Security Basics mailing list archives
RE: How to Test HDD Encryption
From: jfvanmeter () comcast net
Date: Wed, 14 Nov 2007 11:35:35 +0000
I recently completed a pen test for a client and discoveried a new directory traversal in a web enable application. The target for the test was FDE enabled , once the target was booted and the OS mounted I could exploit the directory traversal to read any file on the system. After I informed my client of the problem, they asked me to do additional testing, I found if I encrypted the file, and ran the directory traversal, I could no longer read the file. So until the ventor patched there software, a mitigating step to lower the risk was to encrypted the files the client felt were the greatest risk if someone was to run the exploit. I believe you need both, FDE to protect the data at rest, and file encryption to protect the data when it is active. Again just my two shiny centavos, --John -------------- Original message ---------------------- From: Eric White <ewhite () ssc wisc edu>
Right, the same thing can be said for FDE, but FDE doesn't claim to do protect files after the PC is booted. I'm just trying to sort out the strengths and weaknesses of each. So far I'm not sure that file-based encryption offers the protection it claims to, or that that protection can't be effectively provided through other means. Thanks, Eric -- --------------------------------------------------------------- Eric White -----Original Message----- From: jfvanmeter () comcast net [mailto:jfvanmeter () comcast net] Sent: Tuesday, November 13, 2007 12:37 PM To: Eric White; infosecofficer () gmail com; security-basics () securityfocus com Subject: RE: How to Test HDD Encryption true, we can say the same for FDE, once the OS is mount, those file are all open. As for malware, virus and exploits O'my.... hopefully the workstation is patched, and running a current anti-virus, anti-spyware/malware scanner.... Ipatch management has to be part of the over all security picture, or your right it really doesn't matter... none of it FDE or File based encryption Personnel if I was going after file, I would do a little social engineering to again access to the workstation. "You can catch more flies with honey than with vinegar." Take Care and Have Fun --john -------------- Original message ---------------------- From: Eric White <ewhite () ssc wisc edu>
Current thread:
- Re: How to Test HDD Encryption, (continued)
- Re: How to Test HDD Encryption Ansgar -59cobalt- Wiechers (Nov 13)
- RE: How to Test HDD Encryption jfvanmeter (Nov 13)
- Re: How to Test HDD Encryption Ansgar -59cobalt- Wiechers (Nov 13)
- RE: How to Test HDD Encryption Eric White (Nov 13)
- Re: RE: How to Test HDD Encryption jim . lehman (Nov 13)
- Re: RE: How to Test HDD Encryption Ansgar -59cobalt- Wiechers (Nov 13)
- FDE and integrity of OS Was: How to Test HDD Encryption Alexander Klimov (Nov 14)
- Re: FDE and integrity of OS Was: How to Test HDD Encryption Mike Hale (Nov 14)
- RE: FDE and integrity of OS Was: How to Test HDD Encryption Craig Wright (Nov 14)
- Re: FDE and integrity of OS Was: How to Test HDD Encryption Ansgar -59cobalt- Wiechers (Nov 14)
- Re: RE: How to Test HDD Encryption Ansgar -59cobalt- Wiechers (Nov 13)
- RE: How to Test HDD Encryption Eric White (Nov 14)
- Re: How to Test HDD Encryption Ansgar -59cobalt- Wiechers (Nov 14)
- Re: How to Test HDD Encryption Ansgar -59cobalt- Wiechers (Nov 14)