Cold boot attacks on disk encryption

In the “featured videos” section of my blog, you’ll notice a new video discussing cold boot attacks. The premise behind cold boot attacks is that they can be used to extract data from systems even if the system uses disk encryption. Specifically, when an attacker has physical access to a system, they can take advantage of the fact that a screen locked or “sleeping” system holds crypto keys in RAM after it’s powered-off. After pulling the plug, an attacker can use the short window that the data stays in RAM, or simply cool the RAM with a can of air for more time.

Check out the video–it’s pretty insightful!

//Update//

I’ve provided the video below…

8 Steps to disaster recovery planning

It’s been some time since I’ve delved in disaster recovery planning, so I thought I’d create this post as a short refresher on the planning process.  Every organization, whether small or large, should have a disaster recovery plan. Depending on the size, it may take some organizations several months to fully document an effective plan. In such cases, it’s important to understand the 8 steps to disaster recovery planning.

• Step 1 in disaster recovery planning: organize the disaster recovery planning team. The team should consist of a primary representative and an alternate from each participating department. Organizing the disaster recovery team begins by creating a group consisting of members that represent all functions of the organization. The team must also include a high-level manager, or CEO, to endorse the plan and eliminate obstacles. The team should attend training by a reputable source in disaster recovery. Once arranged, the team will start an awareness campaign and create a schedule of their anticipated activities.

• Step 2 in disaster recovery planning: assess the risk in the Enterprise. The goal in this step is to assess the potential economic loss that could occur as a result of the determined risks. The team will use a business impact analysis to assess risk. In the analysis, all business processes should be identified and analyzed. As with any assessment, business processes should be ranked as critical, essential, necessary, and desirable. Legal and contractual requirements should also be assessed for consequences of business disruption.

• Step 3 in disaster recovery planning: establish roles across department organizations. The disaster recovery planning team determines the role each department and external party must play in disaster recovery. This ensures that all resources and expertise are properly utilized. The team must contact local departments and authorities, emergency services, law enforcement, public utilities, etc. to determine their roles.

• Step 4 in disaster recovery planning: develop policies and procedures. Procedures are the step-by-step methods, while policies are the guidelines. Both are very important in recovering from a disaster. This step requires attention to detail. Procedures must be in place for every step in disaster recovery and response. Each function must be spelled out in black and white to ensure continuity.

• Step 5 in disaster recovery planning: document disaster recovery procedures. Policy and procedures must be documented and sent through the proper channels for approval before being stored for future implementation. Each policy and procedure must be drafted, reviewed, and approved by management and all departments and organizations responsible for implementation. The plan must be available at all times during the testing phase, and especially during disaster response.

• Step 6 in disaster recovery planning: prepare to handle disasters. An “information campaign” is the word that works here. Get the information out, make everyone aware, and ensure they all know the plan. All parties must be aware of the plan from executives to general staff.

• Step 7 in disaster recovery planning: train, test, and rehearse. Practice makes perfect! During this step, the organization conducts a live simulation including all departments and supporting organizations–as if a real disaster is taking place. Observers are in place to monitor and evaluate the procedures being implemented. Weaknesses are determined so updates and modifications can be made.

• Step 8 in disaster recovery planning: ongoing management. Maintenance is the key here. Continual assessment of threats, changes in structure, and impact of new technology and recovery procedures. This step requires continual monitoring of laws, political climate, and social conditions. Any changes are documented, and updated training is given.

The threat of short-lived malware

New article:

Recently, security software vendor AVG Technologies asserted that Web-based malware attacks are now so prevalent that attackers craft them to be “secretive, short-lived and fast-moving. It’s an acceptable premise, but why the sudden shift? Is it because more active and open attacks aren’t as successful or noteworthy? Well, not quite. Let’s explore why attackers do this, how they do it, and how enterprises can defend against short-lived Web malware.

Read the rest of my article here

IE 8, will you try?

Microsoft has recently released Internet Explorer 8, boasting that it’s faster, easier, and safer.  Some of their latest features include:

• Quick links to Live Maps
• InPrivate Browsing
• Web slices
• SmartScreen Filter
• History Searching
• History Sorting
• etc….

You can download it here. As with any new software, expect a patch or two in the near future.

Marine One leak via P2P software

In my last post about the dangers of P2P software, I discussed how P2P software may prove useful for collaboration, but there are also many risks. In the news recently, reports disclosed that the blueprints of Marine One (the President’s helicopter) was found on a P2P network. According to the CEO of the firm who found the file, “We found a file containing entire blueprints and avionics package for Marine One, which is the president’s helicopter.”

Speculation is being made as to who was responsible for the leak. It is thought to possibly be a defense contractor who may have had the program installed on their computer. According to retired General Clark, “We know exactly what computer it came from. I’m sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.” Supposedly, the file was accessed in Iran, China, Pakistan, and a few other places.

People don’t realize the dangers involved when installing this type of software on their computers. My question is how was this software allowed to be installed on a system that held such sensitive data?

« Previous Page — Next Page »