Educause Security Discussion mailing list archives
Re: Recommendation of a good secure Flash drive?
From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Date: Tue, 20 Oct 2009 14:12:11 -0400
I suspect that simply disabling boot external devices when travelling and using a good bios/cmos password might do a lot to thwart this type of attack. The fact that the device is physically accessible is the first problem followed by the fact that some part of the computer (where code can be stored) is still software accessible via an external entry point for boot. In theory, PXE, optical, floppy, USB, Firewire, and any other such vector are conceptually the same including internal devices with EEProms where code can be injected and executed prior to boot. I say in your organization if you're encrypting drives, it's equally as important to advise users or either only allow it to manage desktop bios settinngs on devices of concern. Just one more level of assurance... Dexter Caldwell The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> writes:
That's quite true.� The notable thing about this particular the "Evil Maid" exploit is that it checks for and hooks into TrueCrypt. � Christopher Jones"Doty, Timothy T." <tdoty () MST EDU> 10/20/2009 9:16 AM >>>Someone with physical access who can install a key logger will always be a problem. This isn’t a weakness in TrueCrypt, it is a problem of physical security. Tim Doty � From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Christopher Jones Sent: Tuesday, October 20, 2009 11:08 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Recommendation of a good secure Flash drive? � I think TrueCrypt is a great solution, as well.� However, it was a little disconcerting to read an article on ThreatPost this morning that showed how it can be defeated in a minute.� Yikes. � Christopher Jones IT Security Administrator University of the Fraser ValleyGina Mieszczak <gmieszcz () IIT EDU> 10/20/2009 7:35 AM >>>I second that.� Truecrypt is a great product.� Easy to work with. Gina Gina Mieszczak Network Security Administrator Email: gmieszcz () iit edu Phone: 312.567.3879 Fax: 312.567.5968 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Durfee, Jeff Sent: Tuesday, October 20, 2009 9:21 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Recommendation of a good secure Flash drive? We also like IronKey drives, which are great, but pricey. If you don't need all the built-in features of IronKey, I'm recommending TrueCrypt (www.truecrypt.org). Its free, flexible and very user-friendly. Once we place it on a drive, all the user has to do is plug it in and enter their password when prompted. After that, their secure volume appears to them just like a normal drive. When the drive is removed from the PC, it is fully encrypted and protected. It will work with pretty much any removable drive. ~Jeff Jeff Durfee Director, IT Security Univ. of North Florida jdurfee () unf edu Voice (904) 620-2820 **************************************************************************** ******* From: The EDUCAUSE Security Constituent Group Listserv on behalf of David Grisham Sent: Mon 10/19/2009 6:50 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Recommendation of a good secure Flash drive? We are looking IronKey for flash drives.� But we really need a broader solution.� Has anyone implemented an endpoint encryption product that covers the scope of NIST 800-111?� Health Care entities are going to be trying to implement encryption on flash drives, laptops, CDs, DVDs, etc. in a way that doesn't bring down our ability to provide patient care.� Cheers.-grishScott Dier <dierx002 () UMN EDU> 10/19/2009 4:53 PM >>>I really like the ironkey line.� Cross platform support, a read only mode, and autorun.inf checking are key features.
Current thread:
- Re: Recommendation of a good secure Flash drive?, (continued)
- Re: Recommendation of a good secure Flash drive? Gina Mieszczak (Oct 20)
- Re: Recommendation of a good secure Flash drive? Daniel Bennett (Oct 20)
- Re: Recommendation of a good secure Flash drive? Christopher Jones (Oct 20)
- Re: Recommendation of a good secure Flash drive? Michael Testa (Oct 20)
- Re: Recommendation of a good secure Flash drive? Doty, Timothy T. (Oct 20)
- Re: Recommendation of a good secure Flash drive? Stanclift, Michael (Oct 20)
- Re: Recommendation of a good secure Flash drive? McCrary, Barbara (Oct 20)
- Re: Recommendation of a good secure Flash drive? Walter Petruska (Oct 20)
- Re: Recommendation of a good secure Flash drive? Christopher Jones (Oct 20)
- Re: Recommendation of a good secure Flash drive? Valdis Kletnieks (Oct 20)
- Re: Recommendation of a good secure Flash drive? Dexter Caldwell (Oct 20)
- Re: Recommendation of a good secure Flash drive? McCrary, Barbara (Oct 20)
- Re: Recommendation of a good secure Flash drive? RL Vaughn (Oct 20)
- Re: Recommendation of a good secure Flash drive? RL Vaughn (Oct 20)
- Re: Recommendation of a good secure Flash drive? Doty, Timothy T. (Oct 20)
- Re: Recommendation of a good secure Flash drive? Christopher Jones (Oct 20)
- Re: Recommendation of a good secure Flash drive? Doty, Timothy T. (Oct 20)
- Re: Recommendation of a good secure Flash drive? Allison Dolan (Oct 20)
- Re: Recommendation of a good secure Flash drive? Dexter Caldwell (Oct 20)
- FW: Recommendation of a good secure Flash drive? Carroll, John (Oct 21)
- Re: Recommendation of a good secure Flash drive? Richard Hopkins (Oct 21)
(Thread continues...)