Re: Recommendation of a good secure Flash drive?

["Doty, Timothy T." <tdoty () MST EDU>]

Agreed.

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Christopher Jones
Sent: Tuesday, October 20, 2009 2:13 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Recommendation of a good secure Flash drive?

 

Noted.  If nothing else, it serves to further underscore the fact no matter how secure you try to make things, there's 
someone who has figured out a way around it.

 

Christopher

> > > "Doty, Timothy T." <tdoty () MST EDU> 10/20/2009 12:07 PM >>>

It’s a proof of concept, there isn’t a specific weakness of TrueCrypt that is being exploited. The weakness is in 
someone still having the ability to inject code. Anything relying on hard drive boot strap is vulnerable to an 
identical attack. If someone can alter the bios, they can do even more. If someone has physical access they can do most 
anything – TPM is about the only solution that comes to mind that even starts to address this problem.

But their scenario is this:

1.       Laptop is left where someone has unmonitored access to it and is turned off*

2.       The boot process is modified by leveraging physical access**

3.       User boots laptop, enters password

4.       Laptop is again left where someone has unmonitored access

* the attack requires a boot, if the system was hibernated/locked rebooting might well alert the owner

** which access depends on complicity of the bios (e.g., boot order, TPM not enabled, etc.)

With the same requirements there are other ways to get the same results. You can do it better (no physical access 
required to obtain the password) with a slightly greater investment in equipment. There is no reason for this to “send 
a shiver” down the spine – scenarios that allow unmonitored physical access make almost anything possible. Which is 
just a reminder that maintaining physical control is important.

Also note this was raised (in this thread) with respect to stolen laptops. The attack is useless if the laptop is 
stolen as it requires someone with knowledge of the password to type it in so that it can be recorded. The “compromise 
full disk encrypted laptop in less than a minute” is typical of attention getting fodder and not particularly accurate.

Tim Doty

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Christopher Jones
Sent: Tuesday, October 20, 2009 12:04 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Recommendation of a good secure Flash drive?

 

That's quite true.  The notable thing about this particular the "Evil Maid" exploit is that it checks for and hooks 
into TrueCrypt.

 

Christopher Jones

> > > "Doty, Timothy T." <tdoty () MST EDU> 10/20/2009 9:16 AM >>>

Someone with physical access who can install a key logger will always be a problem. This isn’t a weakness in TrueCrypt, 
it is a problem of physical security.

Tim Doty

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Christopher Jones
Sent: Tuesday, October 20, 2009 11:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Recommendation of a good secure Flash drive?

 

I think TrueCrypt is a great solution, as well.  However, it was a little disconcerting to read an article on 
ThreatPost this morning that showed how it can be defeated in a minute.  Yikes.

 

Christopher Jones

IT Security Administrator

University of the Fraser Valley

> > > Gina Mieszczak <gmieszcz () IIT EDU> 10/20/2009 7:35 AM >>>
I second that.  Truecrypt is a great product.  Easy to work with.

Gina

Gina Mieszczak
Network Security Administrator
Email: gmieszcz () iit edu
Phone: 312.567.3879
Fax: 312.567.5968

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Durfee, Jeff
Sent: Tuesday, October 20, 2009 9:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Recommendation of a good secure Flash drive?

We also like IronKey drives, which are great, but pricey.

If you don't need all the built-in features of IronKey, I'm recommending
TrueCrypt (www.truecrypt.org). Its free, flexible and very user-friendly.
Once we place it on a drive, all the user has to do is plug it in and enter
their password when prompted. After that, their secure volume appears to
them just like a normal drive. When the drive is removed from the PC, it is
fully encrypted and protected. It will work with pretty much any removable
drive.


~Jeff

Jeff Durfee
Director, IT Security
Univ. of North Florida
jdurfee () unf edu
Voice (904) 620-2820

****************************************************************************
*******
From: The EDUCAUSE Security Constituent Group Listserv on behalf of David
Grisham
Sent: Mon 10/19/2009 6:50 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Recommendation of a good secure Flash drive?



We are looking IronKey for flash drives.  But we really need a broader
solution.  Has anyone implemented an endpoint encryption product that covers
the scope of NIST 800-111?  Health Care entities are going to be trying to
implement encryption on flash drives, laptops, CDs, DVDs, etc. in a way that
doesn't bring down our ability to provide patient care.  Cheers.-grish

> > > Scott Dier <dierx002 () UMN EDU> 10/19/2009 4:53 PM >>>
I really like the ironkey line.  Cross platform support, a read only
mode, and autorun.inf checking are key features.

Attachment: smime.p7s
Description: