Posts tagged ‘FDE’

Next Entries »

Firewire Attack Against Pointsec

March 12, 2008, 8:10 pm

After reading about a firewire memory attack against windows (also effects other operating systems). I figured it wouldn’t take long before someone demonstrated the use of that against full disk encryption. After all, why bother booting to USB, or freezing the RAM if you can just hook up a firewire connection and access the memory.
Today, I saw a Dark Reading article where a group/vendor has penetrated a Pointsec encrypted computer through the use of the firewire technique.

This simple attack takes advantage of the FireWire protocol and its ability to directly access and modify the RAM of a target machine with a FireWire port installed. Using a simple and readily available forensics software tool, it is possible to connect a FireWire cable to a computer, and within seconds bypass the Windows authentication and log in as a local administrator.

It is important to note that pre-boot authentication was not enabled on this computer. If it had been the attack would not have succeeded. I can’t imagine deploying FDE without pre-boot authentication. This article could have described an attack against any FDE vendor not using pre-boot authentication.
I’ve disabled the firewire port on my laptop. I haven’t looked at what it would take to disable the firewire port in an enterprise. Perhaps its time for more spelunking in devcon. Or may google will have an easy answer. I wonder how many “port control” products include firewire.

Tags: , ,
Category: FDE  |  1 Comment

McAfee buys Safeboot

October 9, 2007, 10:59 pm

This is interesting, McAfee has purchased Safeboot for $350 million.
Safeboot seems to be the name I hear most when talking to people at other companies about what FDE products they use. I wonder if ePO will be extended to manage this software in the next few years. That would be pretty cool. I found Safeboot to be rather buggy in my eval. But it seems similar problems occur in any FDE product.
That McAfee would make this purchase shows that they think this will continue to be a big market. One wonders what other companies may be on the market.

Tags: ,
Category: General  |  Comment

Why isn’t full disk encryption from manufactures a slam dunk?

October 3, 2007, 10:45 pm

I saw a post today on the Security Basics mailing list asking “Why isn’t full disk encryption from manufactures a slam dunk?”
I think the answer is that it is still rather new. The problem is its new so some people are waiting to see if its defeated by attackers. Others made recent investments in softwarae FDE. Dell just made the Seagate available in the Latitude line at the end of July. Give it some time. I expect within three years hardware FDE will be the norm.
I received a Dell Lat 830 with a Seagate Momentus 5400.2 FDE drive on Tuesday. I need to remove the software encryption the help desk loaded on their, but I should have some comments later this week.

Tags:
Category: General  |  Comment

Are all FDE Software companies unresponsive?

May 15, 2007, 9:34 am

You’d think it would be easier to spend a lot of money. I’m trying to evaluate Full Disk Encryption software, and the sales people I’m dealing with are frustratingly unresponsive.
I’ve heard from other companies that often they find that FDE companies just aren’t interested. Apparently so many companies are under a encryption mandate that they only want to spend resources on a guaranteed sale.
The most annoying example is the product I’m currently evaluating. Safeboot has not provided me with a pre-sales support direct contact. They also forbid contacting tech support. Instead I must contact the sales guy. The sales guy instead of getting me in touch with a engineer wants to set up a meeting “sometime this week or next.”
I was very upfront in my need to do this eval quickly. I learned what I wanted about Pointsec in two or three days. I can’t even get a response from Safeboot in that time period.

Tags:
Category: General  |  7 Comments
Next Entries »