2 Agenda Real world analysis of laptop security Four cornerstones of secure computing as they relate to laptop securityConfidentialityAuthenticityIntegrityAvailabilityHow can we apply these cornerstones to ensure laptop security?
3 Real World – Balancing Cost and Risk The greater the security risk, the greater the cost to mitigateSoftware and administrative costsSome laptops need more security than othersBank employee’s laptop must be very secureFinancial data could be compromisedGovernment employee’s laptop must be very securePublic records could be compromisedCollege student’s laptop might not need as muchMP3s and videos could be lost
4 Real World – Business/Legal Consequences A survey of almost 500 IT professionals in 2006 revealed that 81 percent of firms lost machines containing sensitive data last year.1Loss of laptop containing personal data belonging to the public can lead to:Financial loss to those affected, and the companyStolen identities of those affectedLawsuits from those affectedLoss of customersLowered public perception of company
5 Real World - Feasibility Analysis Companies must dedicate appropriate resources to maintain a sufficient level of security for laptops, based on their accepted level of riskRanges from $10’s to $100’s per laptopIT personnel to administer laptops and keep them secureEmployee training on securityHaving the appropriate level of laptop security should always be feasible, or the company is not doing their due diligence.
6 Solutions to Ensure Laptop Data: Confidentiality Laptop Data EncryptionTwo Types of EncryptionFileFull Disk (Preferred)Most Encryption Products are FIPS CertifiedUS Federal Information Processing Standards (FIPS) certification from the National Institute of Standards and Technology (NIST), which verified the encryption algorithms in the products as conforming to the Advanced Encryption Standard (AES) algorithm
7 Case Study: BitLocker Microsoft Product with Windows Vista Targets the Lost LaptopEncrypts operating system volume on a sector by sector basisTwo Layer ApproachCipher Layer: Well-Established Cipher, AES in CBC modeDiffuser Layer: Unproven algorithm; premise is to make manipulation for authentication attacks harder
8 Case Study: BitLocker Cont. Premise/Design ApproachSoftware Based Attacks Most PrevalentBitLocker does not require user to enter special boot password or use boot SmartCard or USB deviceHardware Attacks Rare but Supported with TPM ChipSeal/Unseal Function used to encrypt key which can only be decrypted by same TPM chip; other OS’es can be booted and fully functional, but drive cannot be read.
9 Case Study: BitLocker Secure Boot Process If Attacker has access to ciphertext, and modifies it to create weakness in the normal boot processAuthenticate Data From DiskPoor Man’s Authentication: trust that changes in ciphertext do not translate to semantically sensible changes in the plaintext512 to 8192 byte block cipherIf attacker changes any part of ciphertext, all plaintext in that sector is changed randomly
10 Solutions to Ensure Laptop Data: Confidentiality Physical SecurityKeep Devices in Safe LocationsLock them upLCD Privacy ScreensDon’t Display Confidential Documents in Public AreasLock Down Ports: USB, IEEE 1394, etc.Exploitation of Legitimate Forensics ToolsUse TPM Chip to thwart hardware attacks
11 Authenticity Solutions Make it difficult to guess passwords and account namesDisable well known accounts such as “guest” and “administrator”Disallow passwords that contain login names, dictionary words, or simple variants of previous passwordsRequire long passwords with a mix of characters, numbers, and symbolsUse systems that employ SHA-512 or MD5
12 Authenticity Solutions Cont. Disable access to I/O portsPopular vendors of security products offer software that blocks the use of removable storage devices and media. This can prevent theft of data through USB devices or booting alternate operating systems on CD.
13 Authenticity Solutions Prevent users from connecting to rogue access pointsHost-based: Require the use of secure tunnels whenever using any connection outside of the company. VPN clients can be launched at startup, however this can lead to connectivity problems.Network-based: Employ software that detects and shuts down rogue access points installed within the company’s network. An example would be RogueScanner, which is an open source tool for detecting rogue devices.
14 Integrity SolutionsDo not give laptop users “administrative” rightsProhibits the installation of unapproved softwareMost malware / spyware exploits administrative privileges to install without user knowledgeProvides greater stability - extraneous softwarenot running in the backgroundLaptops run more efficiently and quicklyLess need for maintenanceOnly allow network administrators to install approved softwareHave a standardized, approved laptop image
15 Integrity Solutions Cont. Do not allow laptops on the network with expired Virus definitionsUse a product such as Cisco Clean Access to place the laptop on a quarantined subnet upon first connection, download current virus definitions, and grant access once the laptop is in complianceDo not allow laptops to use unsecured wireless networksEnforce minimum requirements for wireless access using group policy or similarDo not allow open access SSIDs or WEP
16 Retaining Availability Availability - The ability to use theinformation or resource desiredA loss of availability is a loss of dataLogical PreventionData redundancy- Ex: Oracle's “Data Guard”Virtualization softwareRegular backups tocorporate networkPhysical Prevention“Toughbook” laptopsOracle's “Data Guard”
17 Retaining Availability Cont. Cost (per 100 users)Data RedundancyOracle's “Data Guard” - $6k (enterprise license)VirtualizationVMWare's “bundle pack” - $15k for 100 Virt. MachinesToughbooks3x over standard laptopsAt 50% enterprise discount: $100k for 100 usersSimple data redundancy through server backups is most cost effective. However, high availability has its drawbacks.....
18 Retaining Availability Cont. RisksHigh Availability comes at a pricePerformance – synchronization for backups,loading virtual machines, n/w latencyDeployment – costs, training, personelFeasibility99% uptime = 8,649 hrs/yror 87 hrs downtime / yrIf 95% uptime is good enough,Gartner suggests doing nothing.Source: Gartner Research
19 Laptop Security Solutions - Conclusion There is no “silver bullet” product that covers all areas of laptop securityUse a combination of products to achieve your optimal level of securityKeep the balance between usability and securityEmployees must be able to work effectively while remaining secure