RE: The VA Stolen Laptop - Lessons Learned

["Scott Ramsdell" <Scott.Ramsdell () cellnet com>]

If the laptop is stolen, and off the network when you disable the
account, how the heck do you think the fact the account has been
disabled reaches the laptop?

"encrypt it as the roaming profile"?  The roaming profile is very
specific files.  If you're talking about using EFS, you have other
concerns as well.

If you encrypt a user's profile with EFS, the key would have to be on
the machine or the user couldn't get to their profile off the network.

If the key is left on the machine, then anyone with physical access to
the machine can reset the admin password, login as the admin, and grab
the user's key and get to the files.

The encryption used should be something other than EFS, and should be on
a directory outside the profile (so copies aren't flung onto the user's
network share).

Basically, the users should be trained, and the plan should be created
by someone who knows what they are doing, and people should stop
pointing fingers when something goes wrong, and instead address the
issues.

Good slam on the Prez, BTW, both pertinent and relevant, and about as
thoughtfully consistent as the rest of your rant.

-Scott Ramsdell

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Isaac Van Name
Sent: Thursday, September 14, 2006 8:18 AM
To: 'evb'; security-basics () securityfocus com
Subject: RE: The VA Stolen Laptop - Lessons Learned

Bush hasn't defined "data"... he can't define anything because he's a
moron.

Does data include OS files, log files, cab files, drivers, etc.?
IMO, no.  None of it.  Screw the OS and its files; those things don't
count
as "sensitive data".  Okay, so there's the argument that "these things
can
be used for a compromise".  Really, I don't see why someone can't just
use a
roaming profile and a VPN connection on the laptop to connect to their
workplace and, anytime sensitive data like that is put on a laptop,
encrypt
it as the roaming profile and set the file rights to only allow that
roaming
profile to access it.  That way, when the laptop is stolen, just disable
the
roaming account... that should protect the encrypted files for long
enough
for the laptop to be recovered.  True, this is more work, but then,
isn't
proper security just making your everyday tasks take longer?

Of course, this is all said with a cup of coffee in one head and my
hungover
head in the other, so please feel free to correct me.  As it seems to
me,
though, I think you have to plan out system security before you
implement
file security... otherwise, you're just playing smoke and mirrors.


Isaac Van Name
Network Assistant / Programmer
Southerland, inc.
ivanname () southerlandsleep com

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On
Behalf Of evb
Sent: Wednesday, September 13, 2006 3:47 PM
To: security-basics () securityfocus com
Subject: RE: The VA Stolen Laptop - Lessons Learned

 
:1. Encrypt all data on mobile computers/devices which carry 
:agency data unless the data is determined to be non-sensitive, 
:in writing, by your Deputy Secretary or an individual he/she 
:may designate in writing 
: 

And does "data" include operating system files, log files, cab files,
drivers, etc., or does it only include eg xls, doc, pdf and wpd files,
etc.?
How has Bush defined "data"?  

Thx,

Eric 


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---




------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------