RE: How to Test HDD Encryption

[jfvanmeter () comcast net]

true, we can say the same for FDE, once the OS is mount, those file are all open. 

As for malware, virus and exploits O'my.... hopefully the workstation is patched, and running a current anti-virus, 
anti-spyware/malware scanner.... Ipatch management has to be part of the over all security picture, or your right it 
really doesn't matter... none of it FDE or File based encryption

Personnel if I was going after file, I would do a little social engineering to again access to the workstation.  

"You can catch more flies with honey than with vinegar."

Take Care and Have Fun --john

 -------------- Original message ----------------------
From: Eric White <ewhite () ssc wisc edu>

--- Begin Message --- From: Eric White <ewhite () ssc wisc edu>
Date: Tue, 13 Nov 2007 18:28:22 +0000

Hello,

So under this scenario you're thinking about application or OS level
exploits that would give the bad guys access to files that should be off
limits, right?

When I think about this situation, I wonder how much file based encryption
truly helps.  If the OS or an application can be exploited, it's possible
malware will be installed as part of this exploit.  If that malware captures
the credentials needed to decrypt these files, then the attacker wins.

If ACLs are incorrect or breached through less nefarious means, then yes,
less sophisticated attackers are kept at bay by file level encryption, but
does it really stop the pros?  I worry that an attacker who has access to
your machine or network while it's live would have the means to capture the
credentials necessary for decryption.  

Thanks,

Eric

--
---------------------------------------------------------------
Eric White                           


-----Original Message-----
From: jfvanmeter () comcast net [mailto:jfvanmeter () comcast net] 
Sent: Tuesday, November 13, 2007 12:12 PM
To: Eric White; infosecofficer () gmail com; security-basics () securityfocus com
Subject: RE: How to Test HDD Encryption

encrypting file can be based on the user's password or a certificate, this
adds an addational layer of security after the OS is load.

If I'm a malicous person that is trying to steal your files ..... I now have
to get pass the FDE, ACLs on the file system, then the file based
encryption. I believe like electrical current, malicous people take the path
of less resistance, so if the target has extra security controls it would
make there task harder.

Again this is jusy my two shiny centavos, and somedays there not all that
shiny.

--John

 -------------- Original message ----------------------
From: Eric White <ewhite () ssc wisc edu>

Attachment: smime.p7s
Description:

--- End Message ---