Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: secure file handling

from [dave_boone007] Network Security [Permanent Link]
Subject: Re: secure file handling
Date: 27 Jul 2005 12:35:32 -0000 
Hi Alejandro,

As every technical response goes, the answer is "It depends".

If you're looking for entry-level protection, built-in file system level 
encryption can work.  Easily identifiable problems are 1) OS-level encryption 
typically is only as secure as the user account that has access to decrypt it, 
and 2) OS-level encryption can cause loss of access to your data if you have a 
system crash and can't regenerate the key that originally encrypted them, and 
3) OS-level encryption is typically not portable or scalable, i.e. hard to have 
encrypted grid computing or shared access.

If you're looking for secure file handling for a larger environment, you might 
want to consider some 3rd party products like those from NeoScale and Decru, 
that use AES 256-bit encryption.

If you're looking for decent security at a reasonable price, maybe look at GPG 
or PGP.

Probably the most solid solution I've seen has been the Decru DataFort 
accompanied with their DCS client software. (no, I don't work for them or own 
any shares.)  Their devices are tamper-resistant, where physical access causes 
the systems not to load the keys any more.  Some of their devices are equipped 
with a "panic button" where pressing this physical button deletes the 
encryption keys, making the data practically irretrievable.  Plus, with their 
DCS client software you can enforce policies to the client, ensuring only known 
software is running on them, and even control which processes can access 
certain files, not just which users.

That's the "Mack Daddy" solution, but most any encryption software will provide 
you with the two features you've asked for - confidentiality (no one without 
the encryption key can 'recover' your files), and data integrity (no one 
without the private encryption key can change the content of a file without 
there being evidence/corruption).  Data integrity can be achieved without 
encryption by 'signing' the files.  For example, something as simple as an MD5 
checksum can be used to guarantee the files have not been modified.

Hope this helps,
Dave Boone, CISSP
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Best spyware program, Craig Wright
Next by Date:  RE: RE: Best spyware program, Mike Fetherston
Previous by Thread:  Re: secure file handling, Atom Powers
Next by Thread:  vuln testing, Adam Kane
Indexes:  [Date] [Thread] [Top] [All Lists]