RE: Disk encryption killer: Anyone see this?
Yeah that too... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 4:01 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Simple to get past the screensaver password then? -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, December 21, 2012 12:59 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Its not hard to get a memory dump from a PC that is running, and you have the tools and the appropriate skilset. If the box is open and running, then have a field day... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 3:39 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless* it's hibernation file is unencrypted (read, no full disk encryption)? A fully encrypted disk that has a screen saver password is going to be pretty secure? You'll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack.. Ok how easy is it to get a memory dump from a running PC? Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off If the hiberfil.sys is encrypted, how do they get to it? Dave -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, December 21, 2012 10:59 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly- cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email
RE: Disk encryption killer: Anyone see this?
Do you mean, snag the clear-text version of the user's files? If the user has 500GB of data on their laptop, that could take a while to exfiltrate. Suppose you are Chinese/US/whatever intelligence. You wish to get the contents of the laptop belonging to a visiting business leader/dignitary/etc. The laptop is protected with Bitlocker or some other FDE technology. If you can trick them into installing this software, then exfiltrate the key, then you can break into the guy's/gal's hotel room, clone the disk, and decrypt it at your leisure. The other alternative, of exfiltrating all the data whilst the laptop is online, might be tedious, not be complete by the time the person leaves, and probably more prone to be uncovered. Cheers Ken -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, 23 December 2012 12:17 PM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? On Fri, Dec 21, 2012 at 7:20 PM, Ken Schaefer k...@adopenstatic.com wrote: Another option would be to trick the user into installing this software, or trick the user into somehow giving away access to the machine (aka these APTs we keep hearing about) and layering this on top. But if you can do that, why bother with trying to attack the encryption? Just wait for the user to use it, and snag the cleartext version. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Disk encryption killer: Anyone see this?
Good point. (Although I bet stealing the laptop would be prone to being uncovered, too. ;-) (Yes, I get that it's before vs after the data theft. :) ) ) On Sun, Dec 23, 2012 at 7:03 AM, Ken Schaefer k...@adopenstatic.com wrote: Do you mean, snag the clear-text version of the user's files? If the user has 500GB of data on their laptop, that could take a while to exfiltrate. Suppose you are Chinese/US/whatever intelligence. You wish to get the contents of the laptop belonging to a visiting business leader/dignitary/etc. The laptop is protected with Bitlocker or some other FDE technology. If you can trick them into installing this software, then exfiltrate the key, then you can break into the guy's/gal's hotel room, clone the disk, and decrypt it at your leisure. The other alternative, of exfiltrating all the data whilst the laptop is online, might be tedious, not be complete by the time the person leaves, and probably more prone to be uncovered. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk encryption killer: Anyone see this?
Don't steal the laptop. :) Break into the room - clone the drive, leave the laptop in place. Use the exfiltrated encryption key to decrypt the cloned disk at your leisure. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, 24 December 2012 3:37 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? Good point. (Although I bet stealing the laptop would be prone to being uncovered, too. ;-) (Yes, I get that it's before vs after the data theft. :) ) ) On Sun, Dec 23, 2012 at 7:03 AM, Ken Schaefer k...@adopenstatic.com wrote: Do you mean, snag the clear-text version of the user's files? If the user has 500GB of data on their laptop, that could take a while to exfiltrate. Suppose you are Chinese/US/whatever intelligence. You wish to get the contents of the laptop belonging to a visiting business leader/dignitary/etc. The laptop is protected with Bitlocker or some other FDE technology. If you can trick them into installing this software, then exfiltrate the key, then you can break into the guy's/gal's hotel room, clone the disk, and decrypt it at your leisure. The other alternative, of exfiltrating all the data whilst the laptop is online, might be tedious, not be complete by the time the person leaves, and probably more prone to be uncovered. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Disk encryption killer: Anyone see this?
On Fri, Dec 21, 2012 at 7:20 PM, Ken Schaefer k...@adopenstatic.com wrote: Another option would be to trick the user into installing this software, or trick the user into somehow giving away access to the machine (aka these APTs we keep hearing about) and layering this on top. But if you can do that, why bother with trying to attack the encryption? Just wait for the user to use it, and snag the cleartext version. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk encryption killer: Anyone see this?
Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly-capable-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk encryption killer: Anyone see this?
Yes and Pgpcrack also is another tool to crack PGP encryption. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly-cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk encryption killer: Anyone see this?
I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly-cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Disk encryption killer: Anyone see this?
This tool seems to have some serious caveats, like you have to have access to a running system and it's memory dump. On Fri, Dec 21, 2012 at 9:57 AM, Ziots, Edward ezi...@lifespan.org wrote: I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. ** ** Z ** ** Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org ** ** *From:* Chinnery, Paul [mailto:pa...@mmcwm.com] *Sent:* Friday, December 21, 2012 12:37 PM *To:* NT System Admin Issues *Subject:* RE: Disk encryption killer: Anyone see this? ** ** Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? ** ** *From:* David Lum [mailto:david@nwea.org david@nwea.org] *Sent:* Friday, December 21, 2012 12:29 PM *To:* NT System Admin Issues *Subject:* Disk encryption killer: Anyone see this? ** ** Comments anyone? Looks like bad news… http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly-capable-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ ** ** *David Lum* Sr. Systems Engineer // NWEATM Office 503.548.5229 //* *Cell (voice/text) 503.267.9764 ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk encryption killer: Anyone see this?
I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly-cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Disk encryption killer: Anyone see this?
I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly-cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Disk encryption killer: Anyone see this?
Alright, that's what I thought and I was wrestling with the question. Am I crazy or missing something here? I know, yes and yes. Still... On Fri, Dec 21, 2012 at 1:58 PM, Steve Kradel skra...@zetetic.net wrote: I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly-cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Disk encryption killer: Anyone see this?
What Steve said... You could unlock my safe if I gave you the keys as well, which is all that is happening here. Even the bit about using the hibernation file is not worthy of the headline they provided... It's not like they're *cracking* the encyption. *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Fri, Dec 21, 2012 at 2:06 PM, Jonathan Link jonathan.l...@gmail.comwrote: Alright, that's what I thought and I was wrestling with the question. Am I crazy or missing something here? I know, yes and yes. Still... On Fri, Dec 21, 2012 at 1:58 PM, Steve Kradel skra...@zetetic.net wrote: I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly-cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
Re: Disk encryption killer: Anyone see this?
On Fri, Dec 21, 2012 at 2:38 PM, Andrew S. Baker asbz...@gmail.com wrote: You could unlock my safe if I gave you the keys as well, which is all that is happening here. Even the bit about using the hibernation file is not worthy of the headline they provided... It's not like they're *cracking* the encyption. Extra! Extra! Read all about it! Sensationalist tech press headline is misleading! -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Disk encryption killer: Anyone see this?
Sensationalist tech press is sensational? On Fri, Dec 21, 2012 at 2:47 PM, Ben Scott mailvor...@gmail.com wrote: On Fri, Dec 21, 2012 at 2:38 PM, Andrew S. Baker asbz...@gmail.com wrote: You could unlock my safe if I gave you the keys as well, which is all that is happening here. Even the bit about using the hibernation file is not worthy of the headline they provided... It's not like they're *cracking* the encyption. Extra! Extra! Read all about it! Sensationalist tech press headline is misleading! -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk encryption killer: Anyone see this?
So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless* it's hibernation file is unencrypted (read, no full disk encryption)? A fully encrypted disk that has a screen saver password is going to be pretty secure? You'll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack.. Ok how easy is it to get a memory dump from a running PC? Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off If the hiberfil.sys is encrypted, how do they get to it? Dave -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, December 21, 2012 10:59 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly- cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
RE: Disk encryption killer: Anyone see this?
Its not hard to get a memory dump from a PC that is running, and you have the tools and the appropriate skilset. If the box is open and running, then have a field day... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 3:39 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless* it's hibernation file is unencrypted (read, no full disk encryption)? A fully encrypted disk that has a screen saver password is going to be pretty secure? You'll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack.. Ok how easy is it to get a memory dump from a running PC? Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off If the hiberfil.sys is encrypted, how do they get to it? Dave -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, December 21, 2012 10:59 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly- cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here
RE: Disk encryption killer: Anyone see this?
Simple to get past the screensaver password then? -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, December 21, 2012 12:59 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Its not hard to get a memory dump from a PC that is running, and you have the tools and the appropriate skilset. If the box is open and running, then have a field day... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 3:39 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless* it's hibernation file is unencrypted (read, no full disk encryption)? A fully encrypted disk that has a screen saver password is going to be pretty secure? You'll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack.. Ok how easy is it to get a memory dump from a running PC? Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off If the hiberfil.sys is encrypted, how do they get to it? Dave -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, December 21, 2012 10:59 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly- cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums
Re: Disk encryption killer: Anyone see this?
Not past the screensaver as such, but many/most/all machines with firewire ports are vulnerable. http://www.forensicswiki.org/wiki/Tools:Memory_Imaging So, turn off firewire in the BIOS, I guess. On Fri, Dec 21, 2012 at 1:01 PM, David Lum david@nwea.org wrote: Simple to get past the screensaver password then? -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, December 21, 2012 12:59 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Its not hard to get a memory dump from a PC that is running, and you have the tools and the appropriate skilset. If the box is open and running, then have a field day... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 3:39 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless* it's hibernation file is unencrypted (read, no full disk encryption)? A fully encrypted disk that has a screen saver password is going to be pretty secure? You'll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack.. Ok how easy is it to get a memory dump from a running PC? Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off If the hiberfil.sys is encrypted, how do they get to it? Dave -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, December 21, 2012 10:59 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly- cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: Disk encryption killer: Anyone see this?
One option would be to debug via a FW port. Another option would be to trick the user into installing this software, or trick the user into somehow giving away access to the machine (aka these APTs we keep hearing about) and layering this on top. Cheers Ken -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Saturday, 22 December 2012 7:39 AM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless* it's hibernation file is unencrypted (read, no full disk encryption)? A fully encrypted disk that has a screen saver password is going to be pretty secure? You'll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack.. Ok how easy is it to get a memory dump from a running PC? Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off If the hiberfil.sys is encrypted, how do they get to it? Dave -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, December 21, 2012 10:59 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly- cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here
RE: disk encryption
I am rolling PGP full disk encryption out this month, I am currently at 147 systems reporting in to the PGP console, with 45 of them people that are never in the office (thank you SMS!!!). In our org if you have a laptop, the disk gets encrypted. The central management features are the BOMB, I'll give the product a 92 out of 100... Dave From: Lists - Level 5 [mailto:li...@levelfive.us] Sent: Thursday, October 07, 2010 7:44 PM To: NT System Admin Issues Subject: RE: disk encryption Thanks guys, we considered moving to citrix but there are just too many applications to make it feasible in my opinion besides that the majority of the people are in the office the majority of the time. I am already playing with true crypt and looks promising, and I also like phonefactor.com for authentication. This basically intercepts and calls the cell phone of the user at login to acknowledge the attempt. I like not needing the extra device. I was looking at bit locker too as we have about half the company on win 7 pro, but the other half is still XP so we would obviously need to upgrade everyone just to get the same benefits of true crypt. From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, October 07, 2010 11:44 AM To: NT System Admin Issues Subject: RE: disk encryption We're evaluating Checkpoint as a whole disk encryption solution. We have a product called NxTop (Virtual Computer is the company) that is a combination of Imaging/encryption/USB management that works very well in most situations but we're looking at Checkpoint for another project. We have also used McAfee endpoint but don't get me started on that rant.. From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, October 07, 2010 11:27 AM To: NT System Admin Issues Subject: RE: disk encryption We have an existing PointSec implementation, and are moving towards PGP and/or Bitlocker. -sc From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Thursday, October 07, 2010 1:40 AM To: NT System Admin Issues Subject: RE: disk encryption Ben, We have done clients with whole disk encryption on the laptops. Works great. Doesn't protect against anything when the system is actually running, only when the laptops are stolen. PGP Desktop Whole disk is what we used then, but I would seriously look at Truecrypt now. Nice thing about PGP was the centralized management we had for maintaining PGP passwords and accounts. All of the data is stored on the server 2008 via RDP. They use it both internally and externally. No data is stored on desktops or servers. Desktops are locked down via GP and basically have a single icon for RDP, or are running thin clients. Takes care of most security issues, but if the servers have a problem you hear about it quick. :) Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Lists - Level 5 [mailto:li...@levelfive.us] Sent: Thursday, October 07, 2010 12:38 AM To: NT System Admin Issues Subject: RE: disk encryption Well that's what we are considering, the issue is they do have several graphics and presentation people, they also have a bunch of little 'apps' that im concerned with bog the server down. For example accounting dept has 2 different apps, then there is 3 people in graphics/marketing, and 2 attorneys who have their own app, HR has its own sql app, and then half the company uses Yardi (property mgmt. sql based). Then we get into cost, we already have 2 citrix servers, one is a vm, and one is a standalone and being phased out. Its running 2003 with citrix 3.x?? I would say its 5 years old from the last time they purchased anything. From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, October 06, 2010 11:39 PM To: NT System Admin Issues Subject: Re: disk encryption Why not just put everything on Citrix and have done with it? Not criticizing just asking? I would avoid encrypting the servers and lock them down tight and lock them up tighter. Jon On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 li...@levelfive.usmailto:li...@levelfive.us wrote: I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We were discussing full disk encryption and turning off cached mode for outlook etc etc. the client is pretty sensitive to protecting their data. One of the items that came up was whether we should just move to citrix so nothing is on the laptops and then encrypt the desktops in the office as well. Are there are recommendations for encryption people can recommend? I have only used the built in certificates with Windows to encrypt user profiles and am wondering if people would consider that secure enough or does pgp or some of these two factor disk encryption devices. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise
RE: disk encryption
We have an existing PointSec implementation, and are moving towards PGP and/or Bitlocker. -sc From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Thursday, October 07, 2010 1:40 AM To: NT System Admin Issues Subject: RE: disk encryption Ben, We have done clients with whole disk encryption on the laptops. Works great. Doesn't protect against anything when the system is actually running, only when the laptops are stolen. PGP Desktop Whole disk is what we used then, but I would seriously look at Truecrypt now. Nice thing about PGP was the centralized management we had for maintaining PGP passwords and accounts. All of the data is stored on the server 2008 via RDP. They use it both internally and externally. No data is stored on desktops or servers. Desktops are locked down via GP and basically have a single icon for RDP, or are running thin clients. Takes care of most security issues, but if the servers have a problem you hear about it quick. :-) Greg Sweers CEO ACTS360.com http://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Lists - Level 5 [mailto:li...@levelfive.us] Sent: Thursday, October 07, 2010 12:38 AM To: NT System Admin Issues Subject: RE: disk encryption Well that's what we are considering, the issue is they do have several graphics and presentation people, they also have a bunch of little 'apps' that im concerned with bog the server down. For example accounting dept has 2 different apps, then there is 3 people in graphics/marketing, and 2 attorneys who have their own app, HR has its own sql app, and then half the company uses Yardi (property mgmt. sql based). Then we get into cost, we already have 2 citrix servers, one is a vm, and one is a standalone and being phased out. Its running 2003 with citrix 3.x?? I would say its 5 years old from the last time they purchased anything. From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, October 06, 2010 11:39 PM To: NT System Admin Issues Subject: Re: disk encryption Why not just put everything on Citrix and have done with it? Not criticizing just asking? I would avoid encrypting the servers and lock them down tight and lock them up tighter. Jon On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 li...@levelfive.us wrote: I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We were discussing full disk encryption and turning off cached mode for outlook etc etc. the client is pretty sensitive to protecting their data. One of the items that came up was whether we should just move to citrix so nothing is on the laptops and then encrypt the desktops in the office as well. Are there are recommendations for encryption people can recommend? I have only used the built in certificates with Windows to encrypt user profiles and am wondering if people would consider that secure enough or does pgp or some of these two factor disk encryption devices. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: disk encryption
I'll be staying with PGP until it's been fully Symantecized, or perhaps later. If Truecrypt ever comes out with centralized management... That's really a huge big deal. On Thu, Oct 7, 2010 at 11:26 AM, Steven M. Caesare scaes...@caesare.comwrote: We have an existing PointSec implementation, and are moving towards PGP and/or Bitlocker. -sc *From:* greg.swe...@actsconsulting.net [mailto: greg.swe...@actsconsulting.net] *Sent:* Thursday, October 07, 2010 1:40 AM *To:* NT System Admin Issues *Subject:* RE: disk encryption Ben, We have done clients with whole disk encryption on the laptops. Works great. Doesn’t protect against anything when the system is actually running, only when the laptops are stolen. PGP Desktop Whole disk is what we used then, but I would seriously look at Truecrypt now. Nice thing about PGP was the centralized management we had for maintaining PGP passwords and accounts. All of the data is stored on the server 2008 via RDP. They use it both internally and externally. No data is stored on desktops or servers. Desktops are locked down via GP and basically have a single icon for RDP, or are running thin clients. Takes care of most security issues, but if the servers have a problem you hear about it quick. J *Greg Sweers* CEO *ACTS360.com http://www.acts360.com/*** *P.O. Box 1193* *Brandon, FL 33509* *813-657-0849 Office* *813-758-6850 Cell* *813-341-1270 Fax* *From:* Lists - Level 5 [mailto:li...@levelfive.us] *Sent:* Thursday, October 07, 2010 12:38 AM *To:* NT System Admin Issues *Subject:* RE: disk encryption Well that’s what we are considering, the issue is they do have several graphics and presentation people, they also have a bunch of little ‘apps’ that im concerned with bog the server down. For example accounting dept has 2 different apps, then there is 3 people in graphics/marketing, and 2 attorneys who have their own app, HR has its own sql app, and then half the company uses Yardi (property mgmt. sql based). Then we get into cost, we already have 2 citrix servers, one is a vm, and one is a standalone and being phased out. Its running 2003 with citrix 3.x?? I would say its 5 years old from the last time they purchased anything. *From:* Jon Harris [mailto:jk.har...@gmail.com] *Sent:* Wednesday, October 06, 2010 11:39 PM *To:* NT System Admin Issues *Subject:* Re: disk encryption Why not just put everything on Citrix and have done with it? Not criticizing just asking? I would avoid encrypting the servers and lock them down tight and lock them up tighter. Jon On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 li...@levelfive.us wrote: I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We were discussing full disk encryption and turning off cached mode for outlook etc etc. the client is pretty sensitive to protecting their data. One of the items that came up was whether we should just move to citrix so nothing is on the laptops and then encrypt the desktops in the office as well. Are there are recommendations for encryption people can recommend? I have only used the built in certificates with Windows to encrypt user profiles and am wondering if people would consider that secure enough or does pgp or some of these two factor disk encryption devices. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body
RE: disk encryption
We're evaluating Checkpoint as a whole disk encryption solution. We have a product called NxTop (Virtual Computer is the company) that is a combination of Imaging/encryption/USB management that works very well in most situations but we're looking at Checkpoint for another project. We have also used McAfee endpoint but don't get me started on that rant.. From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, October 07, 2010 11:27 AM To: NT System Admin Issues Subject: RE: disk encryption We have an existing PointSec implementation, and are moving towards PGP and/or Bitlocker. -sc From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Thursday, October 07, 2010 1:40 AM To: NT System Admin Issues Subject: RE: disk encryption Ben, We have done clients with whole disk encryption on the laptops. Works great. Doesn't protect against anything when the system is actually running, only when the laptops are stolen. PGP Desktop Whole disk is what we used then, but I would seriously look at Truecrypt now. Nice thing about PGP was the centralized management we had for maintaining PGP passwords and accounts. All of the data is stored on the server 2008 via RDP. They use it both internally and externally. No data is stored on desktops or servers. Desktops are locked down via GP and basically have a single icon for RDP, or are running thin clients. Takes care of most security issues, but if the servers have a problem you hear about it quick. :) Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Lists - Level 5 [mailto:li...@levelfive.us] Sent: Thursday, October 07, 2010 12:38 AM To: NT System Admin Issues Subject: RE: disk encryption Well that's what we are considering, the issue is they do have several graphics and presentation people, they also have a bunch of little 'apps' that im concerned with bog the server down. For example accounting dept has 2 different apps, then there is 3 people in graphics/marketing, and 2 attorneys who have their own app, HR has its own sql app, and then half the company uses Yardi (property mgmt. sql based). Then we get into cost, we already have 2 citrix servers, one is a vm, and one is a standalone and being phased out. Its running 2003 with citrix 3.x?? I would say its 5 years old from the last time they purchased anything. From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, October 06, 2010 11:39 PM To: NT System Admin Issues Subject: Re: disk encryption Why not just put everything on Citrix and have done with it? Not criticizing just asking? I would avoid encrypting the servers and lock them down tight and lock them up tighter. Jon On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 li...@levelfive.usmailto:li...@levelfive.us wrote: I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We were discussing full disk encryption and turning off cached mode for outlook etc etc. the client is pretty sensitive to protecting their data. One of the items that came up was whether we should just move to citrix so nothing is on the laptops and then encrypt the desktops in the office as well. Are there are recommendations for encryption people can recommend? I have only used the built in certificates with Windows to encrypt user profiles and am wondering if people would consider that secure enough or does pgp or some of these two factor disk encryption devices. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body
RE: disk encryption
Thanks guys, we considered moving to citrix but there are just too many applications to make it feasible in my opinion besides that the majority of the people are in the office the majority of the time. I am already playing with true crypt and looks promising, and I also like phonefactor.com for authentication. This basically intercepts and calls the cell phone of the user at login to acknowledge the attempt. I like not needing the extra device. I was looking at bit locker too as we have about half the company on win 7 pro, but the other half is still XP so we would obviously need to upgrade everyone just to get the same benefits of true crypt. From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, October 07, 2010 11:44 AM To: NT System Admin Issues Subject: RE: disk encryption We're evaluating Checkpoint as a whole disk encryption solution. We have a product called NxTop (Virtual Computer is the company) that is a combination of Imaging/encryption/USB management that works very well in most situations but we're looking at Checkpoint for another project. We have also used McAfee endpoint but don't get me started on that rant.. From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, October 07, 2010 11:27 AM To: NT System Admin Issues Subject: RE: disk encryption We have an existing PointSec implementation, and are moving towards PGP and/or Bitlocker. -sc From: greg.swe...@actsconsulting.net [mailto:greg.swe...@actsconsulting.net] Sent: Thursday, October 07, 2010 1:40 AM To: NT System Admin Issues Subject: RE: disk encryption Ben, We have done clients with whole disk encryption on the laptops. Works great. Doesn't protect against anything when the system is actually running, only when the laptops are stolen. PGP Desktop Whole disk is what we used then, but I would seriously look at Truecrypt now. Nice thing about PGP was the centralized management we had for maintaining PGP passwords and accounts. All of the data is stored on the server 2008 via RDP. They use it both internally and externally. No data is stored on desktops or servers. Desktops are locked down via GP and basically have a single icon for RDP, or are running thin clients. Takes care of most security issues, but if the servers have a problem you hear about it quick. J Greg Sweers CEO http://www.acts360.com/ ACTS360.com P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Lists - Level 5 [mailto:li...@levelfive.us] Sent: Thursday, October 07, 2010 12:38 AM To: NT System Admin Issues Subject: RE: disk encryption Well that's what we are considering, the issue is they do have several graphics and presentation people, they also have a bunch of little 'apps' that im concerned with bog the server down. For example accounting dept has 2 different apps, then there is 3 people in graphics/marketing, and 2 attorneys who have their own app, HR has its own sql app, and then half the company uses Yardi (property mgmt. sql based). Then we get into cost, we already have 2 citrix servers, one is a vm, and one is a standalone and being phased out. Its running 2003 with citrix 3.x?? I would say its 5 years old from the last time they purchased anything. From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, October 06, 2010 11:39 PM To: NT System Admin Issues Subject: Re: disk encryption Why not just put everything on Citrix and have done with it? Not criticizing just asking? I would avoid encrypting the servers and lock them down tight and lock them up tighter. Jon On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 li...@levelfive.us wrote: I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We were discussing full disk encryption and turning off cached mode for outlook etc etc. the client is pretty sensitive to protecting their data. One of the items that came up was whether we should just move to citrix so nothing is on the laptops and then encrypt the desktops in the office as well. Are there are recommendations for encryption people can recommend? I have only used the built in certificates with Windows to encrypt user profiles and am wondering if people would consider that secure enough or does pgp or some of these two factor disk encryption devices. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com
Re: disk encryption
Why not just put everything on Citrix and have done with it? Not criticizing just asking? I would avoid encrypting the servers and lock them down tight and lock them up tighter. Jon On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 li...@levelfive.us wrote: I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We were discussing full disk encryption and turning off cached mode for outlook etc etc. the client is pretty sensitive to protecting their data. One of the items that came up was whether we should just move to citrix so nothing is on the laptops and then encrypt the desktops in the office as well. Are there are recommendations for encryption people can recommend? I have only used the built in certificates with Windows to encrypt user profiles and am wondering if people would consider that secure enough or does pgp or some of these two factor disk encryption devices. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: disk encryption
Well that's what we are considering, the issue is they do have several graphics and presentation people, they also have a bunch of little 'apps' that im concerned with bog the server down. For example accounting dept has 2 different apps, then there is 3 people in graphics/marketing, and 2 attorneys who have their own app, HR has its own sql app, and then half the company uses Yardi (property mgmt. sql based). Then we get into cost, we already have 2 citrix servers, one is a vm, and one is a standalone and being phased out. Its running 2003 with citrix 3.x?? I would say its 5 years old from the last time they purchased anything. From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, October 06, 2010 11:39 PM To: NT System Admin Issues Subject: Re: disk encryption Why not just put everything on Citrix and have done with it? Not criticizing just asking? I would avoid encrypting the servers and lock them down tight and lock them up tighter. Jon On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 li...@levelfive.us wrote: I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We were discussing full disk encryption and turning off cached mode for outlook etc etc. the client is pretty sensitive to protecting their data. One of the items that came up was whether we should just move to citrix so nothing is on the laptops and then encrypt the desktops in the office as well. Are there are recommendations for encryption people can recommend? I have only used the built in certificates with Windows to encrypt user profiles and am wondering if people would consider that secure enough or does pgp or some of these two factor disk encryption devices. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: disk encryption
Ben, We have done clients with whole disk encryption on the laptops. Works great. Doesn't protect against anything when the system is actually running, only when the laptops are stolen. PGP Desktop Whole disk is what we used then, but I would seriously look at Truecrypt now. Nice thing about PGP was the centralized management we had for maintaining PGP passwords and accounts. All of the data is stored on the server 2008 via RDP. They use it both internally and externally. No data is stored on desktops or servers. Desktops are locked down via GP and basically have a single icon for RDP, or are running thin clients. Takes care of most security issues, but if the servers have a problem you hear about it quick. :) Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Lists - Level 5 [mailto:li...@levelfive.us] Sent: Thursday, October 07, 2010 12:38 AM To: NT System Admin Issues Subject: RE: disk encryption Well that's what we are considering, the issue is they do have several graphics and presentation people, they also have a bunch of little 'apps' that im concerned with bog the server down. For example accounting dept has 2 different apps, then there is 3 people in graphics/marketing, and 2 attorneys who have their own app, HR has its own sql app, and then half the company uses Yardi (property mgmt. sql based). Then we get into cost, we already have 2 citrix servers, one is a vm, and one is a standalone and being phased out. Its running 2003 with citrix 3.x?? I would say its 5 years old from the last time they purchased anything. From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, October 06, 2010 11:39 PM To: NT System Admin Issues Subject: Re: disk encryption Why not just put everything on Citrix and have done with it? Not criticizing just asking? I would avoid encrypting the servers and lock them down tight and lock them up tighter. Jon On Wed, Oct 6, 2010 at 10:46 PM, Lists - Level 5 li...@levelfive.usmailto:li...@levelfive.us wrote: I have a small client, 15 laptops, 20 desktops , 8 servers on a 2008 domain. We were discussing full disk encryption and turning off cached mode for outlook etc etc. the client is pretty sensitive to protecting their data. One of the items that came up was whether we should just move to citrix so nothing is on the laptops and then encrypt the desktops in the office as well. Are there are recommendations for encryption people can recommend? I have only used the built in certificates with Windows to encrypt user profiles and am wondering if people would consider that secure enough or does pgp or some of these two factor disk encryption devices. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin