Re: Laptop Encryption & Hibernation

[GuidoZ <uberguidoz () gmail com>]

> The protection would (or should) be NTFS (as I mentioned). This would
> require a password to access the system or even the hardrive by itself put
> into another machine (now we wont even go into the fact that it would
> blue-screen to Hades unless it was totally compatible with the original
> computer).

Are you speaking about EFS (Encrypted File System)? In that case, I
would agree that it would certainly put a damper on a thiefs day.
However, simply using NTFS would not protect the data if the hard
drive was stolen.

As for the BSOD, you wouldn't be booting this the hard drive you put
into another system. You would be accessing it from another OS
(Windows, Linux, etc) that was preinstalled on the current machine. It
wouldn't blue screen because of that - it would treat it like a
storage drive.

Many admins also seem to think that because they password an account,
it's safe. This isn't always the case. First off, you'll have to
protect that account - which then makes all files below it only
accessable to that person. (Commonly done by teenagers on the family
computer to hide their porn.) Beyond that, it doesn't provide much
protection.

Password crackers (as were discussed on here a few times recently) can
get through such "security" in a matter of time. If you steal a hard
drive for the information, then you'll most likely be persistent
enough to wait the few months it may take to crack the password. With
EFS however, there's more to it then just a MD5/LM hash to get past.

> This is where I was saying (by inference) the two together were
> an excellent beginning of a security policy (note my references to
> documentation).

Unless you were talking about EFS (not just NTFS), it would only be a
beginning. Once again, an attacker who is persistant and only has a
password to get past, plus all the time they need, will break that
password.

> Btw I tend to agree with you on hibernation (and security and ease of use)
> though it is our (some of us) jobs to find a medium we (2nd being the user)
> can live with.
> I tend to believe stand-by will suffice. On early laptops, far back as Win
> 95, Toshiba, in particular, had a utility which created these hibernation
> files. They would often become corrupt -- which was annoying to the user.

That's very true. Even though security and ease of use are on opposite
sides of the see-saw, that's no reason to completely give up one or
the other. It's about compromise and deciding what works the best for
the situation. In this case, it sounds like the encryption is a
priority and a necessity. Therefore giving up the hibernation is about
the only choice. However, in a differnet situation, maybe giving up
the encryption would be a better solution. Depends on the POV and
situation of all those involved, or at least those making the
decision.

--
Peace. ~G


On Thu, 23 Sep 2004 17:17:27 -0500, Kevin Snively
<kevinsnively () comcast net> wrote:
> The protection would (or should) be NTFS (as I mentioned). This would
> require a password to access the system or even the hardrive by itself put
> into another machine (now we wont even go into the fact that it would
> blue-screen to Hades unless it was totally compatible with the original
> computer). This is where I was saying (by inference) the two together were
> an excellent beginning of a security policy (note my references to
> documentation).
>
> Btw I tend to agree with you on hibernation (and security and ease of use)
> though it is our (some of us) jobs to find a medium we (2nd being the user)
> can live with.
> I tend to believe stand-by will suffice. On early laptops, far back as Win
> 95, Toshiba, in particular, had a utility which created these hibernation
> files. They would often become corrupt -- which was annoying to the user.
>
>
>
>
> ----- Original Message -----
> From: "GuidoZ" <uberguidoz () gmail com>
> To: "Kevin Snively" <kevinsnively () comcast net>
> Cc: "James McGee" <j.mcgee () syn-tec com>; "Security Basics[List]"
> <security-basics () securityfocus com>
> Sent: Wednesday, September 22, 2004 11:04 PM
> Subject: Re: Laptop Encryption & Hibernation
>
> Certainly a nice thought, Kevin, and a step in the right direction.
> Unfortunately that wouldn't potect the system against theft, as the
> HDD could just be removed. Usually the purpose of encryption is to
> protect the data from prying eyes - regardless where those eyes may be
> coming from.
>
> Best of luck finding a solution. The only time I've ever had to deal
> with something similar, hibernation was simply disabled. Security and
> ease of use rarely go hand in hand. =)
>
> --
> Peace. ~G
>
> On Tue, 21 Sep 2004 18:58:18 -0500, Kevin Snively
> <kevinsnively () comcast net> wrote:
> > How about something as simple as a bios password? Works for me.
> >
> > reguards,
> > Kevin Snively
> > The HelpDesk Inc ®
> > 615-781-1922 (office)
> > 615-582-0877 (Mobile)
> >
> > ----- Original Message -----
> > From: "James McGee" <J.McGee () syn-tec com>
> > To: "Security Basics[List]" <security-basics () securityfocus com>
> > Sent: Sunday, September 19, 2004 10:28 AM
> > Subject: Laptop Encryption & Hibernation
> >
> > Hi
> >
> > We are trying to find a centrally manageable solution that we can deploy
> > to 2000 Laptop users.
> >
> > The majority of our users also make frequent use of the hibernation
> > function within WinXP.
> >
> > The problem lies with the fact that we can't seem to get a hard drive
> > encryption tool that will enable users to continue to use the
> > hibernation function.
> >
> > We have 2 options that I can recommend; bin the hibernation
> > functionality or use a file and folder level encryption product, neither
> > of which are the ideal solution for the situation.
> >
> > I am sure we are not the first to come across this problem, so I was
> > wondering how anyone else has overcome it.
> >
> > Apparently the people who make entire hard-drive encryption products are
> > aware of the issue and are working with MS to get it sorted, but how
> > long that will take is anyone's guess.
> >
> > Any help or advice is appreciated..
> >
> > Thanks
> >
> > JM
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.768 / Virus Database: 515 - Release Date: 9/22/04

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------