Keeping Laptops Secure:Keeping Laptops Secure:SolutionsSolutions

Mike DelahuntyMike DelahuntyBryan LutzBryan Lutz

Kimberly PengKimberly PengKevin KazmierskiKevin Kazmierski

John ThykattilJohn Thykattil

Defense Team:Defense Team:

AgendaReal world analysis of laptop security

Four cornerstones of secure computing as they relate to laptop security Confidentiality Authenticity Integrity Availability

How can we apply these cornerstones to ensure laptop security?

Real World – Balancing Cost and Risk

The greater the security risk, the greater the cost to mitigate Software and administrative costs

Some laptops need more security than others Bank employee’s laptop must be very secure

Financial data could be compromised Government employee’s laptop must be very

securePublic records could be compromised

College student’s laptop might not need as much MP3s and videos could be lost

Real World – Business/Legal Consequences

A survey of almost 500 IT professionals in 2006 revealed that 81 percent of firms lost machines containing sensitive data last year.1

Loss of laptop containing personal data belonging to the public can lead to: Financial loss to those affected, and the company Stolen identities of those affected Lawsuits from those affected Loss of customers Lowered public perception of company

Real World - Feasibility AnalysisCompanies must dedicate appropriate resources to maintain a sufficient level of security for laptops, based on their accepted level of risk Ranges from $10’s to $100’s per laptop IT personnel to administer laptops and keep them

secure Employee training on security

Having the appropriate level of laptop security should always be feasible, or the company is not doing their due diligence.

Solutions to Ensure Laptop Data: Confidentiality

Laptop Data EncryptionLaptop Data Encryption

Two Types of EncryptionTwo Types of Encryption FileFile Full Disk (Preferred)Full Disk (Preferred)

Most Encryption Products are FIPS CertifiedMost Encryption Products are FIPS Certified US Federal Information Processing Standards (FIPS) US Federal Information Processing Standards (FIPS)

certification from the National Institute of Standards and certification from the National Institute of Standards and Technology (NIST), which verified the encryption Technology (NIST), which verified the encryption algorithms in the products as conforming to the algorithms in the products as conforming to the Advanced Encryption Standard (AES) algorithmAdvanced Encryption Standard (AES) algorithm

Case Study: BitLockerMicrosoft Product with Windows VistaMicrosoft Product with Windows Vista Targets the Lost LaptopTargets the Lost Laptop Encrypts operating system volume on a sector by Encrypts operating system volume on a sector by

sector basissector basis

Two Layer ApproachTwo Layer Approach Cipher Layer: Well-Established Cipher, AES in CBC Cipher Layer: Well-Established Cipher, AES in CBC

modemode Diffuser Layer: Unproven algorithm; premise is to Diffuser Layer: Unproven algorithm; premise is to

make manipulation for authentication attacks hardermake manipulation for authentication attacks harder

Case Study: BitLocker Cont.Premise/Design ApproachPremise/Design Approach Software Based Attacks Most PrevalentSoftware Based Attacks Most Prevalent

BitLocker does not require user to enter special BitLocker does not require user to enter special boot password or use boot SmartCard or USB boot password or use boot SmartCard or USB devicedevice

Hardware Attacks Rare but Supported with TPM Hardware Attacks Rare but Supported with TPM ChipChip

Seal/Unseal Function used to encrypt key which Seal/Unseal Function used to encrypt key which can only be decrypted by same TPM chip; other can only be decrypted by same TPM chip; other OS’es can be booted and fully functional, but OS’es can be booted and fully functional, but drive cannot be read.drive cannot be read.

Case Study: BitLockerSecure Boot ProcessSecure Boot Process If Attacker has access to If Attacker has access to

ciphertext, and modifies it to ciphertext, and modifies it to create weakness in the normal create weakness in the normal boot processboot process

Authenticate Data From DiskAuthenticate Data From Disk Poor Man’s Authentication: trust Poor Man’s Authentication: trust

that changes in ciphertext do not that changes in ciphertext do not translate to semantically sensible translate to semantically sensible changes in the plaintextchanges in the plaintext

512 to 8192 byte block cipher512 to 8192 byte block cipher If attacker changes any part of If attacker changes any part of

ciphertext, all plaintext in that ciphertext, all plaintext in that sector is changed randomlysector is changed randomly

Solutions to Ensure Laptop Data: Confidentiality

Physical SecurityPhysical Security Keep Devices in Safe Keep Devices in Safe

LocationsLocations Lock them upLock them up LCD Privacy ScreensLCD Privacy Screens Don’t Display Don’t Display

Confidential Confidential Documents in Public Documents in Public AreasAreas

Lock Down Ports: Lock Down Ports: USB, IEEE 1394, etc.USB, IEEE 1394, etc.

Exploitation of Exploitation of Legitimate Forensics Legitimate Forensics ToolsTools

Use TPM Chip to thwart Use TPM Chip to thwart hardware attackshardware attacks

Authenticity Solutions

Make it difficult to guess passwords and account names Disable well known accounts such as “guest”

and “administrator” Disallow passwords that contain login names,

dictionary words, or simple variants of previous passwords

Require long passwords with a mix of characters, numbers, and symbols

Use systems that employ SHA-512 or MD5

Authenticity Solutions Cont.

Disable access to I/O ports Popular vendors of security products offer

software that blocks the use of removable storage devices and media. This can prevent theft of data through USB devices or booting alternate operating systems on CD.

Authenticity Solutions

Prevent users from connecting to rogue access points

Host-based: Require the use of secure tunnels whenever using any connection outside of the company. VPN clients can be launched at startup, however this can lead to connectivity problems.

Network-based: Employ software that detects and shuts down rogue access points installed within the company’s network. An example would be RogueScanner, which is an open source tool for detecting rogue devices.

Integrity SolutionsDo not give laptop users “administrative” rights

Prohibits the installation of unapproved software Most malware / spyware exploits administrative privileges

to install without user knowledge Provides greater stability - extraneous software

not running in the backgroundLaptops run more efficiently and quickly

Less need for maintenance

Only allow network administrators to install approved software

Have a standardized, approved laptop image

Integrity Solutions Cont.Do not allow laptops on the network with expired Virus definitions Use a product such as Cisco Clean Access to

place the laptop on a quarantined subnet upon first connection, download current virus definitions, and grant access once the laptop is in compliance

Do not allow laptops to use unsecured wireless networks Enforce minimum requirements for wireless

access using group policy or similarDo not allow open access SSIDs or WEP

Retaining Availability

Availability - The ability to use theAvailability - The ability to use theinformation or resource desiredinformation or resource desired

A loss of availability is a loss of dataA loss of availability is a loss of dataLogical PreventionLogical Prevention Data redundancyData redundancy - Ex: Oracle's “Data Guard”- Ex: Oracle's “Data Guard” Virtualization softwareVirtualization software Regular backups toRegular backups to

corporate networkcorporate network

Physical PreventionPhysical Prevention ““Toughbook” laptopsToughbook” laptops Oracle's “Data Guard”Oracle's “Data Guard”

Retaining Availability Cont.Cost (per 100 users)Cost (per 100 users)

Data RedundancyData Redundancy Oracle's “Data Guard” - $6k (enterprise license)Oracle's “Data Guard” - $6k (enterprise license)

VirtualizationVirtualization VMWare's “bundle pack” - $15k for 100 Virt. MachinesVMWare's “bundle pack” - $15k for 100 Virt. Machines

ToughbooksToughbooks 3x over standard laptops3x over standard laptops At 50% enterprise discount: $100k for 100 usersAt 50% enterprise discount: $100k for 100 users

Simple data redundancy through server backups Simple data redundancy through server backups is most cost effective. However, high availability is most cost effective. However, high availability has its drawbacks.....has its drawbacks.....

Retaining Availability Cont.RisksRisks

High Availability comes at a priceHigh Availability comes at a price Performance – synchronization for backups, Performance – synchronization for backups, loading virtual machines, n/w latencyloading virtual machines, n/w latency Deployment – costs, training, personelDeployment – costs, training, personel

FeasibilityFeasibility• 99% uptime = 8,649 hrs/yr99% uptime = 8,649 hrs/yr or 87 hrs downtime / yror 87 hrs downtime / yr• If 95% uptime is good enough, If 95% uptime is good enough, Gartner suggests doing nothing.Gartner suggests doing nothing.

Source: Gartner Research

Laptop Security Solutions - Conclusion

There is no “silver bullet” product that covers all areas of laptop security

Use a combination of products to achieve your optimal level of security

Keep the balance between usability and security Employees must be able to work effectively while

remaining secure

Questions?Questions?