Security Basics mailing list archives
Re: Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?
From: michal () bartkowiak biz
Date: 25 Jun 2006 09:04:18 -0000
Hmm what if bad guys remove your hard drive to bypass power-on passwords and then replace unencrypted kernel with theirs one? Is it safe to trust userland applications (for integrity checking) if someone can play with syscalls etc? I guess NOT. That kind of integrity checking can be useful only when is made on "cold disk" from another system and different media. I think that all unencrypted data needed for system bootup shold be on usb flash drive (for example) and used only during system start-up. Ofcourse now you should care about physical secuirty of this external media. Plus you get two factor authentication. It's important since we are talking about mobile devices that are used in random places and it could be easier for bad guys to get your passphrase by spying on you. Michal --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?, (continued)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Sadler, Connie (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Bryan S. Sampsel (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Dave Patterson (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Brian Daniel Beck (Jun 13)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Robertson, Seth (JSC-IM) (Jun 14)
- Re: Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? michal (Jun 26)