RE: How to Test HDD Encryption

[Eric White <ewhite () ssc wisc edu>]

Hello,

So under this scenario you're thinking about application or OS level
exploits that would give the bad guys access to files that should be off
limits, right?

When I think about this situation, I wonder how much file based encryption
truly helps.  If the OS or an application can be exploited, it's possible
malware will be installed as part of this exploit.  If that malware captures
the credentials needed to decrypt these files, then the attacker wins.

If ACLs are incorrect or breached through less nefarious means, then yes,
less sophisticated attackers are kept at bay by file level encryption, but
does it really stop the pros?  I worry that an attacker who has access to
your machine or network while it's live would have the means to capture the
credentials necessary for decryption.  

Thanks,

Eric

--
---------------------------------------------------------------
Eric White                           


-----Original Message-----
From: jfvanmeter () comcast net [mailto:jfvanmeter () comcast net] 
Sent: Tuesday, November 13, 2007 12:12 PM
To: Eric White; infosecofficer () gmail com; security-basics () securityfocus com
Subject: RE: How to Test HDD Encryption

encrypting file can be based on the user's password or a certificate, this
adds an addational layer of security after the OS is load.

If I'm a malicous person that is trying to steal your files ..... I now have
to get pass the FDE, ACLs on the file system, then the file based
encryption. I believe like electrical current, malicous people take the path
of less resistance, so if the target has extra security controls it would
make there task harder.

Again this is jusy my two shiny centavos, and somedays there not all that
shiny.

--John

 -------------- Original message ----------------------
From: Eric White <ewhite () ssc wisc edu>

Attachment: smime.p7s
Description: