Security Basics mailing list archives
RE: The VA Stolen Laptop - Lessons Learned
From: "Isaac Van Name" <ivanname () southerlandsleep com>
Date: Thu, 14 Sep 2006 08:17:41 -0500
Bush hasn't defined "data"... he can't define anything because he's a moron. Does data include OS files, log files, cab files, drivers, etc.? IMO, no. None of it. Screw the OS and its files; those things don't count as "sensitive data". Okay, so there's the argument that "these things can be used for a compromise". Really, I don't see why someone can't just use a roaming profile and a VPN connection on the laptop to connect to their workplace and, anytime sensitive data like that is put on a laptop, encrypt it as the roaming profile and set the file rights to only allow that roaming profile to access it. That way, when the laptop is stolen, just disable the roaming account... that should protect the encrypted files for long enough for the laptop to be recovered. True, this is more work, but then, isn't proper security just making your everyday tasks take longer? Of course, this is all said with a cup of coffee in one head and my hungover head in the other, so please feel free to correct me. As it seems to me, though, I think you have to plan out system security before you implement file security... otherwise, you're just playing smoke and mirrors. Isaac Van Name Network Assistant / Programmer Southerland, inc. ivanname () southerlandsleep com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of evb Sent: Wednesday, September 13, 2006 3:47 PM To: security-basics () securityfocus com Subject: RE: The VA Stolen Laptop - Lessons Learned :1. Encrypt all data on mobile computers/devices which carry :agency data unless the data is determined to be non-sensitive, :in writing, by your Deputy Secretary or an individual he/she :may designate in writing : And does "data" include operating system files, log files, cab files, drivers, etc., or does it only include eg xls, doc, pdf and wpd files, etc.? How has Bush defined "data"? Thx, Eric --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- The VA Stolen Laptop - Lessons Learned lists () infostruct net (Sep 13)
- Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 13)
- RE: The VA Stolen Laptop - Lessons Learned evb (Sep 13)
- RE: The VA Stolen Laptop - Lessons Learned Isaac Van Name (Sep 14)
- Re: The VA Stolen Laptop - Lessons Learned George Toft (Sep 15)
- Re: The VA Stolen Laptop - Lessons Learned MandommGmail (Sep 18)
- Re: The VA Stolen Laptop - Lessons Learned security (Sep 19)
- Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 20)
- RE: The VA Stolen Laptop - Lessons Learned Clement Dupuis (Sep 20)
- Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 20)
- Re: The VA Stolen Laptop - Lessons Learned intel96 (Sep 20)
- Re: The VA Stolen Laptop - Lessons Learned Saqib Ali (Sep 21)
- RE: The VA Stolen Laptop - Lessons Learned Pranav Lal (Sep 25)