Keeping Laptops Secure: Solutions Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John...
-
Upload
river-saler -
Category
Documents
-
view
216 -
download
3
Transcript of Keeping Laptops Secure: Solutions Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John...
Keeping Laptops Secure:Keeping Laptops Secure:SolutionsSolutions
Mike DelahuntyMike DelahuntyBryan LutzBryan Lutz
Kimberly PengKimberly PengKevin KazmierskiKevin Kazmierski
John ThykattilJohn Thykattil
Defense Team:Defense Team:
AgendaReal world analysis of laptop security
Four cornerstones of secure computing as they relate to laptop security Confidentiality Authenticity Integrity Availability
How can we apply these cornerstones to ensure laptop security?
Real World – Balancing Cost and Risk
The greater the security risk, the greater the cost to mitigate Software and administrative costs
Some laptops need more security than others Bank employee’s laptop must be very secure
Financial data could be compromised Government employee’s laptop must be very
securePublic records could be compromised
College student’s laptop might not need as much MP3s and videos could be lost
Real World – Business/Legal Consequences
A survey of almost 500 IT professionals in 2006 revealed that 81 percent of firms lost machines containing sensitive data last year.1
Loss of laptop containing personal data belonging to the public can lead to: Financial loss to those affected, and the company Stolen identities of those affected Lawsuits from those affected Loss of customers Lowered public perception of company
Real World - Feasibility AnalysisCompanies must dedicate appropriate resources to maintain a sufficient level of security for laptops, based on their accepted level of risk Ranges from $10’s to $100’s per laptop IT personnel to administer laptops and keep them
secure Employee training on security
Having the appropriate level of laptop security should always be feasible, or the company is not doing their due diligence.
Solutions to Ensure Laptop Data: Confidentiality
Laptop Data EncryptionLaptop Data Encryption
Two Types of EncryptionTwo Types of Encryption FileFile Full Disk (Preferred)Full Disk (Preferred)
Most Encryption Products are FIPS CertifiedMost Encryption Products are FIPS Certified US Federal Information Processing Standards (FIPS) US Federal Information Processing Standards (FIPS)
certification from the National Institute of Standards and certification from the National Institute of Standards and Technology (NIST), which verified the encryption Technology (NIST), which verified the encryption algorithms in the products as conforming to the algorithms in the products as conforming to the Advanced Encryption Standard (AES) algorithmAdvanced Encryption Standard (AES) algorithm
Case Study: BitLockerMicrosoft Product with Windows VistaMicrosoft Product with Windows Vista Targets the Lost LaptopTargets the Lost Laptop Encrypts operating system volume on a sector by Encrypts operating system volume on a sector by
sector basissector basis
Two Layer ApproachTwo Layer Approach Cipher Layer: Well-Established Cipher, AES in CBC Cipher Layer: Well-Established Cipher, AES in CBC
modemode Diffuser Layer: Unproven algorithm; premise is to Diffuser Layer: Unproven algorithm; premise is to
make manipulation for authentication attacks hardermake manipulation for authentication attacks harder
Case Study: BitLocker Cont.Premise/Design ApproachPremise/Design Approach Software Based Attacks Most PrevalentSoftware Based Attacks Most Prevalent
BitLocker does not require user to enter special BitLocker does not require user to enter special boot password or use boot SmartCard or USB boot password or use boot SmartCard or USB devicedevice
Hardware Attacks Rare but Supported with TPM Hardware Attacks Rare but Supported with TPM ChipChip
Seal/Unseal Function used to encrypt key which Seal/Unseal Function used to encrypt key which can only be decrypted by same TPM chip; other can only be decrypted by same TPM chip; other OS’es can be booted and fully functional, but OS’es can be booted and fully functional, but drive cannot be read.drive cannot be read.
Case Study: BitLockerSecure Boot ProcessSecure Boot Process If Attacker has access to If Attacker has access to
ciphertext, and modifies it to ciphertext, and modifies it to create weakness in the normal create weakness in the normal boot processboot process
Authenticate Data From DiskAuthenticate Data From Disk Poor Man’s Authentication: trust Poor Man’s Authentication: trust
that changes in ciphertext do not that changes in ciphertext do not translate to semantically sensible translate to semantically sensible changes in the plaintextchanges in the plaintext
512 to 8192 byte block cipher512 to 8192 byte block cipher If attacker changes any part of If attacker changes any part of
ciphertext, all plaintext in that ciphertext, all plaintext in that sector is changed randomlysector is changed randomly
Solutions to Ensure Laptop Data: Confidentiality
Physical SecurityPhysical Security Keep Devices in Safe Keep Devices in Safe
LocationsLocations Lock them upLock them up LCD Privacy ScreensLCD Privacy Screens Don’t Display Don’t Display
Confidential Confidential Documents in Public Documents in Public AreasAreas
Lock Down Ports: Lock Down Ports: USB, IEEE 1394, etc.USB, IEEE 1394, etc.
Exploitation of Exploitation of Legitimate Forensics Legitimate Forensics ToolsTools
Use TPM Chip to thwart Use TPM Chip to thwart hardware attackshardware attacks
Authenticity Solutions
Make it difficult to guess passwords and account names Disable well known accounts such as “guest”
and “administrator” Disallow passwords that contain login names,
dictionary words, or simple variants of previous passwords
Require long passwords with a mix of characters, numbers, and symbols
Use systems that employ SHA-512 or MD5
Authenticity Solutions Cont.
Disable access to I/O ports Popular vendors of security products offer
software that blocks the use of removable storage devices and media. This can prevent theft of data through USB devices or booting alternate operating systems on CD.
Authenticity Solutions
Prevent users from connecting to rogue access points
Host-based: Require the use of secure tunnels whenever using any connection outside of the company. VPN clients can be launched at startup, however this can lead to connectivity problems.
Network-based: Employ software that detects and shuts down rogue access points installed within the company’s network. An example would be RogueScanner, which is an open source tool for detecting rogue devices.
Integrity SolutionsDo not give laptop users “administrative” rights
Prohibits the installation of unapproved software Most malware / spyware exploits administrative privileges
to install without user knowledge Provides greater stability - extraneous software
not running in the backgroundLaptops run more efficiently and quickly
Less need for maintenance
Only allow network administrators to install approved software
Have a standardized, approved laptop image
Integrity Solutions Cont.Do not allow laptops on the network with expired Virus definitions Use a product such as Cisco Clean Access to
place the laptop on a quarantined subnet upon first connection, download current virus definitions, and grant access once the laptop is in compliance
Do not allow laptops to use unsecured wireless networks Enforce minimum requirements for wireless
access using group policy or similarDo not allow open access SSIDs or WEP
Retaining Availability
Availability - The ability to use theAvailability - The ability to use theinformation or resource desiredinformation or resource desired
A loss of availability is a loss of dataA loss of availability is a loss of dataLogical PreventionLogical Prevention Data redundancyData redundancy - Ex: Oracle's “Data Guard”- Ex: Oracle's “Data Guard” Virtualization softwareVirtualization software Regular backups toRegular backups to
corporate networkcorporate network
Physical PreventionPhysical Prevention ““Toughbook” laptopsToughbook” laptops Oracle's “Data Guard”Oracle's “Data Guard”
Retaining Availability Cont.Cost (per 100 users)Cost (per 100 users)
Data RedundancyData Redundancy Oracle's “Data Guard” - $6k (enterprise license)Oracle's “Data Guard” - $6k (enterprise license)
VirtualizationVirtualization VMWare's “bundle pack” - $15k for 100 Virt. MachinesVMWare's “bundle pack” - $15k for 100 Virt. Machines
ToughbooksToughbooks 3x over standard laptops3x over standard laptops At 50% enterprise discount: $100k for 100 usersAt 50% enterprise discount: $100k for 100 users
Simple data redundancy through server backups Simple data redundancy through server backups is most cost effective. However, high availability is most cost effective. However, high availability has its drawbacks.....has its drawbacks.....
Retaining Availability Cont.RisksRisks
High Availability comes at a priceHigh Availability comes at a price Performance – synchronization for backups, Performance – synchronization for backups, loading virtual machines, n/w latencyloading virtual machines, n/w latency Deployment – costs, training, personelDeployment – costs, training, personel
FeasibilityFeasibility• 99% uptime = 8,649 hrs/yr99% uptime = 8,649 hrs/yr or 87 hrs downtime / yror 87 hrs downtime / yr• If 95% uptime is good enough, If 95% uptime is good enough, Gartner suggests doing nothing.Gartner suggests doing nothing.
Source: Gartner Research
Laptop Security Solutions - Conclusion
There is no “silver bullet” product that covers all areas of laptop security
Use a combination of products to achieve your optimal level of security
Keep the balance between usability and security Employees must be able to work effectively while
remaining secure
Questions?Questions?