Re: external drive help

From: andy smart (anonymus_at_discussions.microsoft.com)
Date: 10/13/04 

Date: Wed, 13 Oct 2004 10:03:41 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike wrote:
| Well I thank you all for your responses, but I must say I am very
| surprised to find out that this is potentially the biggest security
| problem around with all the thumb drives and external drives available
| there is certainly a market for this. As an IT pro for my company it is
| very significant to find out that transported files are so vulnerable!!
|
|
| "Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca> wrote in message
| news:ckfjtu$9t5$1@canopus.cc.umanitoba.ca:
|
|>In article <hFHad.1356$gy1.202@newsread1.news.pas.earthlink.net>,
|>Lawrence A Rodis <lrodis@strategicresource.com> top-posted:
|>
|>:"Mike" <kapaqs@yahoo.com> wrote in message
|>:news:vgHad.12709$ir7.3923@newssvr15.news.prodigy.com...
|>:> Then what is a good way to prevent theft or destruction on external
|>back
|>:> up hard dives and thumb drives. Are you saying there is none?
|>
|>:Theft yes, destruction no.
|>
|>Even theft you can't prevent unless you use one-time encryption keypads
|>as big as the data you want to secure. You can use encryption
|>algorithms such as 3DES or AES-256, but there is a decryption attack
|>that works against *every* encryption algorithm keyed by a key much
|>smaller than the data: brute force trial and error. You could be using
|>even AES-2048 but someone could steal your data and decrypt it.
|>*All* you can do with -any- algorithmic encryption, known or
|>not yet invented, is to delay the theives from getting at your
|>data. But they *will* be able to get at your data. Every possible
|>algorithmic encryption is breakable with current technology, so the
|>best you can do is postpone the inevitable by a mere couple of trillion
|>years here or there.
|>
|>The goal should not be to *prevent* theft of your data. The goal should
|>be
|>to make accessing your data expensive enough and time consuming enough
|>that the theives give up and look for easier targets or easier ways
|>of getting at the data. (e.g., methods such as kidnapping someone
|>important
|>to you and threatening to carve off pieces of them unless you hand
|>over the decryption keys are often quite effective.)
|>
|>There is no absolute security method, period. There is no -possible-
|>absolute security method either. The only questions are how difficult
|>you
|>make it to get at the data, how valuable the data is to someone else,
|>what resources are available to that other party, and how many scruples
|>they have about getting at the data. If your data absolutely MUST NOT
|>be stolen, then the first step you should take in securing the
|>data is to make out a will.
|>
|>
|>Most data doesn't need strong protection. In most situations, protecting
|>the data against decryption for about 20 years suffices. Any
|>patents involved will have expired by then, as will the statute of
|>limitations on -most- crimes. (But there is no time limit on some
|>crimes, so "enough protection to last the lifetime of anyone involved"
|>is probably good enough.)
|
|
Well, actually they are no more unsafe or insecure than any other
portable data system. If you photocopy a paper docuement then take it
off site there is no way to prevent it being copied. You could put all
your paper docuements into code of course, then the copy would be
worthless, but if somebody wanted to crack that code then they will
eventually. And of course there is no way to prevent that paper document
being destroyed accidently/on purpose. Just because the storage is
electronic doesn't make it invulnerable.

Actually you COULD reduce your risk by preventing users connecting
external drives easily - this would mean blocking the
USB/serial/parallel ports of course. Then you'd have to physically
secure the cases to prevent somebody putting in a second hard drive
internally......

What methods does your company use to prevent what you want to prevent
happening to it's paper documentation.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBbO9tqmlxlf41jHgRAhjOAKCIYwVz3wDIAkA8vtToc+7sqw+HYACfS7Sf
iOxYsnnjOIg8bRCcmsNXYdQ=
=kbrK
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Are computer forensics people as stupid as they seem?
    ... that overwrites an entire drive with statistically random data (and no ... where the data of each type resides, or your data is at risk. ... available on modern drives. ... consensus is that "stenographic" drive or volume encryption is mostly ...
    (alt.privacy)
  • Re: Are computer forensics people as stupid as they seem?
    ... I said it was undetectable that it was crypto. ... Sorry, but if people were going to jail for DBAN'd drives, you should ... expressed a genuine interest, instead of kicking me in the nuts. ... standard encryption accomplishes. ...
    (alt.privacy)
  • Re: About encryption, or whatever...
    ... Any encryption gurus out there got some pointers? ... LUKS (a higher level specification, but uses device mapper) ... individual flash drives, external USB drives, or entire GNU/Linux ... A recent news story showed the IRS lost 490 laptops with ...
    (comp.os.linux.misc)
  • Re: external drive help
    ... The problem with crypt software as well is the big guy encrypts his ... explaining why they shouldn't take this information on portable drives ... Yes it is encryption, but I heard it was the ... Diamond CS makes some crypto software, but the passphrase is ...
    (comp.security.misc)