Educause Security Discussion mailing list archives

Re: Encrypted Thumbdrives

From: Gary Flynn <flynngn () JMU EDU>
Date: Mon, 21 Apr 2008 09:55:00 -0400

Bombard, Charles L wrote:

Have you looked at a particular product? Have one you really like?
I am wondering what other people have found in looking at USBthumbdrives that have built in encryption and/or have utilized softwarebased encryption such as truecrypt that can be included on the drivesun-encrypted area.


We're just starting to look at this area. Given the wide range
of hardware and the constantly changing technology, TrueCrypt
is very attractive though operator education is a challenge.

Another area of concern is untrusted hosts. There is a lot of
malware out there that understands USB drives and that will
spread to them if a write protect switch is not available.
We saw a sample that copied the contents of a USB drive
to one large file on the infected host and subsequently tried
to communicate with systems in China. Encrypting the data at
rest will protect against what is probably the most common
threat, loss of the media, but doesn't protect the data if the
device is plugged into a hostile host.

There has to be a very good reason that sensitive data is
placed on portable media and user education about safe
usage of the portable media is at least as important as
technology.

I am currently demo’ing a SafeStick Business edition thumbdrive.

I will be looking at a truecrypt solution too.
I thought there had been a discussion about this a while back but Icould not find it in the archives.
Any thoughts/suggestions are appreciated.
-Charlie
==========================================
Charles Bombard, GSEC

LAN/Systems Administrator

Community College of Vermont

119 Pearl Street

Burlington, VT 05401

802.657.4234

bombardc () ccv edu <mailto:bombardc () ccv edu>
PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designatedrecipient only and may contain privileged, confidential, or otherwiseprivate information. If you have received it in error, please notify thesender immediately and delete the original. Any other use of an emailreceived in error is prohibited.



--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Encrypted Thumbdrives Bombard, Charles L (Apr 18)
- <Possible follow-ups>
- Re: Encrypted Thumbdrives Stephen Gill (Apr 18)
- Re: Encrypted Thumbdrives Bradley, Stephen W. Mr. (Apr 18)
- Re: Encrypted Thumbdrives James M . Dutcher - VP IS/IT & CIO (Apr 18)
- Re: Encrypted Thumbdrives Mike Hanson (Apr 18)
- Re: Encrypted Thumbdrives Paul Keser (Apr 18)
- Re: Encrypted Thumbdrives Michael Sana (Apr 18)
- Re: Encrypted Thumbdrives Gary Flynn (Apr 21)
- Re: Encrypted Thumbdrives Jesse Thompson (Apr 21)
- Re: Encrypted Thumbdrives Avdagic, Indir (Apr 21)
- Re: Encrypted Thumbdrives Richard Hopkins (Apr 22)
- Re: Encrypted Thumbdrives Brenda B Gombosky (Apr 22)