Investigateway Index of investigatorsInvestigative resources sectionMembership advantages
Investigators Index Resources and informationInfo about membership

Computer Security

Your IP: 38.107.179.214

Your operating system: CCBot/1.0 (+http://www.commoncrawl.org/bot.html)

You came from: (none)

 

Computer Security - good advice by Ellis Network Associates

Brad Ellis of Ellis Network Associates is kindly providing this site with sensible advice and articles on computer security and best practice.

Self Encrypting Drives Pose New Challenges for Computer Forensics

What is a "Self Encrypting Drive" ?

Self Encrypting Drives have dedicated hardware (chips) added to the drive electronics to perform encryption. This dedicated encryption hardware can be added to the newer solid state drives, or traditional hard disks.

The encryption hardware protects information in the way that software encryption products do with some key differences:

  1. The encryption is performed using dedicated chips on the hard drive electronics board which are designed to work faster than software encryption, and don't slow down the other functions of your computer.
  2. All the user storage areas of the drive are encrypted - so that a separate drive and/or partition isn't required to start the computer.

The extra cost to consumers is around $20 - $40 per drive in server class drives, with a 1TB drive costing around $300. While these drives are higher quality, they are around an extra $200 over the price of the "standard" drives used in desktops.

What are the benefits of Self Encrypting Drives ?

The key benefit of these drives is their ability to protect information from unintended disclosure from stolen, misplaced or inadequately disposed of computer equipment.

There are also provisions in a number of US privacy laws that exempt organisations from mandatory reporting where "at rest encryption" is used.[1]

With the costs of data breaches relating to privacy being put at around $200 per record, for large organisations this can be a significant reduction in financial risk stemming from unintended disclosure. The cost of an unintended breach makes the extra $20 - $40 per drive a negligible cost.

The dedicated hardware performing the encryption offers higher levels of performance than software products.

Lastly, there is no need to install additional software to use the encryption features.

How secure are these drives ?

The easiest way to obtain access to the information on a self encrypting drive would be to intercept the password when it is typed in at boot time, using a key stroke logger. These can be fairly readily checked for and removed.

As the password isn't required once the drive has been unlocked, there is no need to store the password in memory. This reduces the chance of the password being recovered from memory.

By choosing strong passwords the process of attempting to guess the password becomes infeasible.

Where stronger approaches to authentication are used (eg. Biometrics), it becomes even harder to recover the decryption key to obtain access to the information on the drive.

Many of the drives are certified to comply with the US Federal Information Processing Standard (FIPS), providing additional confidence in the effectiveness of security of these drives.

This certification, combined with the approach taken to implementation should protect customers from recovery techniques like those used in the case of Michael Crooker[2].

It is speculated that the drive password was either obtained or bypassed by authorities to access the otherwise unprotected data contained on the hard drive.

A key remaining concern is have authorities required that "back-doors" be engineered into the chips that perform the encryption?

While this is possible, verification of the presence of a "back-door" is expected to be exceptionally difficult. The benefits to large corporations and many other users are expected to outweigh these concerns.

What are the challenges for forensics posed by Self Encrypting Drives ?

Forensic imaging tools may need to be updated to support the necessary mechanisms to complete the authentication process for self encrypting drives should be relatively simple.

A more challenging problem is how to obtain the authentication details where they are unknown, particularly as the powers granted to law enforcement under the Cybercrime Act may not be available in civil matters.

There is also the potential trap for an unsuspecting forensics professional to trip the security mechanisms and see the information effectively erased through the destruction of the encryption key.

While some challenges may remain for forensic practitioners, the good news is that at least for large organisations appropriate management of these new drives the forensics challenges can be overcome.

References

[1] http://www.seagate.com/docs/pdf/whitepaper/
[2] http://news.soft32.com/page657

Anti-Virus Software

Anti-virus Software protects your computer from malicious or unwanted software by preventing it from running on your computer.

When choosing anti-virus software look for software from a reputable vendor that releases frequent updates. Frequent updates are important, because the typical time for an anti-virus software vendor to release a detection and cleaning update is 8 hours after they receive a sample. So by the time you get the update, the malicious software will already be out - and if you are only updating weekly, you will be exposed to around 60 viruses by the time you get updates.

Knowing how your anti-virus software works is important, in avoiding fake anti-virus software, or viruses pretending to be anti-virus software !

Online and Offline Safety Tips

When you are online, it is important to:

  • Only visit websites that you trust, and be careful to understand the destination of any link you are clicking on.
  • For important activities like Internet Banking, close and re-start your browser and type in the URL rather than rely on favourites.
  • Only post pictures and other information onto the Internet that you want to be public.

Offline safety tips

  • Secure laptops and other peripherals in places that are out of sight and away from windows at home and in vehicles.
  • Consider the use of Encrypted Portable Storage devices for sensitive documents. While they are significantly more expensive, if they are accidentally misplaced, then you have increased confidence that your sensitive documents will remain confidential.
  • Consider keeping a backup of the information stored on your computer at an alternative location, to protect it in the event of a house fire.

This concludes the series on protecting your home computer, and these basic suggestions can be adapted for use in many businesses.

A simple and current example would be keeping an offsite copy of your company's website can save a lot of heartache.

More...

Ellis Network Associates

More useful advice Protecting Yourself Online published by the Australian Government - PDF

 

Data on MediaBrad Ellis of Ellis Network Associates is kindly providing this site with sensible advice and articles on computer security and best practice.

Often I get asked, "How do I protect my home computer ?". The answer is that there are a number of relatively simple steps that you can take to reduce the risk to your computer and information that is stored on it.

These steps are summarised as:

  • Backup your important data !
  • Use a Firewall
  • Keep software up to date
  • Anti-Virus is a must !
  • Online and Offline Safety Tips

These steps are similar to those used in businesses and large corporations, just simplified and on a smaller scale. So lets look at the above in more detail.

Backup your important data !

Many people don't realise how much of their life is now contained in their computer – photos of your new baby, e-mails from family and friends, personal and business tax records.

While my company assists customers recover data from virus infections, and other data issues, it is time consuming and expensive. If the damage is too extensive, we may not be able to recover all the data !

Backing up your data makes the recovery process far easier, as there is a second copy of your data that can be used. Your data can be backed up onto variety of devices - external hard drives can be used to backup entire computers, or flash drives or optical discs for smaller amounts.

External hard drives are very popular as many vendors include backup software with them, and there is a button on the device that you can press to backup the entire computer. Many people choose to make a second backup just in case there is a problem with the first.

Testing backups, by regularly restoring a file or directory to a different directory, is important to ensure that the backup are going to work when you need them most !

Lastly, backups need to be stored in a safe dry place following manufacturers recommendations. If you have a home safe, it is important to ensure that it is suitable for computer media. If it is rated to protect paper it may not keep computer media cool enough to prevent melting or damage.

In this article, we'll look at two more items – Using a Firewall and Keeping software up to date.

Using a Firewall

Firewalls help protect computers when they are connected to the Internet.

They do this by restricting the flow of information to only applications, or network communication protocols that you allow.

Firewalls will protect against unauthorised connections, and provide protection against a class of viruses, known as "worms".

Basic software firewalls are now included with operating systems to provide protection from network attacks.

More advanced firewalls, can include website filtering and scanning of content to further protect from dangerous content on the Internet.

In addition to protecting computers, firewall functionality is included many Internet routers as it allows multiple computers to share the internet connection.

Firewalls form a key protection mechanism as they remove vast amounts of the general "junk" on the Internet.

Keeping Software up to Date

Why keep software up to date?

Many computer programs contain software vulnerabilities that can be exploited or abused.

These vulnerabilities allow for modification of data, or even execution of alternate programs.

It used to be that these weaknesses were only abused by malicious e-mails or hackers for notoriaty,

now they are increasingly being used for commercial gain, or theft.

By keeping software up to date, you fix these vulnerabilties.

This further assists protect the security of your computer and the information contained on it.

Microsoft provides Windows Update to help ease the patching process for end users.

There are two cautions with patching for home users:

  • Patching can use several hundred megabytes of downloads in a month for a pc, so make sure you Internet plan allows for this.
  • It can be worth making a backup of your system prior to installing the regular patches, just in case something goes ary.

In case you are wondering if this is really needed - The following statistic from 2008 highlights the importance of patching and firewalls !

An unpatched and unprotected Windows computer connected to the Internet would be compromised by the "junk" of viruses and worms in around 5 minutes.

Ellis Network Associates

 

Surveillance Self-Defense

The Electronic Frontier Foundation (EFF) has created the Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.

Much if not all of the seriously important information applies to people in Australia as, arguably, Australian laws give government agencies even greater capability to access your life and invade your privacy.

Surveillance Self-Defense (SSD) exists to answer two main questions:

  • What can the government legally do to spy on your computer data and communications?

  • And what can you legally do to protect yourself against such spying?

 

Bascis about website access

When you access a website, you download multiple files to your computer, some of which are used by your browser to display a web page. Some of these downloaded files "do" something.

Generally interaction is achieved through files and code such as JavaScript, Java, ActiveX, Flash and more. It is possible to program some of this code to interact with your computer in ways that will harm you.

Unless you have a firewall and unless the firewall is configured correctly.

Imagine if, through your visit to a website, or through a hacking attack, your database of personal information, privileged reports, accounts and more, are uploaded by a "hostile" ActiveX applet, into someone else's computer to be used against you?

There are 65,535 different "ports" (or channels) in your computer through which a program or part of your operating system can communicate with someone or something on the internet.

Privacy is a privilege. It is also a duty, particularly if you are an investigator or security agent entrusted with data about clients or subjects of investigations. This is data, which in Australia, you must by law protect.

How to Protect Yourself From Big Brother »

Encryption is a solution if privacy means something to you »

 

Computer Forensics

Intrusion Detection, Honeypots and Incident Handling Resources - vast resources. Lawful Intercept (LI/CALEA) Links & Whitepapers right through to Honeypots and intrusion detection.

 

What network security is enough?

An article by Richard Wall, Modern Investigative Solutions»

Wireless Networking

Making it Secure - another article by Richard Wall»

PC Flank Tests

You can easily test your system for vulnerabilities to Internet threats with on-line tests. PC Flank's testing facilities consist of six on-line tests: Quick Test, Advanced Port Scanner, Stealth Test, Browser Test, Trojans Test and Exploits Test.

http://www.pcflank.com/test.htm

 

UP