomposition of a composite number, which is a number can be made by multiplying other whole numbers. For example, 6 can be made from 2 x 3 and 15 can be made from 1, 3, 5 and 15, and thus is a composite number. When composite numbers become very large, no workable non-quantum integer factorisation algorithm has yet been found (although one might actually exist). The field of research is important because many cryptographic algorithms are based on the extreme difficulty of factorising large composite integers, and this has direct relevance and security of RSA public key encryption and the RSA digital signature.

Three years ago, a team of French researchers factored a 240-digit number that took 900 core-years of computing power to achieve, and from that experiment estimated that the factorisation of 1024-bit RSA modulus would take 500 times as long in other words, 450,000 core years of computing. However, quantum computers can perform such calculations very quickly. A quantum computer utilising superposition, interference, and entanglement could crack and render instantly obsolete the ubiquitous RSA encryption algorithm in a matter of seconds. Soon, keeping information secret will become many orders of magnitude more difficult.

The qubit is the fundamental data processing element of a quantum computer and researchers are building machines with more and more of them whilst simultaneously developing error-correction methodologies that will enable the performance of longer and longer calculations. Its only a matter of time before all current encryption techniques will be rendered null and void. The general consensus within the industry is that this will happen by 2030 at the latest.

Excerpt from:
Current encryption and security will be null and void by 2030 at the latest - TelecomTV

Encrypted Phone Provider Calls It Quits After Failing To Persuade Middlemen To Roll Their Own Device Management Systems – Techdirt

from the passing-the-buck-means-having-no-more-bucks-to-pass dept

Over the past few years, international law enforcement has been cracking down on encrypted device purveyors. Were not just talking about regular device encryption, which has been mainstream for several years now. These would be specialized manufacturers that appear to cater to those seeking more protection than the major providers offer services that ensure almost no communications/data originating from these phones can be obtained from third-party services.

The insinuation is that specialized devices are only of interest to criminals. And there is indeed some evidence backing up that insinuation. But plenty of non-criminals have reason to protect themselves from government surveillance, a fact that often goes ignored as criminal crackdowns continue.

Even if theres a honest market for something international law enforcement considers to be a racket (as in RICO), the market cannot seem to sustain the continuous scrutiny of law enforcement. Another purveyor of specialty phones catering to people who desire the utmost in security and privacy has decided resellers should bear the legal burden of offering its offerings. Heres Joseph Cox reporting for Motherboard:

Encrypted phone firm Ciphr, a company in an industry that caters to serious organized criminals, has made a radical change to how its product can be used and sold, signaling an attempt by the company to distance themselves from, or perhaps cut off, their problematic customers.

How do you cut off perhaps your (previously) most valued customers? Well, in this market, you force the resellers to assume all legal liability.

Now, it is shifting that responsibility away from itself to individual resellers of the devices. The message says that for resellers to continue with new sales or renewals of customers subscriptions, they will need to run their own MDM solution. This essentially puts the management of customers much more in the hands of the resellers and not Ciphr.

Offloading mobile device management (MDM) to third party resellers perhaps provides Ciphr with plausible deniability. If resellers want to have something to sell, theyll need to take direct control of device management to ensure end users dont install apps that might compromise security as well as controlling distribution of software updates and other necessities of cell phone service.

While this move may have ultimately provided Ciphr with plausible deniability when the feds came knocking, it immediately appears it wont be profitable for Ciphr. The offloading of device management to resellers appears to have severely harmed reseller desire for Ciphr phones, as Joseph Cox notes in his follow-up article.

Ciphr will cease operations at the end of the month, according to the message. The reason was that not enough resellers took up Ciphr on its plan to shift the responsibility for Mobile Device Management (MDM) away from the company itself to individual resellers.

Resellers appeared to enjoy their previous relationship with Ciphr, which allowed them to profit heavily from a demanding, but limited market. That relationship allowed Ciphr to absorb the legal liability while third parties cashed checks. Check cashing is still an option, but cashing checks now means a possible increase in legal liability. Obviously, Ciphrs biggest resellers arent on board with assuming additional legal risk.

Since theres no interest from downstream retailers in running their own device management systems, Ciphr could either sell directly to customers it has always tried to distance itself from or call it a day. It chose the latter option, which will likely end up being far less harmful to its profits than dealing with the outcome of raids, arrests, and criminal charges that may have been the end result of its continued existence.

And while it may be easy to cheer on the demise of another company that apparently catered to criminals, lets not forget every failure by device manufacturers like this one make it far easier for government entities to (falsely) claim secure devices and end-to-end encryption only benefit criminals. For that reason alone, we should be concerned about companies like these that shut down rather than offer products that could possibly fend off sustained attacks by state-sponsored hackers and make normal surveillance tools irrelevant.

Filed Under: criminals, encrypted phones, encryptionCompanies: ciphr

Go here to read the rest:
Encrypted Phone Provider Calls It Quits After Failing To Persuade Middlemen To Roll Their Own Device Management Systems - Techdirt

What Is TLS/SSL Offloading? – Security Boulevard

What Is TLS/SSL Offloading?97thfloorFri, 09/02/2022 07:48

A common misconception about TLS/SSL encryption is that a persons computer connects directly with a web server and information is sent directly between the two. In reality, the information can be sent to a separate machine or to a different processing device on the same machine. This process is known as TLS/SSL offloading.

Offloading works by taking on the processing load of encryption on a separate device or machine than is being used for the application processing. To configure this process, organizations route TLS/SSL requests to an application delivery control that intercepts the TLS/SSL traffic, decrypts the traffic, and then forwards the traffic to a web server. To configure end-to-end encryption, you must import a valid certificate and key and bind them to the web server.

There are two different ways to accomplish TLS/SSL offloading.

TLS/SSL termination is the simpler approach of the two. In this process, encrypted traffic is intercepted before it hits your servers and decrypted on a dedicated TLS/SSL termination device instead of the application server. Then the decrypted data is forwarded on to the application server.

TLS/SSL bridging adds another layer of security by performing extra checks for malware. Incoming data is decrypted, inspected for malicious code, then is re-encrypted and sent on to the web server. This form of TLS/SSL offloading is meant to increase security rather than reduce processing activities on the application server.

Organizations that handle a lot of encrypted data would benefit from TLS/SSL offloading so application servers can focus on their primary tasks rather than encryption. Reduced TLS/SSL workload can lead to:

Depending on what load balancer youre using, TLS/SSL offloading can also help with HTTPS inspection, reverse-proxying, cookie persistence, and traffic regulation. Attackers can hide in encrypted traffic, and the ability to inspect encrypted HTTPS traffic could save your organization from severe attacks.

Make sure your applications are running securely and efficiently by implementing TLS/SSL offloading. Offloading only works with valid certificates, so certificate lifecycle management is another crucial component of a healthy network. Make sure to keep track of all TLS/SSL certificates in use at your organization and when they expire so they dont cause a certificate-related outage.

Automate the certificate management process with machine identity management. Download our Machine Identity Management for dummies eBook to learn more about securing your applications and preventing certificate-related outages.

Alexa Hernandez

Encrypting data can introduce latency to connections because of the amount of computer processing that it requires. Thats where TLS/SSL offloading comes into play. This method can improve your page loading speeds and user experience. TLS/SSL offloading can also be used to introduce additional security checks for malware.

Off

UTM Campaign

Recommended-Resources

*** This is a Security Bloggers Network syndicated blog from Rss blog authored by 97thfloor. Read the original post at: https://www.venafi.com/blog/what-tlsssl-offloading

Follow this link:
What Is TLS/SSL Offloading? - Security Boulevard

Encryption Software Market Global Industry Research Analysis & Forecast 2022 to 2030 Muleskinner – Muleskinner

United State- Report Ocean (150+ countrys markets analyzed, function on 1,00000+ published and forthcoming reports every year.]presents a research report and top winning strategies for theEncryption Software Market. Best subject matter experts, researchers, and market research professionals organized this report in order to ensure that the information in it is compiled from the most authentic sources and that the forecast is of the highest accuracy. To forecast market growth, specialists employ a variety ofmethodologies and analytical approaches, including S.W.O.T. (analysis methods), P.E.S.T.E.L. analysis, and regression analysis. TheEncryption Softwarestudy also looks at the various regulations and policies that the firm has implemented. This report discusses the industry in terms of research technology and precise prospective utilization, innovation, and future advancements in theEncryption Software Market.

The global encryption software market size is anticipated to reach USD 20.44 billion by 2026 according to a new research published by Report Ocean.

Request To Download Sample of This Strategic Report :-https://reportocean.com/industry-verticals/sample-request?report_id=5148

The report Encryption Software Market Share, Size, Trends, Industry Analysis Report By Deployment Model (On-Premise, Cloud-Based);

By Application (File Encryption, Disk Encryption, Database Encryption, Cloud Encryption, Communication Encryption, Others);

By Organization Size (Large Enterprises, Small and Medium Businesses);

By End-User (BFSI, Healthcare, Aerospace and Defense, Government and Public Utilities, Retail, Others);

By Regions, Segments & Forecast, 2019 2026 provides strong market indices and taps on future growth parameters.

In 2018, the BFSI segment dominated the global market in terms of revenue. North America was the leading contributor to global revenue in 2018. An urgency to protect critical data and growing number of data lapses has boosted the adoption of encryption software. The widespread growth of mobile devices and increasing trend of BYOD further support the growth of this market. The rising spread of virtualization, cloud and big data analytics has supported market growth over the years. Growing investments in technological advancements by vendors, coupled with growing demand for cloud-based encryption software would accelerate the growth of encryption software market during forecast period. However high costs related to advanced encryption solutions and an awareness shortage among small and medium enterprises hinder growth. Growing demand from developing economies and technological advancements are expected to provide several growth opportunities in the future.

North America generated highest revenue for market in 2018 and is expected to lead the global market throughout forecast period. The increase in number of cyber-attacks and growing number of data breaches drive the market growth. A growing trend of BYOD, IoT, big data analytics and virtualization evinces the need of encryption software for data protection and data loss. A rising penetration of mobile devices and technological advancements bolster growth in the region. A greater spending on data protection in BFSI and defense sectors in the region promotes growth in the region.

A rushing request from emerging economies, expanding adoption of the software by BFSI sector and flooding demand for cloud-based encryption solutions are factors boosting growth of product during forecast period.

Enormous walks in strong innovation, data loss among enterprises has made encryption software very crucial for safe data transmissions. Furthermore, as undertakings are pushing forward with distributed computing, the product has become all the more important to prevent data slips by safeguarding touchy information.

Request Full Report :-https://reportocean.com/industry-verticals/sample-request?report_id=5148

Asia Pacific is expected to display highest CAGR during forecast period owing to urging need for data integrity at all levels in the industries in developing countries of the region.

The companies include Microsoft Corporation, Symantec Corporation, IBM Corporation, EMC Corporation, CISCO Systems Inc., Intel Security, Check Point Software Technologies Ltd., Oracle Corporation, Trend Micro, Inc., and Sophos Group Plc. among others.

Report Ocean has segmented the encryption software market report on the basis of deployment, application, organization size, end-use and region.

Encryption Software Deployment Model Outlook (Revenue USD Millions 2015 2026)

On-Premise

Cloud- Based

Encryption Software Application Outlook (Revenue USD Millions 2015 2026)

File Encryption

Disk Encryption

Database Encryption

Cloud Encryption

Communication Encryption

Others

Encryption Software Organization Size Outlook (Revenue USD Millions 2015 2026)

Large Enterprises

Small Enterprises

Medium Enterprises

Encryption Software End-user Outlook (Revenue USD Millions 2015 2026)

BFSI

Healthcare

Aerospace and Defense

Government and Public Utilities

Retail

Others

Request Full Report :-https://reportocean.com/industry-verticals/sample-request?report_id=5148

Encryption Software Regional Outlook (Revenue USD Millions 2015 2026)

North America

U.S.

Canada

Europe

UK

France

Germany

Italy

Asia Pacific

India

Japan

China

Latin America

Brazil

Mexico

Middle East & Africa

What is the goal of the report?

Access full Report Description, TOC, Table of Figure, Chart, etc.-https://reportocean.com/industry-verticals/sample-request?report_id=5148

About Report Ocean:We are the best market research reports provider in the industry. Report Ocean believes in providing quality reports to clients to meet the top line and bottom line goals which will boost your market share in todays competitive environment. Report Ocean is a one-stop solution for individuals, organizations, and industries that are looking for innovative market research reports.

Get in Touch with Us:Report Ocean:Email:sales@reportocean.comAddress: 500 N Michigan Ave, Suite 600, Chicago, Illinois 60611 UNITED STATES Tel: +1 888 212 3539 (US TOLL FREE)Website:https://www.reportocean.com/

Read the original here:
Encryption Software Market Global Industry Research Analysis & Forecast 2022 to 2030 Muleskinner - Muleskinner

Kingston Ironkey Locker+ 50 (LP50) Hardware Encrypted USB Review Affordable and easy to use – Mighty Gadget

Sharing is caring!

Kingston Ironkey Locker+ 50 (LP50) Review Rating

Summary

I think the Kingston Ironkey LP50 is an excellent choice for anyone looking for a good level of data security that is both affordable and user-friendly.

Pros

Cons

The new Kingston Ironkey Locker+ 50 USB drive is an affordable, secure drive that is a little bit different from all the other encrypted secure drives I have reviewed in the past.

There is no FIPs certification, nor is there any physical security. All the security is built around the hardware encryption built into the drive.

For users wanting a higher degree of security and more storage while still being easy to use, the Kingston IronKey Vault Privacy 80 External SSD is an excellent option.

I doubt this will appeal to the enterprise market, but it is probably the most attractive solutions for home users and small businesses that want to secure important files.

This is one of the easiest drives I have used for setup and management. That is because there is no physical security on the drive itself.

You plug it in, then Windows recognises it has a DVD drive, and from here, you can run the IronKey application.

The first run will guide you through the set up process, and once this is complete, it will load up the drive contents.

For input, you can optionally use the Virtual keyboard to avoid the risks of keyloggers.

The LP50 comes with a licence for ClevX USBtoCloud, which is a useful little application that you should use with caution.

Basically, it will back up the contents of the USB drive to your chosen cloud provider. However, there is no encryption applied beyond that which the provider applies themselves.

On the one hand, this is convenient. If you forget your password and need to reset the USB, you still have your important data.

But, a lot of people dont trust cloud services with sensitive data and would prefer to upload an encrypted file. Therefore, if that service does get hacked, then the data is secured. This is not an unreasonable security concern either; there are plenty of cases where people have had their Google accounts hacked. Even if you have 2FA enabled, SIM swap attacks are quite common and relatively easy to carry out.

For less sensitive data, this is probably not an issue. If you are travelling with work data, it is nice to know you have the data secured on the physical drive in the event you lose it.

Setting up ClevX USBtoCloud is easy. The app automatically loads the setup screen when you first log into the drive. I set it up with Google Drive and just had to authenticate my account via the browser.

Backups are done in the background and quickly.

When I started reviewing this drive, the immediate question that popped up in my head was, why not just use encryption software on a USB drive?

This is a perfectly viable option, and for anyone wanting to save money, this is well worth doing.

However, I decided to set up a VeraCrypt partition on a USB drive, and it is just not as user-friendly as the LP50. There are quite a lot of options to choose from, which is good for some but not so good for someone with limited computer knowledge. You can encrypt an entire drive, but you can have encrypted volumes. I think this could be one of the downfalls of some less competent users. It would be easy to end up creating an encrypted volume and then putting data on the none encrypted part of the drive.

The basic setup also process takes some time, and formatting the new encrypted volume takes several minutes. Again, not an issue for people like myself that are into IT, but plenty of other wants a thing that just works out of the box.

There is not much to write about performance; it is just a USB drive. But, I think it is worth highlighting how easy this is to use. You plug it in, the login dialogue opens, you type in your password, and the drive unlocks.

Performance is good, much better than the FIPS-certified USB drives you get. The drive also exceeds the quoted speeds from Kingston.

The Kingston IronKey Locker+ 50 is available from Amazon via the product boxes below. At the time of writing, it is a touch more expensive than Insight but with free delivery.

Insight Direct appear to be the official partner for Kingston. The prices are lower, but they charge 7 for delivery, so it will work out to be more expensive for individual products.

In comparison, if you went with a FIPS 197 certified 16GB iStorage datAshur Personal2, you would be paying almost double at 60.

This is the first time I have used a secure drive like this, and I quite like it. There are two big selling points, the price and the ease of use. It should also read/write faster than most of the pin-secured drives.

Plugging this in and typing out my password is just much more convenient than trying to press tiny keys on a USB. For a small business owner and homes user such as myself, I dont really have any files sensitive enough to require FIPS 140 or 197 certified drives.

The logical counterargument for this drive would be that you can use VeraCrypt to encrypt your data on any thumb drive achieving the same functionality for much less. The Kingston DataTraveler Exodia is just 6 for a 64GB model. However, that is a little less user-friendly, and I have a strong belief that anything not user-friendly is bad for data security.

Therefore, I think the Kingston Ironkey LP50 is an excellent choice for anyone looking for a good level of data security that is both affordable and user-friendly.

Last update on 2022-09-05 / Affiliate links / Images from Amazon Product Advertising API

Originally posted here:
Kingston Ironkey Locker+ 50 (LP50) Hardware Encrypted USB Review Affordable and easy to use - Mighty Gadget

New ransomware hits Windows, Linux servers of Chile govt agency – BleepingComputer

Chile's national computer security and incident response team (CSIRT) has announced that a ransomware attackhas impacted operations and online services of a government agency in the country.

The attack startedon Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.

The hackersstopped all running virtual machines and encrypted their files, appending the ".crypt" filename extension.

"The ransomware would use the NTRUEncrypt public key encryption algorithm, targeting log files (.log), executable files (.exe), dynamic library files (.dll), swap files (.vswp), virtual disks (. vmdk), snapshot (.vmsn) files, and virtual machine memory (.vmem) files, among others," -Chile CSIRT

According to CSIRT, the malware used in this attack also had functions forstealing credentials from web browsers, list removabledevices for encryption, and evade antivirus detection using execution timeouts.

In typical double-extortion fashion, the intruders offered Chile'sCSIRT a communication channel to negotiate the payment of a ransom that would prevent leaking the files and unlock the encrypted data.

The attacker set a three-day deadline and threatened to sell the stolen data to other cybercriminalson the dark web.

Chile's CSIRTannouncement doesn't name the ransomware group is responsible for the attack, nor does it provide sufficient details that woul lead to identifying the malware.

The extension appended to the encrypted files does not offer any hint because it has been used by multiple threat actors.

While the little information Chile's CSIRTprovided on the behavior of the malware points to'RedAlert' ransomware (aka "N13V"), an operation launched in July 2022, technical details suggest otherwise.

RedAlert ransomwareusedthe ".crypt" extension in attacks, targets both Windows servers and Linux VMWare ESXi machines, is capable to force-stop all running VMs prior to encryption, and uses the NTRUEncrypt public-key encryption algorithm.

However, the indicators of compromise (IoCs) in Chile's CSIRT announcement are either associated with Contior are return an inconclusive result when fed to automated analysis systems.

Conti has been previously linked to attacks on entire nations, such as the one onCosta Ricain July 2022, which took five days from gaining initial access to stealing and encrypting the systems.

Chilean threat analyst Germn Fernndeztold BleepingComputer that the strain appears to be entirely new, and the researchers he talked to couldn't associate the malware with known families.

Fernandez also commented that the ransom note wasn't generated during the infection, a detail that BleepingComputercan confirm. The researcher said that the note was delivered before deploying the file-locking malware.

"One particular thing about the attack, is that the threat actors distributed the ransom note at a previous stage to the deployment of the ransomware as the final payload, possibly for evasion issues or to avoid having their contact details leaked when sharing the final sample." -Germn Fernndez

BleepingComputerwas able to analyze multiple samples of the malware used for the attack and retrieved a ransom note named 'readme_for_unlock.txt', seen below:

All ransom notes that BleepingComputer has seen when analyzing this ransomware strain includea link to a unique website in the Tor network along with a password to log in.

As far as we've seen a data leak site for this ransomware does not exist, yet. The Tor site is for showing a message box where victims can contact the hackers.

Accessing the above communication channel requires a password, which is included in the ransom note.

The malware configures itself to launch on Windows login and uses the name SecurityUpdateat startup.

From what BleepingComputer could learn so far about this ransomware, this is a new operation that launched at the beginning of August.

Chile's cybersecurity organization recommends all state entities as well as large private organizations in the country to apply the following measures:

Chile CSIRT has provided a set of indicators of compromise for files used in the attackthat defenders can use to protect their organizations.

Read more from the original source:
New ransomware hits Windows, Linux servers of Chile govt agency - BleepingComputer

Everything You Need to Know About SD-WAN – Spiceworks News and Insights

Software-defined WAN or SD-WAN is a virtual wide area network (WAN) that relies on software technologies like internet-based communication tunnels, software-driven network encryption, firewall software, etc. to operate a mid-sized to large-scale computer network spread across locations. This article explains how SD-WAN works, its benefits, and the best SD-WAN solutions in the market.

Software-defined WAN or SD-WAN is defined as a virtual wide area network (WAN) that relies on software technologies like internet-based communication tunnels, software-driven network encryption, firewall software, etc. to operate a mid-sized to large-scale computer network spread across locations.

A software-defined wide area network (SD-WAN) uses software-defined technology and infrastructure. SD-WAN dissociates the networking hardware from the control mechanism and thus streamlines the WANs operation and management. Organizations that use SD-WAN solutions can build higher-performance WANs using inexpensive internet and at significantly lower costs than private WAN connection technologies such as multiprotocol label switching (MPLS).

SD-WAN solutions make it easier for organizations to manage firewalls and routers, upgrade software and firmware, virtual private networks (VPN), and remote clients through a centralized management interface. The centralized management control is used to securely and efficiently route traffic across the WAN directly to trusted providers such as software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS). It also minimizes labor costs by cutting maintenance costs and lowers the cost of equipment.

During the early years, WANs required backhauling of all traffic from branch offices to a data center where they applied advanced security services. Traffic between the source and data centers was based on complex routing protocols such as transmission control protocol (TCP/IP) addresses and control list tables.

Ultimately, it leads to delays resulting in poor application performance, user experience, and huge costs due to expensive bandwidths. Users also had to incur expenses to install MPLS routers at each location. Performing upgrades on firmware or software took longer times due to network complexities. The network architecture was also not optimized for cloud infrastructure. The limitations of traditional WANs drove the change to a better SD-WAN technology that replaced MPLS.

SD-WAN is deployed in an organized way in branch offices and data centers. It is optimized for cloud infrastructure and associates cloud technology with mobile computing. It separates the data plane and control plane of the network. It has a centralized management interface where traffic is managed and monitored. It has a single management portal which reduces complexities and makes it easier to track applications, thus improving performance and operational efficiencies.

By providing lower-cost infrastructure and transport costs, an organization can save. SD-WAN provides end-to-end encryption over the entire network, providing secure connections to its users. Additionally, SD-WAN can prioritize traffic on business-critical applications and route it through the most efficient pathway.

See More: How Does an Edge Network Work and What Does Its Future Hold? AT&Ts Theresa Lanowitz Answers

The main objective of SD-WAN is to connect end-users and the applications, notwithstanding the location of these end-users. SD-WAN drives traffic as per the business requirements of the application. These business requirements vary from the priority of the application to must-enforced security policies or application performance required. Usually, critical mission applications are given the highest priority. The networking approach may vary from MPLS to broadband to 4G LTE.

The SD-WAN architecture separates the control and management functions, applications, and WAN transport services. It has a centralized control plane that stores and manages all the data on the traffic and applications. The centralized control plane monitors and adapts traffic to suit the application demand and delivers the optimum experience.

The following are features of SD-WAN that users should consider before choosing an SD-WAN solution model:

See More: How To Make Networks Ready for Cloud-First Era With SD-WAN

SD-WAN allows organizations and small businesses to securely connect their users to applications by taking advantage of any combination of network services. When choosing the right SD-WAN solution providers, users should consider factors such as security, price, availability of hybrid wide area network (WAN) solutions, and the ease at which they can be deployed. The top 10 SD-WAN solutions include:

Powered by Meraki, Cisco SD-WAN is a scalable, programmable, and open solution that allows users to connect to any application. It offers control, visibility, and real-time analytics to its users. Cisco SD-WAN offers cloud management services and it can also be deployed on-premise. It is integrated with capabilities that allow it to perform optimization of applications, unified communications, multi-cloud services, and security.

Fortinet FortiGate provides a secure networking approach that combines SD-WAN, advanced routing, and next-generation firewall (NGFW) to promote consistent security and network policies and reduce operational costs through automation, self-healing, and deep analytics. This also simplifies wide-area network (WAN) architecture by accelerating network and security convergence. Fortinet FortiGate SD-WAN offers improved multi-cloud application performance through multi-path control, application steering and identification.

Oracle SD-WAN provides users with simplified WAN management services such as SD-WAN, firewall, routing, and WAN optimization. It provides users with high bandwidth and inexpensive internet connections and delivers easy-to-deploy and manages the network. Oracle SD-WAN offers its users reliable, quality, flexible and secure services. With its high availability, users can enjoy faster applications and better networks. It also allows for safer migrations of applications into the public cloud.

Citrix SD-WAN combines cloud-delivered and comprehensive security with SD-WAN, analytics, and secure internet access. It has strong security at the WAN Edge, providing complete protection against all threats. Its Citrix cloud on-ramps feature provides flexible on-ramp options for any cloud access that simplifies multi-cloud transition. Citrix SD-WAN reduces network costs and increases agility.

CenturyLink SD-WAN unifies network management across different network types, creating an agile and responsive wide area network. It enables users access to bandwidth to leverage broadband connections for bandwidth-intensive applications. It provides users with data analytics and reports while offering performance-based application routing. CenturyLink SD-WAN offers a reliable solution that allows users to reduce operating costs for equipment and staff.

Wanify has partnered with VeloCloud to deliver VeloCloud SD-WAN. It manages end-to-end processes and improves network performances by combining multiple connections for its users. It supports network agility and application growth by offering optimized access to cloud applications and data centers. It routes application traffic through efficient routes after gauging the real-time performance of the network. Wanify SD-WAN provides customer support and offers a secure and customizable solution for its clients. It also manages carriers for its users.

See More: What Is a Mesh Network? Meaning, Types Working, and Applications in 2022

Palo Alto Networks offer SD-WAN services through Prisma. It provides networking and security in a single platform. It enables app-defined policies for SD-WAN that eliminate network problems, increase bandwidth, and simplify management for its users. Palo Alto Networks Prims SD-WAN allows users superb control and connection options along with supporting machine learning and automation. It also provides users with router modernization and cloud migration.

Exinda SD-WAN provides businesses with a stable, secure, reliable, and cost-effective solution. It combines and manages up to 12 internet kinds of transport from local service providers. The Exinda SD-WAN network router monitors, detects, and adapts to fluctuations from internet service providers and also monitors traffic changes. It automatically solves network problems, thus avoiding interruptions to internet services and applications.

It allows users to add bandwidths to their networks when they need to increase network capacities. Integrating Exinda SD-WAN and Exinda network orchestrator enhances the ability to accelerate applications to better performance.

Masergy SD-WAN leverages its secure edge network with built-in Fortinet security. It provides clients with end-to-end visibilities and uses artificial intelligence for IT operations (AIOps) to analyze networks and make recommendations to improve reliability. It uses AIOps and shadows IT discovery tools to build overlays to fit networks. It customizes rules to meet network and application requirements. Masergy SD-WAN allows for co-managing with its users to streamline inefficiencies.

Aryaka SD-WAN has a built-in WAN optimization that guarantees application performance for this feature-rich platform. Aryaka SD-WAN service doesnt need the installation of complex appliances or network management software as it is a remote-based cloud system. Users can connect to it through virtual private networks (VPN). Aryaka SD-WAN provides insightful analytics in a secure platform that offers a multi-cloud networking service. It provides reliable throughput, real-time visibility, and single-day deployments for new technology.

See More: What Is Network Management? Definition, Key Components, and Best Practices

The global software-defined wide area network (SD-WAN) market size is expected to increase exponentially from $1.9 billion in 2020 to $8.4 billion by 2025. This figure represents a compound annual growth rate (CGAR) of 34.5%, as per research by MarketsAndMarkets. These figures express an increasing appetite for SD-WAN solutions from enterprises due to a slew of business benefits. These include:

In the recent past, business enterprises and other organizations have embraced advanced technologies to gain an edge against their competitors in the market. However, its adoption has brought on its fair share of problems in the form of cybercrimes.

Most SD-WAN solutions offer basic built-in security features like firewall and VPN functions that improve security for their users. Additionally, users looking for advanced security features can look for SD-WAN solutions offering features to prevent data loss, downtime, and legal liabilities. Popular SD_WAN solutions include next-generation firewalls (NGFW), intrusion prevention systems (IPS), encryption, and sandboxing capabilities.

Users can configure SD-WAN to steer their business traffic through the most efficient route by prioritizing real-time services such as voice over internet protocol (VoIP) and business-critical traffic. SD-WAN, through its flexibility, allows users to vary bandwidth access via any local internet provider to promote increment in speeds to match real-time demand. Varying bandwidth using deduplication and compression also helps in reducing the total cost of ownership (TCO).

SD-WAN allows for bandwidth capacity to be scaled up or down through the direct addition of internet broadband connectivity. A single logical link can be formed when multiple WAN service types, such as direct internet or private multiprotocol label switching (MPLS), are bonded together.

Other optimization techniques that SD-WAN employs to improve network agility include data de-deduplication, data compression, and secure sockets layer (SSL).

According to a 2018 forecast survey by IDC Research, up to two-thirds of respondents expect to save 5-19%, while a quarter expect upwards of 39% savings when using SD-WAN technologies. SD-WAN technology allows for self-managed procedures and automation, which enables organizations to reduce the number of external IT experts required to carry out periodic tests and maintenance, thereby proving to be cost-effective.

SD-WAN aggregates multiple direct-to-internet (DIA) lines for WAN connectivity, thus reducing the overall cost for bandwidth as it requires less network hardware. Organizations can also easily set up new branches online at any location at less time and cost.

As small businesses use more technology solutions such as local, edge, and cloud-based applications, network complexity becomes a common problem. This is due to competition for limited bandwidth, which leads to poor network performance. It might also necessitate hiring more IT specialists on-site to manage local IT infrastructure, leading to increased costs. SD-WAN provides a solution through monitoring and alerting the performance of different data types to ensure enough bandwidth is allocated. Users can configure SD-WAN to prioritize critical traffic through the most efficient path to its destination to improve performance.

SD-WAN is usually managed through a centralized management interface that monitors it and manages traffic. From a single management portal, paths to applications are allocated according to criticality, new sites are provisioned, software and firmware upgrades are performed, and users can flex bandwidth from this point. Using a centralized management plan helps to reduce complexity and makes it easier to track applications and their performances from a single zone.

See More: What Is Network Hardware? Definition, Architecture, Challenges, and Best Practices

Organizations are gradually adopting cloud-based services. SD-WAN enables users to access the cloud remotely without burdening the core network with additional traffic to manage and secure. This may promote cost savings for organizations looking to cut down on office space, equipment and rent as employees can work remotely. The need for additional IT experts to manage and secure data traffic is also minimized.

SD-WAN solutions improve cloud applications performance by emphasizing business-critical applications and allowing them to communicate directly to the internet. SD-WAN guarantees quality and optimizes data, followed by directing network traffic along the most efficient routes.

Even with the gradual increase in the popularity of cloud-based resources, organizations still have to wait for weeks or months to set up new WAN circuits or managed service providers (MSPs). A fully managed cloud-first WAN service could offer cloud-based network offerings comparable with other cloud services through orchestration and automation.

This feature would promote quick turn-up of newer locations globally and services bolstering enterprise flexibility. It would also facilitate troubleshooting and increase the visibility of enterprises.

SD-WAN technologies offer predictive analytics enabling IT specialists to navigate potential outages and mitigate any other potential issues. SD-WAN monitors the system in real time and provides data analytics to determine and predict any problems. This ability helps to reduce resolution time for organizational IT troubleshooting, lowering TCO, and maintaining peak performances at all times. This leads to increased productivity in organizations and decreasing costs, as IT experts are not always required to be on-premises. In case a problem arises, they can quickly identify and fix the issue.

See More: How to Get SD-WAN Security Right?

Software-defined wide area network is a crucial enabler for enterprise digital transformation. It is highly extensible so it can integrate new-age security technologies like SASE with existing network infrastructure. It can also simplify IT operations by paving the way for AIOps alongside network management. Thats why it is vital to understand the working and potential benefits of SD-WAN to prepare for your adoption journey.

Did this article fully inform you about the role of SD-WAN in a modern enterprise? Tell us on Facebook, Twitter, and LinkedIn. Wed love to hear from you!

Follow this link:
Everything You Need to Know About SD-WAN - Spiceworks News and Insights

Don’t Wait: Get Into the Encryption Habit Now – Williston Daily Herald

Country

United States of AmericaUS Virgin IslandsUnited States Minor Outlying IslandsCanadaMexico, United Mexican StatesBahamas, Commonwealth of theCuba, Republic ofDominican RepublicHaiti, Republic ofJamaicaAfghanistanAlbania, People's Socialist Republic ofAlgeria, People's Democratic Republic ofAmerican SamoaAndorra, Principality ofAngola, Republic ofAnguillaAntarctica (the territory South of 60 deg S)Antigua and BarbudaArgentina, Argentine RepublicArmeniaArubaAustralia, Commonwealth ofAustria, Republic ofAzerbaijan, Republic ofBahrain, Kingdom ofBangladesh, People's Republic ofBarbadosBelarusBelgium, Kingdom ofBelizeBenin, People's Republic ofBermudaBhutan, Kingdom ofBolivia, Republic ofBosnia and HerzegovinaBotswana, Republic ofBouvet Island (Bouvetoya)Brazil, Federative Republic ofBritish Indian Ocean Territory (Chagos Archipelago)British Virgin IslandsBrunei DarussalamBulgaria, People's Republic ofBurkina FasoBurundi, Republic ofCambodia, Kingdom ofCameroon, United Republic ofCape Verde, Republic ofCayman IslandsCentral African RepublicChad, Republic ofChile, Republic ofChina, People's Republic ofChristmas IslandCocos (Keeling) IslandsColombia, Republic ofComoros, Union of theCongo, Democratic Republic ofCongo, People's Republic ofCook IslandsCosta Rica, Republic ofCote D'Ivoire, Ivory Coast, Republic of theCyprus, Republic ofCzech RepublicDenmark, Kingdom ofDjibouti, Republic ofDominica, Commonwealth ofEcuador, Republic ofEgypt, Arab Republic ofEl Salvador, Republic ofEquatorial Guinea, Republic ofEritreaEstoniaEthiopiaFaeroe IslandsFalkland Islands (Malvinas)Fiji, Republic of the Fiji IslandsFinland, Republic ofFrance, French RepublicFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabon, Gabonese RepublicGambia, Republic of theGeorgiaGermanyGhana, Republic ofGibraltarGreece, Hellenic RepublicGreenlandGrenadaGuadaloupeGuamGuatemala, Republic ofGuinea, RevolutionaryPeople's Rep'c ofGuinea-Bissau, Republic ofGuyana, Republic ofHeard and McDonald IslandsHoly See (Vatican City State)Honduras, Republic ofHong Kong, Special Administrative Region of ChinaHrvatska (Croatia)Hungary, Hungarian People's RepublicIceland, Republic ofIndia, Republic ofIndonesia, Republic ofIran, Islamic Republic ofIraq, Republic ofIrelandIsrael, State ofItaly, Italian RepublicJapanJordan, Hashemite Kingdom ofKazakhstan, Republic ofKenya, Republic ofKiribati, Republic ofKorea, Democratic People's Republic ofKorea, Republic ofKuwait, State ofKyrgyz RepublicLao People's Democratic RepublicLatviaLebanon, Lebanese RepublicLesotho, Kingdom ofLiberia, Republic ofLibyan Arab JamahiriyaLiechtenstein, Principality ofLithuaniaLuxembourg, Grand Duchy ofMacao, Special Administrative Region of ChinaMacedonia, the former Yugoslav Republic ofMadagascar, Republic ofMalawi, Republic ofMalaysiaMaldives, Republic ofMali, Republic ofMalta, Republic ofMarshall IslandsMartiniqueMauritania, Islamic Republic ofMauritiusMayotteMicronesia, Federated States ofMoldova, Republic ofMonaco, Principality ofMongolia, Mongolian People's RepublicMontserratMorocco, Kingdom ofMozambique, People's Republic ofMyanmarNamibiaNauru, Republic ofNepal, Kingdom ofNetherlands AntillesNetherlands, Kingdom of theNew CaledoniaNew ZealandNicaragua, Republic ofNiger, Republic of theNigeria, Federal Republic ofNiue, Republic ofNorfolk IslandNorthern Mariana IslandsNorway, Kingdom ofOman, Sultanate ofPakistan, Islamic Republic ofPalauPalestinian Territory, OccupiedPanama, Republic ofPapua New GuineaParaguay, Republic ofPeru, Republic ofPhilippines, Republic of thePitcairn IslandPoland, Polish People's RepublicPortugal, Portuguese RepublicPuerto RicoQatar, State ofReunionRomania, Socialist Republic ofRussian FederationRwanda, Rwandese RepublicSamoa, Independent State ofSan Marino, Republic ofSao Tome and Principe, Democratic Republic ofSaudi Arabia, Kingdom ofSenegal, Republic ofSerbia and MontenegroSeychelles, Republic ofSierra Leone, Republic ofSingapore, Republic ofSlovakia (Slovak Republic)SloveniaSolomon IslandsSomalia, Somali RepublicSouth Africa, Republic ofSouth Georgia and the South Sandwich IslandsSpain, Spanish StateSri Lanka, Democratic Socialist Republic ofSt. HelenaSt. Kitts and NevisSt. LuciaSt. Pierre and MiquelonSt. Vincent and the GrenadinesSudan, Democratic Republic of theSuriname, Republic ofSvalbard & Jan Mayen IslandsSwaziland, Kingdom ofSweden, Kingdom ofSwitzerland, Swiss ConfederationSyrian Arab RepublicTaiwan, Province of ChinaTajikistanTanzania, United Republic ofThailand, Kingdom ofTimor-Leste, Democratic Republic ofTogo, Togolese RepublicTokelau (Tokelau Islands)Tonga, Kingdom ofTrinidad and Tobago, Republic ofTunisia, Republic ofTurkey, Republic ofTurkmenistanTurks and Caicos IslandsTuvaluUganda, Republic ofUkraineUnited Arab EmiratesUnited Kingdom of Great Britain & N. IrelandUruguay, Eastern Republic ofUzbekistanVanuatuVenezuela, Bolivarian Republic ofViet Nam, Socialist Republic ofWallis and Futuna IslandsWestern SaharaYemenZambia, Republic ofZimbabwe

Originally posted here:
Don't Wait: Get Into the Encryption Habit Now - Williston Daily Herald