RingCube Managed Virtual Workspaces to be Delivered on MXI Security Biometric USB Drives
NEWS RELEASE
Mountain View and Santa Ana, Calif., July 15, 2008 – RingCube Technologies, a leading provider of the managed, virtual workspace, and MXI Security, the leader in superior managed portable security solutions, partner to deliver MojoPac Enterprise on MXI Security’s Stealth MXP Biometric USB drives. The integrated mobile virtual desktop solution enables users to securely carry their entire desktop environment including applications, files and settings on a portable USB drive and access it from any PC – at work, home, at a customer site or on a public computer -- online or offline. MXI Security USB portable security devices ensure that RingCube’s high performance virtual workspaces are protected by the highest 2-factor biometric user authentication and the strongest AES 256-bit hardware encryption to prevent data leakage and unauthorized access.
“Workers who travel from office to office or between the office and home like the convenience of having their desktop available without having to carry a notebook from point to point. Virtual desktops that run off a USB flash or hard drive give users a portable personality with all of their applications, data and preferences delivered in a familiar work environment that is available offline on any PC,” said Leslie Fiering, Research Vice President, Gartner Group. It is critical that organizations secure the virtual desktop environment with encryption, strong authentication and host security checks to verify that the host is secure and trusted before the user can login.”
RingCube’s award-winning MojoPac virtualization technology separates a user’s desktop environment, including applications, data, settings and system resources, from the operating system and encapsulates it into a secure container. Users can run their managed virtual workspace on unmanaged, non-corporate PCs – at home, at a client site or in a hotel business center. By plugging their MojoPac-enabled USB portable security device into a host PC, mobile professionals can transform any Windows PC into their own familiar and personalized workspace to access their files, applications, settings and entire desktop, as if they were on their own PC. Before allowing the user to launch their workspace, MojoPac verifies the security of the system based on administrator-defined policies. For administrators, RingCube provides an Administration Server that makes creating, deploying and managing virtual desktop environments easy and less costly.
“We are honored to have RingCube delivering their innovative virtualization technology on MXI Security portable security devices,” said Lawrence Reusing, CEO at MXI Security. “The combination of RingCube’s high-performance virtual workspaces and MXI Security’s high-capacity biometric USB drives with the ACCESS Enterprise device lifecycle management solution make it possible to take corporate desktops anywhere with the highest level of security.”
Enterprise companies can provide drives to employees, contractors or customers that are pre-provisioned with the user’s workspace or let them self-provision their workspace from RingCube’s web-based Client Portal. To launch the MojoPac workspace, users simply plug-in their MXI Security USB portable security device into any PC, swipe their finger across the biometric reader, and then will be automatically logged-in to their MojoPac workspace. Once logged in, users have access to their personalized applications, files, settings and desktop environment.
“Today’s workers are demanding ever-increasing levels of mobility, putting a serious strain on enterprises’ ability to manage these users and keep their data and systems secure,” said Ron DiBiase, RingCube’s VP of Business Development. “The partnership between RingCube and MXI Security enables enterprise customers to give their users portable workspaces that can be carried in the palm of their hand, while providing the security of biometrics and hardware encryption.”
MXI Security USB portable security devices provide secure portable storage that includes biometric authentication and AES 256-bit hardware encryption for MojoPac Enterprise workspaces. MXI Security Biometric USB portable security devices are available immediately in either a USB Flash Drive or USB Hard Drive. Stealth MXP™ is a fully manageable FIPS 140-2 Level 2 validated USB device that protects up to 8 gigabytes of data with AES 256-bit hardware encryption and strong authentication (biometric, password or both). Stealth MXP delivers strong authentication for network logins/SSO, remote access and full disk encryption with total portability.
Outbacker MXP™ protects up to 120 gigabytes of data with AES 256-bit hardware encryption with strong user authentication and supports digital identity functions with complete portability and simplicity. Outbacker MXP is a fully manageable hard disk drive device ideally suited for organizations that need high capacities for portable data or portable desktop and OS environments.
RingCube is the leading provider of the managed virtual workspace. The company’s award-winning software platform, MojoPac, enables enterprise and consumer users to securely access their complete personal computing experience from any Windows PC around the world. The company is venture-backed by New Enterprise Associates (NEA) and Mohr Davidow Ventures (MDV) and is based in Santa Clara, Calif.
MXI Security leads the way in providing superior managed portable security solutions designed to meet the highest security and privacy standards of even the most demanding customers.
MXI Security solutions combine the power of strong user authentication, digital identity and data encryption to protect access to sensitive information and systems.
Easy to manage and transparent to the end user, MXI Security solutions enable organizations to satisfy multiple security needs with a single device, facilitating greater mobility without compromising security.
Source: OnPR for MXI Security
RingCube and MXI Security™ Partner to Deliver a Virtual Desktop on the hardware-encrypted Stealth MXP™ Biometric USB Drive
Who exactly does own the documents you store online?
Storing documents, etc. in the “cloud”... My first and immediate advice... don't
by Michael Smith (Veshengro)
With online office applications improving in quality all the time, they are quickly becoming the tools of choice for web workers.
Between the ability to access your documents from anywhere via a web-enabled PC or laptop, the easy sharing, and the automatic backups, and all that more and more people who are using these services.
But in this rush to go online, we all sometimes fail to understand exactly what we are getting for free there in the cloud. If you use these services for more business purposes, it is worth a look at their Terms of Service.
Let us therefore look at the terms for three of the major alternatives in the online document space – Google Docs, Zoho, and Adobe’s new Acrobat.com service. What I found might give you some pause for thought – especially if you tend towards the cautious and/or paranoid end of the business user spectrum.
In order to find the terms for Google Docs, you need to first go to the “Help Center”, and then follow three separate links to the privacy policy, terms of service, and additional terms. Here are a few excerpts – and may be here is the right place to insert the disclaimer that says, “I am not a lawyer”. Therefore, for full details, you do best to read the originals themselves and – ideally – discuss them with your own attorney ot paralegal.
As far as Google is concerned while you retain copyright, “you give Google a worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through the Service for the sole purpose of enabling Google to provide you with the Service in accordance with its Privacy Policy.”
Oh lovely... so they can use anything you and I store online in any way that they like. I think so NOT!
Also, Google can discontinue the service at any time with no notice, and you may lose your files with no notice.
Furthermore, Google retains the right to filter or remove content, can put ads wherever they want, with no notice to you.
Also, you may like to note that deleted documents may remain on Google’s servers for up to three weeks.
Zoho’s Terms of Service and privacy policy are linked directly from their home page. If you read them, you’ll find:
“Unless specifically permitted by you, your use of the Services does not grant AdventNet the license to use, reproduce, adapt, modify, publish or distribute the content created by you or stored in your Account for AdventNet’s commercial, marketing or any similar purpose.”
While this sounds already better than the previous ones, below a couple of more, namely that Zoho can block or remove content that infringes copyright or violates laws.
Zoho can also terminate your account at any time for any reason and here files may remain on their servers after deletion for an unspecified length of time.
So, are you still considering to store your documents in the cloud?
Acrobat.com, like Zoho, has its services agreement and privacy policy linked from their home page. On the minor annoyances side, the terms are only available as a PDF, not online as with other services. So, you have to download them first in order to read them, or have Adobe Reader open them in the browser.
Here are some ideas as to what the TOS and other policies contain:
Adobe can discontinue providing the service at any time, with no notice.
According to the information you retain ownership of your files, but “By maintaining your Content on the Services, you grant to Adobe a non-exclusive, worldwide, perpetual, royalty-free and fully paid license under all intellectual property rights to copy, distribute, transmit, publicly display, publicly perform, transmit, and reformat your Content solely to deliver the Services to you.”
Sorry, do I understand rightly that the majority of them, that is to say here in this case two out of three, seem to take upon themselves the right that they own, theoretically, access to my documents that I may store on their services and the right to, while I “retain the copyright” they can use the material in any way that they choose. Duh?
And, Adobe may read your content for legal or technical reasons.
So what’s it all mean? Reading over all three agreements, it’s very clear that Google and Adobe have more lawyers hanging around than does AdventNet (Zoho’s corporate name). - and, like lawyers everywhere, they’ve gotten their fingers into the pie. Of the three services, Google has perhaps the most intrusive agreement, thanks to their explicitly reserving the right to serve ads anywhere. As far as ownership goes, you should be OK with any of these services; although Google and Adobe claim licenses, the full terms make it clear that these license are limited to actually providing you the service you’re using.
One thing that’s clearly missing is any sort of backup guarantee. While you may feel more secure storing your documents on Google’s or Zoho’s or Adobe’s servers than your own, that security is not something that you’re promised. Any of the three can lose your documents or terminate your ability to get to them at any time for pretty much any reason, and you’re out of luck. So if you do put important things online - back them up somewhere else.
Therefore, don't rely on this kind of storage. Do your own backup and store your data offline on internal and external hard drives, CDs, etc.
As I have previously said in my article "Cloud Computing – Methinks not!" you may, if the services fail, find yourself up the creek without a paddle and I certainly would not rely, ever on this.
Also, none of these services guarantee you privacy nor the integrity of your documents. While some, a great number in fact, of Web 2.0 services and such are great for all of us to use and I love the iScrybe service and Google Calendar and I also have a Google Mail account, I will not rely on Web 2.0 for storage of my data of any kind.
While this may upset some people and also some of the providers what I am saying here the fact remains that such services are – probably – great when it comes to document sharing and online collaboration but more or less permanent storage in the cloud I would most certainly advise against.
I know that I am still old fashioned and give me the option I probably would still make tape backups even. When it comes to documents and such like, they are all best kept close to you, especially if you value the information and do not, necessarily, want the entire world to know; at least not before you choose to bring out the information into the public domain.
So, in summing up, yet again my advice: by all means use online services, “in the cloud” services, for documents that you want to be able to access remotely or that you want to share with other for purposes of collaborations and such, but do not keep your data there as a means of more or less permanent storage facility. Those service are not ideal for that.
© M Smith (Veshengro), July 2008
Zero day flaw in WORD allows exploits by Trojan
by Michael Smith (Veshengro)
Microsoft warned on July 10, 2008, that an unpatched security vulnerability in WORD has become the subject of targeted attacks.
Yet another security flaw in Microsoft products? You don't say... The more I see of Microsoft the more I wonder what kind of incompetence reigns there at Redmond.
The flaw – which, supposedly, is restricted, so they claim, to Microsoft Office WORD 2002 Service Pack 3 (one may wonder when they notice that it not just affects that one) – creates a mechanism for hackers to inject hostile code onto vulnerable systems. Redmond has published workarounds as a stop-gap measure while its researchers investigate the flaw in greater depth.
In the meantime, Microsoft is keen to downplay alarm. "At this time, we are aware of limited, targeted attacks attempting to use the reported vulnerability, but we will continue to track this issue," a post on its security response blog explains.
The vulnerability has appeared in a number of samples on malware. A widening number of anti-virus firms have issued signature updates to defend against the threat.
Symantec, acting on samples sent to it by handlers at the SANS Institute's Internet Storm Centre, was the first to publish an advisory.
Maybe a firewall would be advisable here as well that can prevent the injection of hostile code such as the recently tested – by me, due to my favorite Zonealarm having been disabled by the nice guys from Redmond with Microsoft Security Update for Windows KB951748 – PC Tools' free Firewall. It has an advanced facility that can prevent the injection of code. It can be annoying though when this is set as it will have the little window pop up every time that you launch a program, until it has learned which programs are allowed to do this and that.
The timing of the arrival of the exploit meant Microsoft had not enough time to respond before its regular “Patch Tuesday” update, This factor is probably no coincidence. So far the direct details of the flaw are still under investigation and it can be safely assumed that they will probably be withheld from the public and industry even until a fix is unavailable. It is also not at all clear as to who the attack is targeting and aimed at. However, historically unpatched WORD exploits are a particular favorite of Chinese hackers.
Seeing how clever Redmond was recently with Microsoft Security Update for Windows KB951748, which disabled most if not indeed all Zonealarm applications and so far we have no response from them as to that foul up, why should we trust them when they are so silent.
Many people seem to believe that the disabling of Zonealarm in the above mentioned patch was no coincidence but was in fact one of the aims.
Yet again, I cannot and will not comment further to such claims as they cannot, so far, be substantiated and proven. Let the reader, however, beware.
The best advice, I am sure, can only be here, yet again, to go Open Source, and to use and alternative to Microsoft Office. There are a number of them available and most are as good, at least, as MS Office.
As I, personally, am moving – work wise – between Linux and Windows all the time, I am using only, nowadays, Open Office 2.0 for all the work that generally would have been the domain of MS Office. This is with the exceptions as and when WORD needs to be used to work with some templates, for instance, such as Avery Dennison's ones, as they still do not have created an Open Office interoperability.
I am not saying that there may not be vulnerabilities in Open Office or the other Open Source products. The fact remains, though, that most hackers do not seem to even attempt to target such open source software and also operating systems. Or, more precisely, in the case of the operating systems, such as Linux Ubuntu, they try to get somewhere but do not succeed.
© M Smith (Veshengro), July 2008
To patch or not to patch – that is the question
by Michael Smith (Veshengro)
After the recent episode of problems with a “security” update by Microsoft for Windows XP that disabled not only the Zone Alarm firewall on my system but, basically, all Zone Alarm firewalls left, right and center, that is to say the firewalls of thousands of other users worldwide, I am beginning to wonder, yet again as to the question of patch or no patch.
The question is as to whether downloading patches, and other such so highly tauted important updates and patches, from Microsoft for Windows is such a great idea. I have had problems in that department before but we shall touch on the advice given to me by computer personnel later in this article.
Obviously, initially, and I assume I was not alone there, I thought that the Zone Alarm program had gone bonkers for some reason or other and I uninstalled the older version, that is to say 6.5, downloaded the latest version, installed same but, guess what? Well, you guessed it... zilch. The problem persisted. No access to anything on the Web, neither my emails via the email client nor web pages. Nothing was loading.
As I wanted and need Internet access, which I just could not get, I disabled Zone Alarm, accessed the Web and downloaded PC Tools' Firewall which though nice and rather powerful if just not Zone Alarm (sorry PC Tools... nothing wrong with the program... just me having used Zone Alarm now for so many years and that...). I am sure you all know what it is like when you have gotten used to and used to trusting something for many years.
Had it, however, not for the fact that I got PC Tools' firewall I would not have been able to get online and finally find out that I was not the only one affected and that Zone Alarm was advising that there is a problem for all Zone Alarm users with the Microsoft Security Update for Windows KB951748. Cheers Microsoft! I followed the instructions provided by Zone Alarm's website and uninstalled that patch and put Zone Alarm back on and all is well.
But back to the question of “to patch or not to patch”...
Years ago some geeks told me not ever to install any patched and so-called “security updates” from Microsoft as some of them were doing more harm than good and I must say I have had a couple of occasions in those days when that did happen and when, according those that then sorted out the PC for me (before I learned a lot of how to deal with them things), the reason for the malfunctions were those “security updates” from Microsoft.
I may just about go back to those days after the above events when I no longer installed any “security updates” and “patches” from Microsoft and do as I did then, while ensuring, obviously, that all possible security software is in place and continually updated.
I must say that, after some bad experiences with patches, such as disabled Open Source software on my PC and disabled add-ons to Firefox I am beginning to think and to believe that there is something in what some of the geeks used to say and still say about Microsoft's patches and such; namely that some of those pieces of software are there to check on one's system and disable software in use that Microsoft does not agree with or approve of. I have no proof for that and therefore make no claims as to whether or not what others have said and claimed is the truth or not.
All I am beginning to wonder is as to whether “to patch or not to patch?”
Who would have believed that an update patch, in this case Microsoft's Security Update for Windows KB951748, direct from a supposedly reputable source would disable a firewall on PCs and only, so it would appear, the firewalls of one particular company.
Let me hear your thoughts, theories and even conspiracies on this.
And, the question remains, “to patch or not to patch?”
As I have indicated already, I am of a mind right now to turn off, as I had done with previous Windows operating systems, automatic updates, and leave the operating system as it is and just just run the best third-party protection software and keep said programs updated, obviously, ate a more-or-less daily basis.
The “game” with Microsoft updates “killing” off Zone Alarm cost me hours of productive work and while I managed to get back online, protected, with PC Tools' firewall, which, as said, is quite neat and has lots of features, I was missing my Zone Alarm that I was familiar with and with which I have good experiences. This was time that I could have use much better in researching and writing articles or doing other productive work and things. Messing around with a computer when you are not really certain as to what has happened in the first place does not rather as very good entertainment in by book.
I would love to hear Microsoft's response and excuse with regards to this as to how and why and wherefore this happened and what guarantees they are proposing to give and what safeguards they are putting in place that this is not going to happen again with other patches. Mind you, I doubt that we will get a real response from Microsoft at all. Corporations such as that one and especially that one think that they are different and do not have to do things like that.
So, “to patch or not to patch?”
I think my answer – for the time being at least – you all can guess. What say the rest of you?
© M Smith (Veshengro), July 2008
Cloud Computing – Methinks not!
by Michael Smith (Veshengro)
I know that so-called “in the cloud” computing is becoming increasingly popular especially with the kind of PCs with little if any proper hard disk drive.
Other people who like the idea of “in the cloud” computing are those that are constantly on the move and those that have to do lots of collaboration work on documents and such with others many miles away.
They like the idea if “in the cloud” computing as they can, generally, access their data, their documents, their bookmarks, etc. from any Web-enabled computer from anywhere in the world.
While access to one's documents and other data from any Internet enabled computer from wherever in the world might be a lovely idea, however, and this is why I said “generally” a moment ago, what if the online service goes down for some reason or throws an extended wobbly? Or, if the problem that I am currently having with Yahoo's “My Web 2.0” where I can only get access at times for a short while and then it will not acknowledge my sign in for days on end.
If that happens the user is then “up the creek without a paddle”, as the saying goes, and especially and even more so if there is no other virtual or better still physical location where this data is held. If it is just in that particular cloud that is gone down then “oops!”
My advice would be rather to have but the data that you need to use when on the move and such on removable media, such as USB sticks – and those should, ideally, be encrypted ones – external portable hard drives or such. Do not rely in any way whatsoever on “in the cloud”.
This also applies for stuff when working in fixed locations.
If you want to use one of those new micro PCs or Laptops then have external portable hard drives as storage devices. Attached peripherals, including hard disks and others such as floppy drives and even, when they arrived, CD drives, used to be the norm in the early desktop computers like they were used with the military. Everything was attached on the outside, basically. With today's technology of USB 1.1 and USB 2.0, as well as Firewire, such devices are damned fast.
I know that I am rather contrary here to most people and I know that a lot of “web workers” love the “in the cloud” computing and storage but... I certainly advise against the “in the cloud” approach
While I know that this does set me at odds with a lot of people, if not indeed all of them, of the Web 2.0 field, it is my belief that online data storage and document storage is not a good idea. At least not without holding duplicates, and maybe even triplicates, of the information that is put up into the cloud, stored, back at base.
In addition to this, that is to say, data being inaccessible if the server of the host should have problems or whatever, my other concerns with regards to “in the cloud” computing are what if (1) the provider changes their rules and a free service suddenly is one that needs paying for or (2) what if service gets withdrawn, as most EULAs state that changes can be made without prior notification, or (3) what if the provider simply folds?
I know that those above are a worse-case scenario type of thing but, if you do not hold that data that you have in the cloud elsewhere that you may have lost it all.
The other question that goes with “in the cloud” computing in the security and privacy of your information and document. Many companies that provide online storage facilities, especially that that do so for free, have it in small print on the EULA that states that the data, the documents, the photos, the what-have-you, that you upload to store in their cloud becomes their property and they can share it, display it, etc. Duh? Sorry, not the way I am playing. I value my privacy and that of my data.
Therefore, as far as I am concerned, there maybe, in the future, some “in the cloud” computing for me, but certainly not much, and if I am going for some of those E-PCs then they will have HDD and other stuff attached on the outside. My data stays securely where I can control it, thanks. And where I can get to it when I want to and need to and where I am not reliant on a server that may, or may not, be working at that particular moment.
© M Smith (Veshengro), July 2008
The Boss' guide to Geek Speak
Peter Mitteregger, European Vice President CREDANT Technologies
Do you speak Geek?
Every company today relies heavily on technology to complete even the most basic of day to day activities. Yet this reliance comes at a price. The news is full of organisations having to put their hands up to a breach of sensitive data from one source or another – be it a deliberate attack or a victim of circumstance with a mislaid laptop. Combine this with the ICO's determination to name and shame any who do not adhere to the Data Protection Act and enforce its eight principles and its simple to see the financial implications of taking an ostrich’s approach.
The problem is fully comprehending the weaknesses you face and how best to strengthen them. You've got your top man on the job but when he presents you with his report it's full of acronyms, end points, phishing, pod slurping and other such terms that are better suited in the dialogue of an episode of Red Dwarf. Geek speak often sounds like normal English that doesn't quite make sense because familiar words have been given a new meaning. For example, a port is no longer where a ship docks and a spool isn’t for thread and, for that matter, a thread is no longer a thin strand of cotton. Executing a program is not at all the same thing as killing it.
This article aims to decipher the jargon, converting it to real business contexts, enabling you to not only understand what is being asked for, and how much it will all cost, but fully comprehend why it is needed. Simply, it will give you the power to communicate with the Geeks.
So let’s start at the beginning
Let’s look at some of the everyday terms used to describe the technology we use and how it works :
Architecture : a term applied to both the process and the outcome of thinking out and specifying the overall structure, logical components, and the logical interrelationships of a computer, its operating system, a network, or other conception. Computer architecture can be divided into five fundamental components: input/output, storage, communication, control, and processing.
Client/Server Architecture : network where some computers are dedicated workstations (often referred to as clients) and some are dedicated servers; information is centralised on the server and an administrator sets policies and manages it.
LAN (Local Area Network) : network that operates within a small geographic area, usually within a building, office or department.
WAN (Wide Area Network) : geographically dispersed network of computers.
WWAN (Wireless Wide Area Network) : wireless connectivity to the Internet. That allows a user with a laptop or PDA and a WWAN card to surf the Internet, check email, or connect to a Virtual Private Network (VPN) from anywhere within the regional boundaries of mobile services.
Operating System : sometimes abbreviated to OS it is the program that, after being initially loaded into the computer by a boot program, manages all the other programs in a computer. The other programs are called applications. For example, Microsoft Windows Vista is the operating system, while Microsoft Word and Adobe Acrobat are applications.
Data : information that has been translated into a binary digital form that is more convenient to move or process. It is measured in bits (the smallest unit of data in a computer) and bytes (the standard size - 8-bits).
Mobile Device / End Points : This includes mobile phones, laptops, PDAs, memory sticks, CDs, iPods, even digital cameras. It encompasses anything portable that data can be transferred to.
Wi-Fi (wireless fidelity) : a term for certain types of wireless local area network (WLAN) that use specifications in the 802.11 family.
What we’re trying to avoid
Now that we understand what we’re talking about protecting, let’s look at some of the things that we’re trying to protect them from:
War Driving : locating and exploiting security-exposed wireless LANs. Unless adequately protected, a Wi-Fi network can be susceptible to access by unauthorised users who use the access as a free Internet connection.
Spyware : any technology that aids in gathering information about a person or organisation without their knowledge. On the Internet (where it’s sometimes called a spybot or tracking software), spyware is programming that’s put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties.
BotNet : a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer (often home-based) is referred to as a zombie - in effect, a computer "robot" or "bot" that serves the wishes of some master spam or virus originator.
Keylogging –records every key pressed on the computer keyboard to get at sensitive data, such as passwords.
PodSlurping : the unauthorised download of data from a computer to a small device with storage capacity, such as a Flash drive or an iPod or other MP3 player. The small size of the devices and the ease of connectivity - for example through the USB port or a wireless Bluetooth connection - makes it possible for anyone with computer access to surreptitiously download files from it
The Best Defence is a Solid Defence
This final section looks to decode what can be used to protect against some of these threats :
Firewall : a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.
Authentication : the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks, authentication is done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic.
Encryption : the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorised people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. Encryption/decryption is especially important in wireless communications. This is because wireless circuits are easier to "tap" than their hard-wired counterparts.
Full-disk encryption (FDE) : a process that encrypts everything on the hard disk, i.e. the media - this means that when data is saved to an encrypted disk it is encoded, all without user action. This includes the operating system, swap file, any temporary files and all the free space on the drive. The swap and temporary files can often leak important confidential data to a hacker. FDE also provides support for pre-boot authentication. It's an effective technique, but encryption can double data access times, particularly when virtual memory is being heavily accessed also, it is only effective if the machine is switched off. With FDE, only one key is used to encrypt the entire disk. Usually keys are stored on the local system, and their sole protection is typically the user's password or passphrase. And we all know how weak they can be! FDE does not protect against the most damaging breaches posed by an authorised user who has “legitimate” access to sensitive information who either accidentally or maliciously chooses to misuse or leak that information.
Full Data Encryption : full disk without the risk – only encrypting the data, not the media it is saved to. Encryption can take place whether data is on a desktop, laptop, PDA, or USB stick and it's granular, so administrators can set policies to determine which data is protected and against whom. As FDE uniquely protects individual users’ data, without interfering with the other operational processes (upgrades, patches, etc) that need to be done, it protects against the internal threat and provides lower TCO.
IDSes (Intrusion Detection Systems) : pretty much what it says on the tin detecting potential intrusions.
IPS (Intrusion Prevention Systems) : a pre-emptive approach to network security used to identify potential threats and respond to them swiftly. Like an intrusion detection system (IDS), an intrusion prevention system (IPS) monitors network traffic. Intrusion prevention systems also have the ability to take immediate action, based on a set of rules established by the network administrator.
VPN (Virtual Private Network) : a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organisation's network. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunnelling protocols such as the Layer Two Tunnelling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.
NAC (Network Access Control) : a method of bolstering the security of a proprietary network by restricting the availability of network resources to endpoint devices that comply with a defined security policy. NAC restricts the data that each particular user can access, as well as implementing anti-threat applications such as firewalls, antivirus software and spyware-detection programs.
DLP (Data Loss Prevention) : security products that focus on keeping sensitive enterprise data in.
PKI (Public Key Infrastructure) : enables users of a basically unsecure public network, such as the Internet, to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
The threat against laptops and mobile endpoints is real and you need to arm yourself against data loss! Don’t let a language barrier come between you and the team trying to present you peace of mind.
www.credant.com
<>
Strategic Security Seminar – Tower of London
Good food, good company and great seminar
by Michael Smith (Veshengro)
The Strategic Security Seminar was held Wednesday July 2, 2008, at the Tower of London and was organized by CM Logic in conjunction with IBM Partners and the venue chosen with reference to securing your assets.
What the presentations showed and what we recently have come to realize with regards to lost data on CDs and such is that too many companies, government departments, organizations, and many others, take far too a lackadaisical attitude to database and general computer information security and security of (critical) data.
We do not even want to talk about in this instance about the ordinary home and or even small business users of computers, including those that have sensitive data on their PCs and small networks.
Other important and sensitive computers that are so often also unsecured, as we have noticed recently with the loss of a number of laptops of members of the military and security forces.
During the seminar it was mentioned that a survey had found that:
10% of all websites that accept payment details do not encrypt them.
35% of all companies and institutions have no control over staff use of instant messaging.
67% of all companies and institutions do nothing to prevent confidential data leaving on USB sticks and similar devices.
78% of all companies and institutions that had computers stolen did admit that those computers did not have encrypted hard drives.
84% of all companies and institutions do not scan outgoing emails for confidential data.
I am sure now everyone is really feeling secure and that their data held by others is safe – hardly.
The Strategic Security Seminar was held in the “New Armouries” of the Tower of London and the venue and the food was brilliant.
The presentations of the speakers of the various companies were most informative and it might have been good if more CIOs and CEOs from more companies would have attended this seminar and would attend other such seminars.
There does, however, seems to be the attitude about that while it may happen to others it could never happen to them. False security and a false sense of security is no security at all.
I know we not only find this attitude as regards to computer and data security. In many cases people and organizations who should know better also treat perimeter and site security, as well as personal security, with this “it won't ever happen to us because we have this or that in place.” Right! And? Has it actually be tested as to whether it works. I mean tested as in “properly tested”, as in “penetration tested” and this applies equally to computers, computers systems and networks, as it does to perimeter and site security.
Military sentries can get into deep and hot water for waving an officer through even without checking his or her credentials. “But I know you, Sir!”, I was once told by a young PFC on guard who I challenged when I entered the base in civilian dress as to why he had not asked to see my ID, “I have seen you many times in uniform.” Wrong answer that was and the sentry was lucky that I was in a good mood.
This attitude, however, prevails everywhere, and also and especially in regards to access to sensitive data with people having far too many privileges than necessary to do their job. This even includes temporary staff in many cases. Why should a temp have the permission to access data, of whatever kind, and transfer same to, say, a USB stick or similar.
How do you know where your data goes from there?
© M Smith (Veshengro), July 2008
Seed Newsvine