Why Current Security Solutions Fail To Prevent Data Theft

Discussion in 'Computer Security' started by WB Randolph, Nov 19, 2006.

  1. WB Randolph

    WB Randolph Guest

    I saw a story at net-security.org describing why current security
    solutions might be unable to prevent data theft. It describes why
    application password protection, disk encryption, file encryption, etc.
    fail to prevent data theft so I submitted it here:

    http://www.digg.com/security/Why_Current_Security_Solutions_Fail_To_Prevent_Data_Theft

    Googling about the story, I found this Flash video showing how password
    protected Palm Treo 700p smartphone contacts can be exposed on a PC
    running Palm Desktop, disk encryption, firewall, antivirus, etc.:

    http://www.innersafe.com/demos/palm_desktop_insecure/index.html

    It seems the situation is worse than the story (which doesn't even
    mention keylogging):

    1. disk encryption doesn't help while the disk is mounted (which can be
    hours while we're online & using the disk)

    2. file encryption requires decrypting to disk which can leave
    sensitive data on disk even after the file is re-encrypted again (seems
    NTFS and some thumb drives don't always overwrite files.)

    3. keylogging software can pretty much steal passwords or file content
    before it is encrypted which makes #1 and #2 worse

    4. firewalls are vulnerable to insiders with physical access to PC's
    and open ports people need to access the web or email.

    5. antivirus and antispyware don't detect 100% of malware, require
    signature updates, and doesn't address the fact a thief can use
    uninfected programs for data theft.

    6. password recovery tools can instantly extract passwords or reset
    passwords of many popular file formats like Microsoft Outlook 2003 .PST
    files.

    7. When using EFS (Encrypted File System), "a file's original
    unencrypted file data is left on the disk after a new encrypted version
    of the file is created." according to Microsoft at
    http://www.microsoft.com/technet/sysinternals/utilities/SDelete.mspx

    Besides the "don't run Microsoft Windows" or "don't store sensitive
    data on PC's" type of advice, what can be done to secure sensitive data
    on a PC?

    What do you use today to secure your data? I know keypass and
    truecrypt are free & popular, but is there anything better?

    Is computer security even possible without spending a fortune?
    WB Randolph, Nov 19, 2006
    #1
    1. Advertising

  2. WB Randolph

    Jim Watt Guest

    On 18 Nov 2006 17:30:21 -0800, "WB Randolph" <>
    wrote:

    >Is computer security even possible without spending a fortune?


    Shortly after the invention of the safe, the safecracker
    came into being. Its the same with computer security
    whatever measures are devised, someone will come up with
    a countermeasure.

    Security is about building a wall around assets, how high
    the wall is and what its topping and alarm system is
    depends on the nature of the asset protected and the
    threat analysis.

    Computer security uses physical protection as the first
    layer to address the threat, if someone can steal the
    system it deprives the user of it and allows access to
    the hardware. Thats why laptops are vunerable because
    they are not locked away in a secure room.

    The bottom line is that security aims to make it difficult
    for the unauthorised user, whilst not making it impossible
    for the genuine user.

    How much you need to spend depends on what you need to
    protect. You do not need a steel box encased in rock
    for your holiday pictures, unless you lead a particularly
    interesting life.

    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Nov 19, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul J. The Grump

    Solutions for backing up data?

    Paul J. The Grump, Jun 9, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    405
  2. peter

    Why no anti theft feature?

    peter, Apr 25, 2008, in forum: Digital Photography
    Replies:
    25
    Views:
    750
    John Turco
    May 4, 2008
  3. Replies:
    4
    Views:
    1,289
  4. Replies:
    4
    Views:
    648
  5. Lawrence D'Oliveiro

    Theft Is Theft?

    Lawrence D'Oliveiro, Nov 7, 2009, in forum: NZ Computing
    Replies:
    7
    Views:
    504
    Mary Hanna
    Nov 8, 2009
Loading...

Share This Page