Educause Security Discussion mailing list archives
Re: Mobile Data - Protecting the University from unnecessary risk
From: "Buskill, Bruce M" <bbuskill () RADFORD EDU>
Date: Tue, 11 May 2010 08:04:00 -0400
<html><head><meta name="Generator" content="Microsoft Exchange Server"> <!-- converted from text --> <style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style></head> <body> <font size="2"><div class="PlainText">"2a) Full Disk Encryption is only really useful when defending against some<br> miscreant who has wandered off with your computer *while it's powered off*<br> under his arm, taken it back to their den of iniquity, and powered it on and<br> said "OK, now what?". This is a very real and valid threat model for a laptop<br> or small desktop, but probably not your ERP system, which is probably hardly<br> ever powered down, and probably won't fit under a miscreant's arm without<br> the assistance of a forklift."<br> <br> Excellent point. I would add that university desktops issued for home use are also excellent candidates for FDE, as a safeguard against theft. <br> <br> Stephen<br> <br> ----- Original Message -----<br> From: "Valdis Kletnieks" <Valdis.Kletnieks () VT EDU><br> To: SECURITY () LISTSERV EDUCAUSE EDU<br> Sent: Tuesday, May 11, 2010 1:12:55 AM GMT -05:00 US/Canada Eastern<br> Subject: Re: [SECURITY] Mobile Data - Protecting the University from unnecessary risk<br> <br> On Mon, 10 May 2010 21:53:07 EDT, randy marchany said:<br> <br> > 2. This is significant in that as long as the system is booted up,<br> > your files are encrypted UNTIL they are accessed by a userid or<br> > process owned by a userid that has READ access to the files in<br> > question. World read access allows any userid to decrypt the file. A<br> > process running under your userid's privileges can decrypt any file<br> > you have read access and any malware running under your userid has<br> > that same access.<br> <br> Something that Randy implies, but a fair number of people need to be hit<br> over the head with repeatedly till they get it:<br> <br> 2a) Full Disk Encryption is only really useful when defending against some<br> miscreant who has wandered off with your computer *while it's powered off*<br> under his arm, taken it back to their den of iniquity, and powered it on and<br> said "OK, now what?". This is a very real and valid threat model for a laptop<br> or small desktop, but probably not your ERP system, which is probably hardly<br> ever powered down, and probably won't fit under a miscreant's arm without<br> the assistance of a forklift.<br> <br> And yet, I've heard more than one tale of a misguided security person<br> insisting that FDE be installed on the ERP system - resulting in the loss<br> of 1 or 2 nines of reliability because at the next reboot, it did exactly<br> what FDE will make it do - sit there and not mount the disk till it gets<br> fed the magic word. Whoops.<br> </div></font> </body> </html> Sent from my Android phone using TouchDown (www.nitrodesk.com)
Current thread:
- Re: Mobile Data - Protecting the University from unnecessary risk, (continued)
- Re: Mobile Data - Protecting the University from unnecessary risk SCHALIP, MICHAEL (May 10)
- Re: Mobile Data - Protecting the University from unnecessary risk randy marchany (May 10)
- Re: Mobile Data - Protecting the University from unnecessary risk John Ladwig (May 10)
- Re: Mobile Data - Protecting the University from unnecessary risk Valdis Kletnieks (May 10)
- Re: Mobile Data - Protecting the University from unnecessary risk Joel Rosenblatt (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Stephen C. Gay (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Ken Connelly (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Matthew Gracie (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Bradley, Stephen W. Mr. (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk David Bowie (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Buskill, Bruce M (May 11)
- Re: Mobile Data - Protecting the University from unnecessary risk Morrow Long (May 11)