Re: Encryption

[Archangel Amael <archangel.amael () gmail com>]

Hi,

These commercial tools in which you are referring need access to the
physical memory image file which can be accessed from a running
machine. This also requires being able to start the actual OS (windows
in the case of bitlocker) this same problem has plagued Truecrypt
among others. If the memory image file does not contain the encryption
keys then most of these programs are going to revert to a bruteforce
style of attack.

 There should be other controls and policies in place the prevent an
unauthorized user from being able to access a running machine. Those
however are all apart of a different conversation, since we do not
have the relevant information, nor do we need it in order to provide
some advice based on the OP's question.

Now as a caveat to the aforementioned products, no single product is
going to be a 100% guarantee against every single attack scenario that
may ever come about. Nothing is 100% secure for 100% of the time. But
to jump in and state one should avoid a certain product due  to a
potential attack vector that also affects other similar products is
absurd.


Regards,

On Tue, Dec 13, 2011 at 1:42 PM, Enode Florvilus
<Enodeflorvilus () bayviewassetmanagement com> wrote:
> Hi,
>
> I am currently doing a POC with Sophos, the product is easy to deploy and the encryption is fast and by the way 
> Bitlocker is not safe. There are commercial tools at there you can buy to crack bitlocker, I suggest you avoid 
> bitlocker.
>
> Thanks
>
> Enode Florvilus
>
>
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Gouife 
> Atseng,Landry,DOUALA,IS/IT
> Sent: Monday, December 12, 2011 10:02 AM
> To: Soumen Paul; drmarkabaiter () gmail com
> Cc: Kenneth Gonzalez; security-basics () securityfocus com
> Subject: RE: Encryption
>
> Hi paul,
>
> Please in the same way, can you help me to have open source to encrypt files in external drive.
>
> Thanks
>
> -----Message d'origine-----
> De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de Soumen Paul Envoyé : 
> mardi 19 avril 2011 16:53 À : drmarkabaiter () gmail com Cc : Kenneth Gonzalez; security-basics () securityfocus com 
> Objet : Re: Encryption
>
> Can try sophos safeguard enterprise. That works well with AD integrated role based policy
>
>
>
>
>
> On 15 Apr 2011, at 04:55 PM, David Weise <dweise () rider edu> wrote:
>
> > hi,
> >  Well there is always bitlocker.  Or TrueCrypt but this does not integrate with AD.
> > http://windows.microsoft.com/en-US/windows7/products/features/bitlocke
> > r
> >
> > On 4/12/2011 12:49 PM, Kenneth Gonzalez wrote:
> > > Hi, i want to implement a simple system to encryp Office files, like Docx, XLSX adn PPTX, and i need to integrate 
> > > this encryption system with Active Directory.
> > >
> > > i dont wanto to implement Active Directory RMS, hopefully a open
> > > Source or another third party solution. Do you know something like
> > > that... thanks
> >
> > ----------------------------------------------------------------------
> > -- Securing Apache Web Server with thawte Digital Certificate In this
> > guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it 
> > benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
> > install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
> > highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> > 42f727d1
> > ----------------------------------------------------------------------
> > --
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
> who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
> if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
> Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
> management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
> who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
> if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
> Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
> management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
> The information contained in this transmission may contain privileged and confidential information. It is intended 
> only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that 
> any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not 
> the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------