RE: How to Test HDD Encryption

[Eric White <ewhite () ssc wisc edu>]

Thanks John.  That's a nice example.  I wasn't thinking of web apps.   


--
---------------------------------------------------------------
Eric White                           


-----Original Message-----
From: jfvanmeter () comcast net [mailto:jfvanmeter () comcast net] 
Sent: Wednesday, November 14, 2007 5:36 AM
To: Eric White; infosecofficer () gmail com; security-basics () securityfocus com
Subject: RE: How to Test HDD Encryption

I recently completed a pen test for a client and discoveried a new directory
traversal in a web enable application. The target for the test was FDE
enabled , once the target was booted and the OS mounted I could exploit the
directory traversal to read any file on the system. 

After I informed my client of the problem, they asked me to do additional
testing, I found if I encrypted the file, and ran the directory traversal, I
could no longer read the file. 

So until the ventor patched there software, a mitigating step to lower  the
risk was to encrypted the files the client felt were the greatest risk if
someone was to run the exploit.

I believe you need both, FDE to protect the data at rest, and file
encryption to protect the data when it is active.

Again just my two shiny centavos, --John

 -------------- Original message ----------------------
From: Eric White <ewhite () ssc wisc edu>
> Right, the same thing can be said for FDE, but FDE doesn't claim to do 
> protect files after the PC is booted.  I'm just trying to sort out the 
> strengths and weaknesses of each.  So far I'm not sure that file-based 
> encryption offers the protection it claims to, or that that protection 
> can't be effectively provided through other means.
>
> Thanks,
>
> Eric
> --
> ---------------------------------------------------------------
> Eric White
>
> -----Original Message-----
> From: jfvanmeter () comcast net [mailto:jfvanmeter () comcast net]
> Sent: Tuesday, November 13, 2007 12:37 PM
> To: Eric White; infosecofficer () gmail com; 
> security-basics () securityfocus com
> Subject: RE: How to Test HDD Encryption
>
> true, we can say the same for FDE, once the OS is mount, those file 
> are all open.
>
> As for malware, virus and exploits O'my.... hopefully the workstation 
> is patched, and running a current anti-virus, anti-spyware/malware
scanner....
> Ipatch management has to be part of the over all security picture, or 
> your right it really doesn't matter... none of it FDE or File based 
> encryption
>
> Personnel if I was going after file, I would do a little social 
> engineering to again access to the workstation.
>
> "You can catch more flies with honey than with vinegar."
>
> Take Care and Have Fun --john
>
>  -------------- Original message ----------------------
> From: Eric White <ewhite () ssc wisc edu>

Attachment: smime.p7s
Description: