-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear FDE list: I'm starting to get involved in an encryption project and have some thoughts about Windows-based encryption tools...I've used TrueCrypt, PGP and GPG for years, but usually only in single-user mode and haven't had to concern myself with key-escrow, enterprise backup, imaging, policies, and other details. I'm concerned about data protection against unauthorized people and against malware, mostly on desktop and laptop Windows boxen. If data is to be protected when the system is powered down, FDE makes a lot of sense. If the system is at risk for theft/bootdisk drive access, FDE makes a lot of sense. If data is to be protected when it's only accessed occasionally, then file/folder encryption makes sense. If the data to be protected must be accessed on a continuous basis, what are some strategies that can be used, given the reality of 0day and the modern threat landscape? Head back to pen & paper? There are a few concerns that I have; these may be in some FAQ (pointers appreciated!) How do you handle persistent temp files on Windows boxes such as those generated by MS-Office? Sure, they are protected by FDE when the box is powered down. but what about when the user has decrypted/booted past the FDE auth and then gets nailed by a 0day in some client application? (please don't say "just don't get owned") Hope and pray that they weren't running as Administrator? Have them pull the network plug and hope that the undetected keylogger they have doesn't just cache everything for delivery the next time an Internet connection is available? And those scenarios are just when you *know* that an attack has taken place. The current state of Windows malware as I understand it is that the user must generally be running as Administrator (for client-side malware; obviously server components running as LocalSystem with bugs that open ports are still a risk) in order for most malware to be able to do it's nastiness. If someone is a restricted user then most malware will probably fail, unless it's designed to do privilege escalation tricks or unless it's designed to snag *data* that this particular user has access to (decrypted, if using FDE and the system is booted, or decrypted if it was protected with file/folder encryption and the user had need of that data, or kept the data open longer than needed). I expect in the future to see malware that does things like leverage priv escalation attacks, and implement a sensitive data search to look for SSN's on the box accessible to the logged-in user, pack them up with a key of the attackers choice and HTTP upload those to the attackers malicious server. Maybe this is already happening. I'm aware of the usual protection techniques such as hardening, anti-<malware,virus,spyware,scumware,trojan,rootkit...> etc. but what I am interested in learning is how to best approach an encryption scenario in the face of such contemporary threats. Perhaps my expectations are too high. I think that one must have FDE and file and folder encryption at the same time to really cover things, but depending upon the usage scenario f&f might not be helpful. I am not yet well-informed on the various vendor offerings and would appreciate any suggestions, on or off-list. Thank you GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGn/FJnniipMjzOAIRAupfAJ9G/pTaFqC2fIhByPfQxN8TKj4mFgCfd3jF 7mjYFOnolqIzOrYTmvT50cs= =dYw/ -----END PGP SIGNATURE----- _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
