Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Why Current Security Solutions Fail To Prevent Data Theft

Reply
Thread Tools

Why Current Security Solutions Fail To Prevent Data Theft

 
 
WB Randolph
Guest
Posts: n/a
 
      11-19-2006
I saw a story at net-security.org describing why current security
solutions might be unable to prevent data theft. It describes why
application password protection, disk encryption, file encryption, etc.
fail to prevent data theft so I submitted it here:

http://www.digg.com/security/Why_Cur...ent_Data_Theft

Googling about the story, I found this Flash video showing how password
protected Palm Treo 700p smartphone contacts can be exposed on a PC
running Palm Desktop, disk encryption, firewall, antivirus, etc.:

http://www.innersafe.com/demos/palm_...ure/index.html

It seems the situation is worse than the story (which doesn't even
mention keylogging):

1. disk encryption doesn't help while the disk is mounted (which can be
hours while we're online & using the disk)

2. file encryption requires decrypting to disk which can leave
sensitive data on disk even after the file is re-encrypted again (seems
NTFS and some thumb drives don't always overwrite files.)

3. keylogging software can pretty much steal passwords or file content
before it is encrypted which makes #1 and #2 worse

4. firewalls are vulnerable to insiders with physical access to PC's
and open ports people need to access the web or email.

5. antivirus and antispyware don't detect 100% of malware, require
signature updates, and doesn't address the fact a thief can use
uninfected programs for data theft.

6. password recovery tools can instantly extract passwords or reset
passwords of many popular file formats like Microsoft Outlook 2003 .PST
files.

7. When using EFS (Encrypted File System), "a file's original
unencrypted file data is left on the disk after a new encrypted version
of the file is created." according to Microsoft at
http://www.microsoft.com/technet/sys...s/SDelete.mspx

Besides the "don't run Microsoft Windows" or "don't store sensitive
data on PC's" type of advice, what can be done to secure sensitive data
on a PC?

What do you use today to secure your data? I know keypass and
truecrypt are free & popular, but is there anything better?

Is computer security even possible without spending a fortune?

 
Reply With Quote
 
 
 
 
Jim Watt
Guest
Posts: n/a
 
      11-19-2006
On 18 Nov 2006 17:30:21 -0800, "WB Randolph" <(E-Mail Removed)>
wrote:

>Is computer security even possible without spending a fortune?


Shortly after the invention of the safe, the safecracker
came into being. Its the same with computer security
whatever measures are devised, someone will come up with
a countermeasure.

Security is about building a wall around assets, how high
the wall is and what its topping and alarm system is
depends on the nature of the asset protected and the
threat analysis.

Computer security uses physical protection as the first
layer to address the threat, if someone can steal the
system it deprives the user of it and allows access to
the hardware. Thats why laptops are vunerable because
they are not locked away in a secure room.

The bottom line is that security aims to make it difficult
for the unauthorised user, whilst not making it impossible
for the genuine user.

How much you need to spend depends on what you need to
protect. You do not need a steel box encased in rock
for your holiday pictures, unless you lead a particularly
interesting life.

--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Theft Is Theft? Lawrence D'Oliveiro NZ Computing 7 11-08-2009 09:50 AM
Is there a way to tie down a file to a computer? Prevent data theft? RakperBanengen@yahoo.com Computer Security 4 06-03-2009 04:50 PM
findcontrol("PlaceHolderPrice") why why why why why why why why why why why Mr. SweatyFinger ASP .Net 2 12-02-2006 03:46 PM
ne1 have a script to prevent opposite mouse, preventing image theft? with message? CB HTML 9 12-04-2004 11:05 AM
Asp.Net.Vulnerability: Full Trust (current security problems and possible solutions) Dinis Cruz ASP .Net Security 2 10-20-2003 03:09 AM



Advertisments