|
Posted by WB Randolph on November 18, 2006, 8:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I saw a story at net-security.org describing why current security
solutions might be unable to prevent data theft. It describes why
application password protection, disk encryption, file encryption, etc.
fail to prevent data theft so I submitted it here:
http://www.digg.com/security/Why_Current_Security_Solutions_Fail_To_Prevent_Data_Theft
Googling about the story, I found this Flash video showing how password
protected Palm Treo 700p smartphone contacts can be exposed on a PC
running Palm Desktop, disk encryption, firewall, antivirus, etc.:
http://www.innersafe.com/demos/palm_desktop_insecure/index.html
It seems the situation is worse than the story (which doesn't even
mention keylogging):
1. disk encryption doesn't help while the disk is mounted (which can be
hours while we're online & using the disk)
2. file encryption requires decrypting to disk which can leave
sensitive data on disk even after the file is re-encrypted again (seems
NTFS and some thumb drives don't always overwrite files.)
3. keylogging software can pretty much steal passwords or file content
before it is encrypted which makes #1 and #2 worse
4. firewalls are vulnerable to insiders with physical access to PC's
and open ports people need to access the web or email.
5. antivirus and antispyware don't detect 100% of malware, require
signature updates, and doesn't address the fact a thief can use
uninfected programs for data theft.
6. password recovery tools can instantly extract passwords or reset
passwords of many popular file formats like Microsoft Outlook 2003 .PST
files.
7. When using EFS (Encrypted File System), "a file's original
unencrypted file data is left on the disk after a new encrypted version
of the file is created." according to Microsoft at
http://www.microsoft.com/technet/sysinternals/utilities/SDelete.mspx
Besides the "don't run Microsoft Windows" or "don't store sensitive
data on PC's" type of advice, what can be done to secure sensitive data
on a PC?
What do you use today to secure your data? I know keypass and
truecrypt are free & popular, but is there anything better?
Is computer security even possible without spending a fortune?
|
|
Posted by Jim Watt on November 19, 2006, 3:52 am
If you were Registered and logged in, you could reply and use other advanced thread options
wrote:
>Is computer security even possible without spending a fortune?
Shortly after the invention of the safe, the safecracker
came into being. Its the same with computer security
whatever measures are devised, someone will come up with
a countermeasure.
Security is about building a wall around assets, how high
the wall is and what its topping and alarm system is
depends on the nature of the asset protected and the
threat analysis.
Computer security uses physical protection as the first
layer to address the threat, if someone can steal the
system it deprives the user of it and allows access to
the hardware. Thats why laptops are vunerable because
they are not locked away in a secure room.
The bottom line is that security aims to make it difficult
for the unauthorised user, whilst not making it impossible
for the genuine user.
How much you need to spend depends on what you need to
protect. You do not need a steel box encased in rock
for your holiday pictures, unless you lead a particularly
interesting life.
--
Jim Watt
http://www.gibnet.com
|
| Similar Threads | Posted | | HACKER FOUND GUILTY IN MASSIVE DATA THEFT CASE | August 18, 2005, 1:00 pm |
| DJ euro adhoc: ComputerLinks AG / Mergers - Acquisitions - Takeovers / CSS Computer Security Solutions Erwerbs GmbH ... (Financial.de) | September 6, 2008, 1:09 pm |
| Current status of web-based secure email? | October 7, 2006, 9:35 pm |
| Hackers fail to break into Via's StrongBox | October 2, 2005, 1:57 am |
| data security | January 13, 2006, 1:52 pm |
| inoculating against 180 solutions, etc | February 9, 2006, 8:16 pm |
| solutions for storing passwords on a computer | November 4, 2005, 9:03 am |
| Cost Effective Privacy Solutions | May 12, 2007, 7:39 am |
| Payment Card Industry Data Security Standard | June 28, 2005, 1:12 pm |
| ANN: New Book: Machine learning and data mining for computer security | February 11, 2006, 5:27 pm |
|
XML site map