Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

FW: Laptop Encryption & Hibernation

from [Administrator] Network Security [Permanent Link]
Subject: FW: Laptop Encryption & Hibernation
Date: Mon, 27 Sep 2004 20:31:35 +0100 

Thank the Lord that someone (Barrie Dempster) has actually put these
"NTFS for security", "bios password" and "anti-hard drive transfer"
'methods' to sleep as possible corporate security strategies...because
they are not and never will be.

For a minute there I thought this list had gone DRAMATICALLY downhill!

And the original poster was only asking about encryption software that
would enable his organisations laptop users to use hibernation mode!!

Well said again Barrie!

Andrew Craig

MCSA, MCSE, CCNA



-----Original Message-----
From: Barrie Dempster [mailto:barrie@reboot-robot.net] 
Sent: 25 September 2004 11:29
To: Kevin Snively
Cc: GuidoZ; James McGee; Security Basics[List]
Subject: Re: Laptop Encryption & Hibernation

On Thu, 2004-09-23 at 23:17, Kevin Snively wrote:

The protection would (or should) be NTFS (as I mentioned). This would
require a password to access the system or even the hardrive by itself

put

into another machine 

No.

NTFS has nothing to do with password access to the system, it doesn't
offer any encryption at all and CAN be viewed without logging onto the
stolen machine. (Unless you meant EFS which does offer encryption for
NTFS systems, but I don't beleive you did)


(now we wont even go into the fact that it would
blue-screen to Hades unless it was totally compatible with the

original

computer). 


Ehm you are joking right?
If you have taken a hard drive from one system to put into another you
aren't required to boot from it. You can install it as a secondary
drive, boot from the first drive containing another OS and happily read
everything on the ntfs system. This can be done from any OS that can
read NTFS.


As for the BIOS password comments from others in the thread.....
BIOS passwords offer ZERO security if the machine has been stolen, the
battery popping / jumper method is one way bypassing it, but a BIOS
isn't ANY use if the hard drive is no longer attached to that system.
The OP asked about enterprise level security solutions and the list
offered him BIOS passwords? I can't believe subscribers to this list
need the limitations of this explained to them.

The REAL options is encryption (which is what the OP asked about)

Listen to Ghaith Nasrawi, he provided very good options. EFS is also an
option to look at.

On Thu, 2004-09-23 at 09:49, Ghaith Nasrawi wrote:

Read this
http://www.tgc.com/dsstar/04/0727/108590.html

and check these products
http://www.safeboot.com/safeboot.asp?page=news&area=pressdetails&id=43
http://www.findbiometrics.com/viewnews.php?id=1454
http://www.ce-infosys.com.sg/CeiNews_FreeCompuSec.asp

-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: login session transcript, xyberpix
Next by Date:  FW: Lost mail on security-basics today, David Fore
Previous by Thread:  RE: Laptop Encryption & Hibernation, James McGee
Next by Thread:  Inspecting Code for Security, caleb . dods
Indexes:  [Date] [Thread] [Top] [All Lists]