I was reading a great article this morning written by Dr. Eric Cole titled "The Secrets of Laptop Encryption." I think that the article is a great place to start if you are trying to bring yourself up to speed on encryption and how it works. Also, it discusses some of the caveats of encryption and where some of the pitfalls (in what I call encryption confidence) can get you burned.
One example of encryption confidence that Dr. Cole produced was of an executive that lost a briefcase with an encrypted laptop inside. Initially the security team at the executive's organization was happy to dismiss the lost device because they had the foresight to encrypt the hard drive. But then they discovered that a PDA was also in the briefcase, unencrypted, with the same passwords that the executive used on his laptop. Thus the PDA became a potential threat vector for the data on his laptop.
Most organizations do not see the PDA as a high enough threat to warrant attention at this phase of the game. The truth is, while you are encrypting one device, you might as well encrypt all points that might easily be compromised for its password or the data on the device itself.
So, I really did enjoy Dr. Cole's article and highly suggest you check it out BUT there is something I would like to point out.
Near the end of the article under the heading of "Scope of Needed Protection", Dr. Cole writes of the dangers presented by Live CDs.
If you're unaware of what a live cd is, then you should take a look at BartPE, WinPE, Backtrack, Knoppix, and DSL. There are also other tools that you can boot to and change passwords, such as EBCD. Live CDs can be a lifesaver for an admin or general user. These tools allow you to reset passwords, change passwords, edit the registry, copy files, etc. In a word, invaluable. However, these actions by a person trying to help can also be duplicated by someone trying to gain unauthorized access to your hard drive. Typical examples include when an attacker boots to a Backtrack CD then attempts to run L0phtcrack/Cain and Able/John the Ripper/Ophtcrack against your SAM or runs your hard drive as a secondary and views your documents from their primary boot drive.
With a fully encrypted hard drive this is not possible without a module that plugs into a livecd and allows you to authenticate to the hard drive. Utimaco provides a BartPE/WinPE plugin that allows an admin to authenticate via BartPE to their SafeGuard Easy product. This gives owners of SafeGuard Easy the ability to boot from BartPE but still requires them to enter the username and password so it can authenticate and allow the hard drive's data to be viewed.
It is important to note how vulnerable a laptop is to an attacker that boots your computer from anything other than your hard drive. It can mean serious trouble unless you have a full disk encryption product. If you have your data encrypted, it doesn't mean you can stop worrying, it just means you can worry about something else.
Michael Mongold
Technorati tags: Michae l Mongold, Technology Security, data Encryption, Dr. Eric Cole, L0phtcrack, Cain and Able, John the Ripper, Ophtcrack, SAM, Utimaco, SafeGuard Easy, LiveCD, EBCD, BartPE, WinPE, Knoppix, DSL, Backtrack, encryption confidence
Hi, Michael.
WinMagic also has a great encryption soltuion for PDA's called SecureDoc Mobile that supports Mobile 5.
You should give it a try. The product is based on the wildly successful AES 256 bit encryption engine of its enterpise product that is the only product to be approved by the NSA to protect SECRET level sensitive data.
Regards,
Joseph
Posted by: Joseph Belsanti | April 12, 2007 at 03:54 AM