Educause Security Discussion mailing list archives
Re: Mobile Data - Protecting the University from unnecessary risk
From: "Buskill, Bruce M" <bbuskill () RADFORD EDU>
Date: Tue, 11 May 2010 08:03:59 -0400
<html><head><meta name="Generator" content="Microsoft Exchange Server"> <!-- converted from text --> <style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style></head> <body> <font size="2"><div class="PlainText">I like to make the point the FDE is not really security, it's risk management and compliance - it is installed to prevent the CNN moment - an insurance policy <br> at best.<br> <br> Randy's post is excellent - it is up to us (the security folks) to make sure that management understands that just because FDE is installed on systems, it does <br> not mean that we can dispense with other security programs.<br> <br> My 2 cents<br> <br> Joel<br> <br> --On Tuesday, May 11, 2010 1:12 AM -0400 Valdis Kletnieks <Valdis.Kletnieks () VT EDU> wrote:<br> <br> > On Mon, 10 May 2010 21:53:07 EDT, randy marchany said:<br> ><br> >> 2. This is significant in that as long as the system is booted up,<br> >> your files are encrypted UNTIL they are accessed by a userid or<br> >> process owned by a userid that has READ access to the files in<br> >> question. World read access allows any userid to decrypt the file. A<br> >> process running under your userid's privileges can decrypt any file<br> >> you have read access and any malware running under your userid has<br> >> that same access.<br> ><br> > Something that Randy implies, but a fair number of people need to be hit<br> > over the head with repeatedly till they get it:<br> ><br> > 2a) Full Disk Encryption is only really useful when defending against some<br> > miscreant who has wandered off with your computer *while it's powered off*<br> > under his arm, taken it back to their den of iniquity, and powered it on and<br> > said "OK, now what?". This is a very real and valid threat model for a laptop<br> > or small desktop, but probably not your ERP system, which is probably hardly<br> > ever powered down, and probably won't fit under a miscreant's arm without<br> > the assistance of a forklift.<br> ><br> > And yet, I've heard more than one tale of a misguided security person<br> > insisting that FDE be installed on the ERP system - resulting in the loss<br> > of 1 or 2 nines of reliability because at the next reboot, it did exactly<br> > what FDE will make it do - sit there and not mount the disk till it gets<br> > fed the magic word. Whoops.<br> ><br> ><br> <br> <br> <br> Joel Rosenblatt, Manager Network & Computer Security<br> Columbia Information Security Office (CISO)<br> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033<br> <a href="http://www.columbia.edu/~joel" target="_BLANK">http://www.columbia.edu/~joel</a><br> </div></font> </body> </html> Sent from my Android phone using TouchDown (www.nitrodesk.com)
Current thread:
- Mobile Data - Protecting the University from unnecessary risk Todd Britton (May 10)
- <Possible follow-ups>
- Re: Mobile Data - Protecting the University from unnecessary risk SCHALIP, MICHAEL (May 10)
- Re: Mobile Data - Protecting the University from unnecessary risk randy marchany (May 10)
- Re: Mobile Data - Protecting the University from unnecessary risk John Ladwig (May 10)
- Re: Mobile Data - Protecting the University from unnecessary risk Valdis Kletnieks (May 10)
- Re: Mobile Data - Protecting the University from unnecessary risk Joel Rosenblatt (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Stephen C. Gay (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Ken Connelly (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Matthew Gracie (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Bradley, Stephen W. Mr. (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk David Bowie (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Morrow Long (May 11)