Security Basics mailing list archives
RE: The VA Stolen Laptop - Lessons Learned
From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Thu, 14 Sep 2006 17:35:27 -0400
If the laptop is stolen, and off the network when you disable the account, how the heck do you think the fact the account has been disabled reaches the laptop? "encrypt it as the roaming profile"? The roaming profile is very specific files. If you're talking about using EFS, you have other concerns as well. If you encrypt a user's profile with EFS, the key would have to be on the machine or the user couldn't get to their profile off the network. If the key is left on the machine, then anyone with physical access to the machine can reset the admin password, login as the admin, and grab the user's key and get to the files. The encryption used should be something other than EFS, and should be on a directory outside the profile (so copies aren't flung onto the user's network share). Basically, the users should be trained, and the plan should be created by someone who knows what they are doing, and people should stop pointing fingers when something goes wrong, and instead address the issues. Good slam on the Prez, BTW, both pertinent and relevant, and about as thoughtfully consistent as the rest of your rant. -Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Isaac Van Name Sent: Thursday, September 14, 2006 8:18 AM To: 'evb'; security-basics () securityfocus com Subject: RE: The VA Stolen Laptop - Lessons Learned Bush hasn't defined "data"... he can't define anything because he's a moron. Does data include OS files, log files, cab files, drivers, etc.? IMO, no. None of it. Screw the OS and its files; those things don't count as "sensitive data". Okay, so there's the argument that "these things can be used for a compromise". Really, I don't see why someone can't just use a roaming profile and a VPN connection on the laptop to connect to their workplace and, anytime sensitive data like that is put on a laptop, encrypt it as the roaming profile and set the file rights to only allow that roaming profile to access it. That way, when the laptop is stolen, just disable the roaming account... that should protect the encrypted files for long enough for the laptop to be recovered. True, this is more work, but then, isn't proper security just making your everyday tasks take longer? Of course, this is all said with a cup of coffee in one head and my hungover head in the other, so please feel free to correct me. As it seems to me, though, I think you have to plan out system security before you implement file security... otherwise, you're just playing smoke and mirrors. Isaac Van Name Network Assistant / Programmer Southerland, inc. ivanname () southerlandsleep com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of evb Sent: Wednesday, September 13, 2006 3:47 PM To: security-basics () securityfocus com Subject: RE: The VA Stolen Laptop - Lessons Learned :1. Encrypt all data on mobile computers/devices which carry :agency data unless the data is determined to be non-sensitive, :in writing, by your Deputy Secretary or an individual he/she :may designate in writing : And does "data" include operating system files, log files, cab files, drivers, etc., or does it only include eg xls, doc, pdf and wpd files, etc.? How has Bush defined "data"? Thx, Eric ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: The VA Stolen Laptop - Lessons Learned, (continued)
- RE: The VA Stolen Laptop - Lessons Learned Clement Dupuis (Sep 20)
- Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 20)
- Re: The VA Stolen Laptop - Lessons Learned intel96 (Sep 20)
- Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 21)
- RE: The VA Stolen Laptop - Lessons Learned Pranav Lal (Sep 25)
- Re: The VA Stolen Laptop - Lessons Learned MandommGmail (Sep 19)
- RE: The VA Stolen Laptop - Lessons Learned Isaac Van Name (Sep 15)