FDE is the (ultimate?) solution to the problem of data-at-rest (offline attacks). Throw in a TPM (or equivalent mechanism) and you deal with the issue of integrity of system components like the BIOS, MBR, etc. For online attacks, there are other mechanisms. My favorite is to employ the principle of least priv (i.e., don't log in as root/admin for daily web surfing). Also, fully exploit technologies like NX/XD by turning on DEP for "all programs and services" (not selected by default for compatibility reasons). I won't go through the "top 10" list here; I just refer to the aforementioned since they're so rarely mentioned on such lists (bafflingly, in my view).
If you want to be really extreme, sure, go w/ pencil & paper and don't boot your computer. But that's a silly and hyperbolic reaction to a problem that's surmountable w/ knowledge & a good set of processes. - Garrett ----- Original Message ----- From: "Curt Wilson" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, July 19, 2007 7:18 PM Subject: [FDE] Data protection strategies, FDE and file/folder > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Dear FDE list: > > I'm starting to get involved in an encryption project and have some > thoughts about Windows-based encryption tools...I've used TrueCrypt, PGP > and GPG for years, but usually only in single-user mode and haven't had > to concern myself with key-escrow, enterprise backup, imaging, policies, > and other details. > > I'm concerned about data protection against unauthorized people and > against malware, mostly on desktop and laptop Windows boxen. > > If data is to be protected when the system is powered down, FDE makes a > lot of sense. If the system is at risk for theft/bootdisk drive access, > FDE makes a lot of sense. > > If data is to be protected when it's only accessed occasionally, then > file/folder encryption makes sense. > > If the data to be protected must be accessed on a continuous basis, what > are some strategies that can be used, given the reality of 0day and the > modern threat landscape? Head back to pen & paper? > > There are a few concerns that I have; these may be in some FAQ (pointers > appreciated!) > > How do you handle persistent temp files on Windows boxes such as those > generated by MS-Office? Sure, they are protected by FDE when the box is > powered down. but what about when the user has decrypted/booted past the > FDE auth and then gets nailed by a 0day in some client application? > (please don't say "just don't get owned") Hope and pray that they > weren't running as Administrator? Have them pull the network plug and > hope that the undetected keylogger they have doesn't just cache > everything for delivery the next time an Internet connection is > available? And those scenarios are just when you *know* that an attack > has taken place. > > The current state of Windows malware as I understand it is that the user > must generally be running as Administrator (for client-side malware; > obviously server components running as LocalSystem with bugs that open > ports are still a risk) in order for most malware to be able to do it's > nastiness. If someone is a restricted user then most malware will > probably fail, unless it's designed to do privilege escalation tricks or > unless it's designed to snag *data* that this particular user has access > to (decrypted, if using FDE and the system is booted, or decrypted if it > was protected with file/folder encryption and the user had need of that > data, or kept the data open longer than needed). I expect in the future > to see malware that does things like leverage priv escalation attacks, > and implement a sensitive data search to look for SSN's on the box > accessible to the logged-in user, pack them up with a key of the > attackers choice and HTTP upload those to the attackers malicious > server. Maybe this is already happening. > > I'm aware of the usual protection techniques such as hardening, > anti-<malware,virus,spyware,scumware,trojan,rootkit...> etc. but what I > am interested in learning is how to best approach an encryption scenario > in the face of such contemporary threats. Perhaps my expectations are > too high. > > I think that one must have FDE and file and folder encryption at the > same time to really cover things, but depending upon the usage scenario > f&f might not be helpful. I am not yet well-informed on the various > vendor offerings and would appreciate any suggestions, on or off-list. > > Thank you > > GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGn/FJnniipMjzOAIRAupfAJ9G/pTaFqC2fIhByPfQxN8TKj4mFgCfd3jF > 7mjYFOnolqIzOrYTmvT50cs= > =dYw/ > -----END PGP SIGNATURE----- > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
