Security Basics mailing list archives
Re: Laptop Encryption & Hibernation
From: GuidoZ <uberguidoz () gmail com>
Date: Thu, 23 Sep 2004 18:38:24 -0700
The protection would (or should) be NTFS (as I mentioned). This would require a password to access the system or even the hardrive by itself put into another machine (now we wont even go into the fact that it would blue-screen to Hades unless it was totally compatible with the original computer).
Are you speaking about EFS (Encrypted File System)? In that case, I would agree that it would certainly put a damper on a thiefs day. However, simply using NTFS would not protect the data if the hard drive was stolen. As for the BSOD, you wouldn't be booting this the hard drive you put into another system. You would be accessing it from another OS (Windows, Linux, etc) that was preinstalled on the current machine. It wouldn't blue screen because of that - it would treat it like a storage drive. Many admins also seem to think that because they password an account, it's safe. This isn't always the case. First off, you'll have to protect that account - which then makes all files below it only accessable to that person. (Commonly done by teenagers on the family computer to hide their porn.) Beyond that, it doesn't provide much protection. Password crackers (as were discussed on here a few times recently) can get through such "security" in a matter of time. If you steal a hard drive for the information, then you'll most likely be persistent enough to wait the few months it may take to crack the password. With EFS however, there's more to it then just a MD5/LM hash to get past.
This is where I was saying (by inference) the two together were an excellent beginning of a security policy (note my references to documentation).
Unless you were talking about EFS (not just NTFS), it would only be a beginning. Once again, an attacker who is persistant and only has a password to get past, plus all the time they need, will break that password.
Btw I tend to agree with you on hibernation (and security and ease of use) though it is our (some of us) jobs to find a medium we (2nd being the user) can live with. I tend to believe stand-by will suffice. On early laptops, far back as Win 95, Toshiba, in particular, had a utility which created these hibernation files. They would often become corrupt -- which was annoying to the user.
That's very true. Even though security and ease of use are on opposite sides of the see-saw, that's no reason to completely give up one or the other. It's about compromise and deciding what works the best for the situation. In this case, it sounds like the encryption is a priority and a necessity. Therefore giving up the hibernation is about the only choice. However, in a differnet situation, maybe giving up the encryption would be a better solution. Depends on the POV and situation of all those involved, or at least those making the decision. -- Peace. ~G On Thu, 23 Sep 2004 17:17:27 -0500, Kevin Snively <kevinsnively () comcast net> wrote:
The protection would (or should) be NTFS (as I mentioned). This would require a password to access the system or even the hardrive by itself put into another machine (now we wont even go into the fact that it would blue-screen to Hades unless it was totally compatible with the original computer). This is where I was saying (by inference) the two together were an excellent beginning of a security policy (note my references to documentation). Btw I tend to agree with you on hibernation (and security and ease of use) though it is our (some of us) jobs to find a medium we (2nd being the user) can live with. I tend to believe stand-by will suffice. On early laptops, far back as Win 95, Toshiba, in particular, had a utility which created these hibernation files. They would often become corrupt -- which was annoying to the user. ----- Original Message ----- From: "GuidoZ" <uberguidoz () gmail com> To: "Kevin Snively" <kevinsnively () comcast net> Cc: "James McGee" <j.mcgee () syn-tec com>; "Security Basics[List]" <security-basics () securityfocus com> Sent: Wednesday, September 22, 2004 11:04 PM Subject: Re: Laptop Encryption & Hibernation Certainly a nice thought, Kevin, and a step in the right direction. Unfortunately that wouldn't potect the system against theft, as the HDD could just be removed. Usually the purpose of encryption is to protect the data from prying eyes - regardless where those eyes may be coming from. Best of luck finding a solution. The only time I've ever had to deal with something similar, hibernation was simply disabled. Security and ease of use rarely go hand in hand. =) -- Peace. ~G On Tue, 21 Sep 2004 18:58:18 -0500, Kevin Snively <kevinsnively () comcast net> wrote:How about something as simple as a bios password? Works for me. reguards, Kevin Snively The HelpDesk Inc ® 615-781-1922 (office) 615-582-0877 (Mobile) ----- Original Message ----- From: "James McGee" <J.McGee () syn-tec com> To: "Security Basics[List]" <security-basics () securityfocus com> Sent: Sunday, September 19, 2004 10:28 AM Subject: Laptop Encryption & Hibernation Hi We are trying to find a centrally manageable solution that we can deploy to 2000 Laptop users. The majority of our users also make frequent use of the hibernation function within WinXP. The problem lies with the fact that we can't seem to get a hard drive encryption tool that will enable users to continue to use the hibernation function. We have 2 options that I can recommend; bin the hibernation functionality or use a file and folder level encryption product, neither of which are the ideal solution for the situation. I am sure we are not the first to come across this problem, so I was wondering how anyone else has overcome it. Apparently the people who make entire hard-drive encryption products are aware of the issue and are working with MS to get it sorted, but how long that will take is anyone's guess. Any help or advice is appreciated.. Thanks JM--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.768 / Virus Database: 515 - Release Date: 9/22/04
--------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Laptop Encryption & Hibernation James McGee (Sep 20)
- Re: Laptop Encryption & Hibernation Kevin Snively (Sep 22)
- RE: Laptop Encryption & Hibernation dave kleiman (Sep 24)
- Re: Laptop Encryption & Hibernation GuidoZ (Sep 24)
- Re: Laptop Encryption & Hibernation Kevin Snively (Sep 24)
- Re: Laptop Encryption & Hibernation GuidoZ (Sep 25)
- Re: Laptop Encryption & Hibernation Barrie Dempster (Sep 27)
- RE: Laptop Encryption & Hibernation Philip Wagenaar (Sep 24)
- Re: Laptop Encryption & Hibernation Kevin Snively (Sep 22)
- <Possible follow-ups>
- Re: Laptop Encryption & Hibernation Kevin Snively (Sep 24)
- Re: Laptop Encryption & Hibernation Jonathan Loh (Sep 24)
- Re: Laptop Encryption & Hibernation Kevin Snively (Sep 24)
- Re: Laptop Encryption & Hibernation Jonathan Loh (Sep 24)
- Re: Laptop Encryption & Hibernation Jonathan Loh (Sep 24)
- Re: Laptop Encryption & Hibernation Ravishankar (Sep 25)
- Re: Laptop Encryption & Hibernation J. Theriault (Sep 27)